Re: postfix seems to be ignoring my ldap_query_filter
This is a discussion on Re: postfix seems to be ignoring my ldap_query_filter within the mailing.postfix.users forums, part of the Mail Servers and Related category; --Boundary-02=_nKB7AhfwnRlspAy Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-07-2004
|
|||
|
|||
Re: postfix seems to be ignoring my ldap_query_filter
--Boundary-02=_nKB7AhfwnRlspAy Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline * Victor.Duchovni@MorganStanley.com [July 7, 2004 10:31 am]: > On Wed, 7 Jul 2004, Mark Drummond wrote: > > Well it's working now. An aweful lot of reading for just 5 simple lines > > in main.cf. > > > > local_recipient_maps =3D $alias_maps ldap:ldap_rcpt > > ldap_rcpt_search_base =3D dc=3Dgangwarily,dc=3Dca > > ldap_rcpt_query_filter =3D mail=3D%s > > ldap_rcpt_result_attribute =3D uid > > ldap_rcpt_bind =3D no > > > > Just imagine how many questions like mine might be avoided on this list > > if this was better documented! > > The query filter should be: > > uid=3D%u > > rather than mail=3D%s. This is because the local(8) delivery agent delive= rs > mail to aliases and *users* not email addresses. What if %u was not the uid? If the message was to superfreak@gangwarily.ca,= =20 meant for me, and my uid is mark, then that won't match. A filter like (| (mail=3D%s)(mailalternateaddress=3D%s)) would be better. I'm using cyrus-imapd as well. That probably does not matter, but cyrus wor= ks=20 fine with just the uid. > > What problem are you trying to solve? What's wrong with the default: > There's no problem per se. I just want to have everything in LDAP. I want a= ll=20 my "users", both unix users and mail-only users, in my directory. > local_recipient_maps =3D $alias_maps unix:passwd.byname > > With nsswitch.conf configured to find local users via LDAP, the > configuration is simpler, and the table is more accurate. My search filter for nss_ldap/pam_ldap is "objectclass=3DposixAccount". I c= ould=20 change that but only posixAccounts should be able to log in via a shell so = I=20 prefer that filter. If I change the filter to something that matches everyo= ne=20 then the system will successfully match users who are not unix users. =2D-=20 we're outta control --Boundary-02=_nKB7AhfwnRlspAy Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBA7BKnFj2JLAlfYYMRAiaaAJ9zeTlk83LOdLiZ59Vnwd zbKXibzgCgqvzo fLxgFzGLHLHTi/9M/E6CWTI= =05dk -----END PGP SIGNATURE----- --Boundary-02=_nKB7AhfwnRlspAy-- 
|
Linear Mode
