Loading ...
Sorry, an error occurred while loading the content.

Postfix always tries to connect to ldap on localhost

Expand Messages
  • Jakob Lenfers
    Hi guys, I ve installed a test mail server to try to connect postfix/cyrus to ldap. The openldap server runs on another host and is already populated for a PDC
    Message 1 of 13 , Sep 30, 2009
    • 0 Attachment
      Hi guys,

      I've installed a test mail server to try to connect postfix/cyrus to
      ldap. The openldap server runs on another host and is already populated
      for a PDC and other services. Cyrus is running and authenticating (with
      SASL/PAM) against the LDAP all right. But now I'm trying to get the
      addresses recognized. I tried all kinds of configurations and postfix
      still wants only to connect to localhast. I tried hostname, ip address
      with ldap://, without...

      root@paka2:~# cat /etc/postfix/virtual.ldap
      server_host = ldap://134.102.131.4
      search_base = dc=taupo, dc=gsss, dc=uni-bremen, dc=de
      port = 389
      bind = no
      version = 3
      debuglevel = 10
      query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))
      result_attribute = uid, gosaMailForwardingAddress
      special_result_attribute = member

      root@paka2:/etc/postfix# postmap -q lenfers-test@...
      ldap:virtual.ldap
      postmap: warning: dict_ldap_connect: Unable to bind to server
      ldap://localhost:389 as : -1 (Can't contact LDAP server)

      I'm using Ubuntu 8.04, current postfix(-ldap) 2.5.1-2. And I really
      don't know what to try anymore...

      [Xposted yesterday to ubuntuforums.org]

      TIA!
    • Patrick Ben Koetter
      ... server_host = 134.102.131.4 ... There s no parameter port . Leave it away if you use the default anyway. ... -- All technical questions asked privately
      Message 2 of 13 , Sep 30, 2009
      • 0 Attachment
        * Jakob Lenfers <lenfers@...>:
        > Hi guys,
        >
        > I've installed a test mail server to try to connect postfix/cyrus to
        > ldap. The openldap server runs on another host and is already populated
        > for a PDC and other services. Cyrus is running and authenticating (with
        > SASL/PAM) against the LDAP all right. But now I'm trying to get the
        > addresses recognized. I tried all kinds of configurations and postfix
        > still wants only to connect to localhast. I tried hostname, ip address
        > with ldap://, without...
        >
        > root@paka2:~# cat /etc/postfix/virtual.ldap
        > server_host = ldap://134.102.131.4


        server_host = 134.102.131.4



        > search_base = dc=taupo, dc=gsss, dc=uni-bremen, dc=de
        > port = 389

        There's no parameter "port". Leave it away if you use the default anyway.

        > bind = no
        > version = 3
        > debuglevel = 10
        > query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))
        > result_attribute = uid, gosaMailForwardingAddress
        > special_result_attribute = member
        >
        > root@paka2:/etc/postfix# postmap -q lenfers-test@...
        > ldap:virtual.ldap
        > postmap: warning: dict_ldap_connect: Unable to bind to server
        > ldap://localhost:389 as : -1 (Can't contact LDAP server)
        >
        > I'm using Ubuntu 8.04, current postfix(-ldap) 2.5.1-2. And I really
        > don't know what to try anymore...
        >
        > [Xposted yesterday to ubuntuforums.org]
        >
        > TIA!

        --
        All technical questions asked privately will be automatically answered on the
        list and archived for public access unless privacy is explicitely required and
        justified.

        saslfinger (debugging SMTP AUTH):
        <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
      • Jakob Lenfers
        ... Tried it, didn t work. And man ldap_table mentions both syntax forms. ... Oh, yeah, it would be server_port. But here as well: Tried without the setting
        Message 3 of 13 , Sep 30, 2009
        • 0 Attachment
          Patrick Ben Koetter schrieb:
          > * Jakob Lenfers <lenfers@...>:

          >> server_host = ldap://134.102.131.4
          > server_host = 134.102.131.4

          Tried it, didn't work. And man ldap_table mentions both syntax forms.

          >> search_base = dc=taupo, dc=gsss, dc=uni-bremen, dc=de
          >> port = 389
          > There's no parameter "port". Leave it away if you use the default anyway.

          Oh, yeah, it would be server_port. But here as well: Tried without the
          setting without any success. :(

          Thanks for your answer,
          Jakob
        • Stan Hoeppner
          ... I m no expert on Postfix LDAP, but I found this interesting, and possibly related to your issue, specifically in the last sentence of the paragraph below.
          Message 4 of 13 , Sep 30, 2009
          • 0 Attachment
            Jakob Lenfers put forth on 9/30/2009 3:19 AM:
            > Patrick Ben Koetter schrieb:
            >> * Jakob Lenfers <lenfers@...>:
            >
            >>> server_host = ldap://134.102.131.4
            >> server_host = 134.102.131.4

            I'm no expert on Postfix LDAP, but I found this interesting, and
            possibly related to your issue, specifically in the last sentence of the
            paragraph below.

