Prev: Postfix helo.regexp file for stopping same to/from address
Next: Stop spammers using outdated MX records.
From: Quanah Gibson-Mount on 23 Jun 2010 17:12
I'm trying to test a new .cf file that uses ldap with postmap, and I
noticed that it fails to actually honor the fields set in the file. I'm
going off of the documentation found at
<http://www.postfix.org/LDAP_README.html#example_group>.

[zimbra(a)freelancer conf]$ postmap -q all_users(a)zimbra.com
ldap:ldap-groups.cf
postmap: warning: dict_ldap_connect: Unable to bind to server
ldap://localhost:389 as : -1 (Can't contact LDAP server)

I'm not sure why it is trying to contact localhost. I very specifically
set the server host in the .cf file:

[zimbra(a)freelancer conf]$ more ldap-groups.cf
server_host = ldap://freelancer.lab.zimbra.com:389
server_port = 389
search_base =
query_filter = mail=%s
result_attribute = zimbraMailDeliveryAddress
special_result_attribute = member
start_tls = yes
tls_ca_cert_dir = /opt/zimbra/conf/ca
bind = yes
bind_dn = uid=zmpostfix,cn=appaccts,cn=zimbra
bind_pw = xxxxxxxxxxx
timeout = 30

Is there something I'm missing here about getting postmap to use the
parameters I set?

Thanks!

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration

From: Victor Duchovni on 23 Jun 2010 17:15
On Wed, Jun 23, 2010 at 02:12:53PM -0700, Quanah Gibson-Mount wrote:

> I'm trying to test a new .cf file that uses ldap with postmap, and I
> noticed that it fails to actually honor the fields set in the file. I'm
> going off of the documentation found at
> <http://www.postfix.org/LDAP_README.html#example_group>.
>
> [zimbra(a)freelancer conf]$ postmap -q all_users(a)zimbra.com
> ldap:ldap-groups.cf
> postmap: warning: dict_ldap_connect: Unable to bind to server
> ldap://localhost:389 as : -1 (Can't contact LDAP server)
>
> I'm not sure why it is trying to contact localhost. I very specifically
> set the server host in the .cf file:

File names must start with "/" or ".".

--
Viktor.

From: Quanah Gibson-Mount on 23 Jun 2010 17:20
--On Wednesday, June 23, 2010 5:15 PM -0400 Victor Duchovni
<Victor.Duchovni(a)morganstanley.com> wrote:

>
> File names must start with "/" or ".".

Thanks. It looks like the online documentation needs updating to match
this.

postmap -q global_users(a)zimbra.com ldap:/opt/zimbra/conf/ldap-groups.cf

worked.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration

From: Victor Duchovni on 23 Jun 2010 17:28
On Wed, Jun 23, 2010 at 02:20:34PM -0700, Quanah Gibson-Mount wrote:

> --On Wednesday, June 23, 2010 5:15 PM -0400 Victor Duchovni
> <Victor.Duchovni(a)morganstanley.com> wrote:
>
>>
>> File names must start with "/" or ".".
>
> Thanks. It looks like the online documentation needs updating to match
> this.

http://www.postfix.org/ldap_table.5.html

BACKWARDS COMPATIBILITY
For backwards compatibility with Postfix version 2.0 and
earlier, LDAP parameters can also be defined in main.cf.
Specify as LDAP source a name that doesn't begin with a
slash or a dot. The LDAP parameters will then be accessi-
ble as the name you've given the source in its definition,
an underscore, and the name of the parameter. For exam-
ple, if the map is specified as "ldap:ldapsource", the
"server_host" parameter below would be defined in main.cf
as "ldapsource_server_host".



--
Viktor.

From: Quanah Gibson-Mount on 24 Jun 2010 12:39
--On Wednesday, June 23, 2010 5:28 PM -0400 Victor Duchovni
<Victor.Duchovni(a)morganstanley.com> wrote:

> http://www.postfix.org/ldap_table.5.html
>
> BACKWARDS COMPATIBILITY
> For backwards compatibility with Postfix version 2.0 and

So you leave your online documentation using the syntax of a release that
is 6 years old? That seems fairly odd. Why not use versioned
documentation?

Just as an example, OpenLDAP has:

<http://www.openldap.org/doc/admin24/>
<http://www.openldap.org/doc/admin23/>
<http://www.openldap.org/doc/admin22/>
<http://www.openldap.org/doc/admin21/>
<http://www.openldap.org/doc/admin20/>

This way people who want the official documentation for OpenLDAP 2.0
through 2.4 can get at those, even if they are no longer maintained.

Same for the online manual pages, where you can pull them down for
everything from OpenLDAP 1.0 onwards.

In this way, people are able to get the information that is most relevant
to their setup, and not get hit with examples that are half a decade out of
date.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration

 |  Next  |  Last
Pages: 1 2
Prev: Postfix helo.regexp file for stopping same to/from address
Next: Stop spammers using outdated MX records.