From: spamvoll on
hi..

my postfix checks against openldap.
postfix first uses the ldap-aliases.cf to check if its a valid user
email, that works.
then i tried to use the same ldap-aliases.cf for smtpd_sender_login_maps

But that doesnt work.
I get a:
postfix/local[7683]: warning: dict_ldap_connect: Unable to bind to
server ldaps://ldap.example.com:636 as cn=postfix
server,ou=Server,dc=example,dc=com: -1 (Can't contact LDAP server)

[root(a)testmail postfix]# postmap -q myname(a)example.com
ldap:/etc/postfix/ldap-aliases.cf
myldapuid
[root(a)testmail postfix]# postmap -q myname(a)example.com
ldap:/etc/postfix/ldap-check_mail.cf
myldapuid
[root(a)testmail postfix]# postmap -q myname(a)example.com
ldap:/etc/postfix/ldap-relay_domains.cf
[root(a)testmail postfix]# postmap -q example.com
ldap:/etc/postfix/ldap-relay_domains.cf
example.com,ex-ample.com

any ideas ?

From: Wietse Venema on
spamvoll(a)googlemail.com:
> hi..
>
> my postfix checks against openldap.
> postfix first uses the ldap-aliases.cf to check if its a valid user
> email, that works.
> then i tried to use the same ldap-aliases.cf for smtpd_sender_login_maps
>
> But that doesnt work.
> I get a:
> postfix/local[7683]: warning: dict_ldap_connect: Unable to bind to
> server ldaps://ldap.example.com:636 as cn=postfix
> server,ou=Server,dc=example,dc=com: -1 (Can't contact LDAP server)
>
> [root(a)testmail postfix]# postmap -q myname(a)example.com

Don't run the test as root.

Wietse

From: Victor Duchovni on
On Tue, Feb 02, 2010 at 09:13:36AM -0500, Wietse Venema wrote:

> spamvoll(a)googlemail.com:
> > hi..
> >
> > my postfix checks against openldap.
> > postfix first uses the ldap-aliases.cf to check if its a valid user
> > email, that works.
> > then i tried to use the same ldap-aliases.cf for smtpd_sender_login_maps
> >
> > But that doesnt work.
> > I get a:
> > postfix/local[7683]: warning: dict_ldap_connect: Unable to bind to
> > server ldaps://ldap.example.com:636 as cn=postfix
> > server,ou=Server,dc=example,dc=com: -1 (Can't contact LDAP server)
> >
> > [root(a)testmail postfix]# postmap -q myname(a)example.com
>
> Don't run the test as root.

And, use "proxy:ldap:${config_directory}/ldap-aliases.cf", LDAP servers
typically don't like the connection concurrency that results from each
smtpd(8) and cleanup(8) using a separate connection. Don't do this,
however, with tables that are used by trivial-rewrite, specifically
at least:

relay_domains
mydestination
virtual_mailbox_domains
virtual_alias_domains
transport_maps
relocated_maps

--
Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.

From: spamvoll on
thx Wietse

trying it as user postfix i get (Can't contact LDAP server)

hmm strange

2010/2/2 Wietse Venema <wietse(a)porcupine.org>:
>> [root(a)testmail postfix]# postmap -q myname(a)example.com
>
> Don't run the test as root.

From: Wietse Venema on
spamvoll(a)googlemail.com:
> thx Wietse
>
> trying it as user postfix i get (Can't contact LDAP server)
>
> hmm strange

You have some incorrect file permission, or some "security" software
such as SeLinux or AppArmor is mis-configured.

Try:

# service selinux stop
# service apparmor stop

etc.

If that is not the problem, try:

$ strace -o tempfile postmap ...

and look for EACCES etc. errors in the strace output. etc.

Wietse