            "ldapsource_server_host"

            http://www.postfix.org/ldap_table.5.html

            BACKWARDS COMPATIBILITY
            For backwards compatibility with Postfix version 2.0 and
            earlier, LDAP parameters can also be defined in main.cf.
            Specify as LDAP source a name that doesn't begin with a
            slash or a dot. The LDAP parameters will then be accessi-
            ble as the name you've given the source in its definition,
            an underscore, and the name of the parameter. For exam-
            ple, if the map is specified as "ldap:ldapsource", the
            "server_host" parameter below would be defined in main.cf
            as "ldapsource_server_host".


            --
            Stan
          • Jakob Lenfers
            ... That helped in some way, thanks... I put the statements into the main.cf as described, but now I m still curious what I did wrong... ... dc=de ... And I
            Message 5 of 13 , Sep 30, 2009
            • 0 Attachment
              Stan Hoeppner schrieb:

              > I'm no expert on Postfix LDAP, but I found this interesting, and
              > possibly related to your issue, specifically in the last sentence of the
              > paragraph below.
              >
              > "ldapsource_server_host"
              >
              > http://www.postfix.org/ldap_table.5.html

              That helped in some way, thanks... I put the statements into the main.cf
              as described, but now I'm still curious what I did wrong...

              | virtual.ldap_server_host = 134.102.131.4
              | virtual.ldap_search_base = ou=Users, dc=taupo, dc=gsss, dc=uni-bremen,
              dc=de
              | virtual.ldap_bind = no
              | virtual.ldap_version = 3
              | #virtual.ldap_debuglevel = 10
              | virtual.ldap_query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))
              | virtual.ldap_result_attribute = uid, gosaMailForwardingAddress
              | virtual.ldap_special_result_attribute = member

              And I don't get, why postconf -n doesn't show my virtual.ldap-entries...

              | root@paka2:/etc/postfix# postconf -n
              | alias_database = hash:/etc/aliases
              | alias_maps = hash:/etc/aliases
              | append_dot_mydomain = no
              | biff = no
              | config_directory = /etc/postfix
              | inet_interfaces = all
              | mailbox_size_limit = 0
              | mydestination = paka2.bigsss-bremen.de, paka2, localhost.localdomain,
              localhost
              | myhostname = paka2
              | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
              | myorigin = /etc/mailname
              | readme_directory = no
              | recipient_delimiter = +
              | relayhost =
              | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
              | smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
              | smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
              | smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
              | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
              | smtpd_use_tls = yes
              | virtual_alias_maps = ldap:/etc/postfix/virtual.ldap

              Jakob
            • Stan Hoeppner
              ... So, is it querying the remote LDAP server correctly now? If so, you re welcome, and I m glad it s working for you. -- Stan
              Message 6 of 13 , Sep 30, 2009
              • 0 Attachment
                Jakob Lenfers put forth on 9/30/2009 5:43 AM:
                > Stan Hoeppner schrieb:
                >
                >> I'm no expert on Postfix LDAP, but I found this interesting, and
                >> possibly related to your issue, specifically in the last sentence of the
                >> paragraph below.
                >>
                >> "ldapsource_server_host"
                >>
                >> http://www.postfix.org/ldap_table.5.html
                >
                > That helped in some way, thanks... I put the statements into the main.cf
                > as described, but now I'm still curious what I did wrong...

                So, is it querying the remote LDAP server correctly now? If so, you're
                welcome, and I'm glad it's working for you.

                --
                Stan



                > | virtual.ldap_server_host = 134.102.131.4
                > | virtual.ldap_search_base = ou=Users, dc=taupo, dc=gsss, dc=uni-bremen,
                > dc=de
                > | virtual.ldap_bind = no
                > | virtual.ldap_version = 3
                > | #virtual.ldap_debuglevel = 10
                > | virtual.ldap_query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s))
                > | virtual.ldap_result_attribute = uid, gosaMailForwardingAddress
                > | virtual.ldap_special_result_attribute = member
                >
                > And I don't get, why postconf -n doesn't show my virtual.ldap-entries...
                >
                > | root@paka2:/etc/postfix# postconf -n
                > | alias_database = hash:/etc/aliases
                > | alias_maps = hash:/etc/aliases
                > | append_dot_mydomain = no
                > | biff = no
                > | config_directory = /etc/postfix
                > | inet_interfaces = all
                > | mailbox_size_limit = 0
                > | mydestination = paka2.bigsss-bremen.de, paka2, localhost.localdomain,
                > localhost
                > | myhostname = paka2
                > | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
                > | myorigin = /etc/mailname
                > | readme_directory = no
                > | recipient_delimiter = +
                > | relayhost =
                > | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
                > | smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
                > | smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
                > | smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
                > | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
                > | smtpd_use_tls = yes
                > | virtual_alias_maps = ldap:/etc/postfix/virtual.ldap
                >
                > Jakob
              • Jakob Lenfers
                ... It did (Thanks, really :)), but I m quite puzzled why I cannot define it in an external file. This method is only there for compatibility, so it will
                Message 7 of 13 , Sep 30, 2009
                • 0 Attachment
                  Stan Hoeppner schrieb:
                  > Jakob Lenfers put forth on 9/30/2009 5:43 AM:
                  >> Stan Hoeppner schrieb:

                  >>> "ldapsource_server_host"
                  >>>
                  >>> http://www.postfix.org/ldap_table.5.html
                  >> That helped in some way, thanks... I put the statements into the main.cf
                  >> as described, but now I'm still curious what I did wrong...
                  > So, is it querying the remote LDAP server correctly now? If so, you're
                  > welcome, and I'm glad it's working for you.


                  It did (Thanks, really :)), but I'm quite puzzled why I cannot define it
                  in an external file. This method is only there for compatibility, so it
                  will vanish someday...

                  Jakob
                • Victor Duchovni
                  ... The file name has to start with a / : ldap:/some/file.cf -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not
                  Message 8 of 13 , Sep 30, 2009
                  • 0 Attachment
                    On Wed, Sep 30, 2009 at 05:00:46PM +0200, Jakob Lenfers wrote:

                    > Stan Hoeppner schrieb:
                    > > Jakob Lenfers put forth on 9/30/2009 5:43 AM:
                    > >> Stan Hoeppner schrieb:
                    >
                    > >>> "ldapsource_server_host"
                    > >>>
                    > >>> http://www.postfix.org/ldap_table.5.html
                    > >> That helped in some way, thanks... I put the statements into the main.cf
                    > >> as described, but now I'm still curious what I did wrong...
                    > > So, is it querying the remote LDAP server correctly now? If so, you're
                    > > welcome, and I'm glad it's working for you.
                    >
                    >
                    > It did (Thanks, really :)), but I'm quite puzzled why I cannot define it
                    > in an external file. This method is only there for compatibility, so it
                    > will vanish someday...

                    The file name has to start with a "/":

                    ldap:/some/file.cf

                    --
                    Viktor.

                    Disclaimer: off-list followups get on-list replies or get ignored.
                    Please do not ignore the "Reply-To" header.

                    To unsubscribe from the postfix-users list, visit
                    http://www.postfix.org/lists.html or click the link below:
                    <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                    If my response solves your problem, the best way to thank me is to not
                    send an "it worked, thanks" follow-up. If you must respond, please put
                    "It worked, thanks" in the "Subject" so I can delete these quickly.
                  • Patrick Ben Koetter
                    ... What happens if you don t use it properly? Why does it fall back to using localhost then? It can t find the file and falls back to defaults which is
                    Message 9 of 13 , Sep 30, 2009
                    • 0 Attachment
                      * Victor Duchovni <postfix-users@...>:
                      > On Wed, Sep 30, 2009 at 05:00:46PM +0200, Jakob Lenfers wrote:
                      >
                      > > Stan Hoeppner schrieb:
                      > > > Jakob Lenfers put forth on 9/30/2009 5:43 AM:
                      > > >> Stan Hoeppner schrieb:
                      > >
                      > > >>> "ldapsource_server_host"
                      > > >>>
                      > > >>> http://www.postfix.org/ldap_table.5.html
                      > > >> That helped in some way, thanks... I put the statements into the main.cf
                      > > >> as described, but now I'm still curious what I did wrong...
                      > > > So, is it querying the remote LDAP server correctly now? If so, you're
                      > > > welcome, and I'm glad it's working for you.
                      > >
                      > >
                      > > It did (Thanks, really :)), but I'm quite puzzled why I cannot define it
                      > > in an external file. This method is only there for compatibility, so it
                      > > will vanish someday...
                      >
                      > The file name has to start with a "/":
                      >
                      > ldap:/some/file.cf

                      What happens if you don't use it properly? Why does it fall back to using
                      localhost then?

                      It can't find the file and falls back to defaults which is localhost for
                      $server_host, right?

                      Shouldn't it complain it can't find the specified file?

                      p@rick


                      --
                      All technical questions asked privately will be automatically answered on the
                      list and archived for public access unless privacy is explicitely required and
                      justified.

                      saslfinger (debugging SMTP AUTH):
                      <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
                    • Victor Duchovni
                      ... The table name is assumed to refer to a parameter prefix, rather than a file-name, and in the absense of explicit settings for said parameters, they all
                      Message 10 of 13 , Sep 30, 2009
                      • 0 Attachment
                        On Wed, Sep 30, 2009 at 11:26:30PM +0200, Patrick Ben Koetter wrote:

                        > > The file name has to start with a "/":
                        > >
                        > > ldap:/some/file.cf
                        >
                        > What happens if you don't use it properly? Why does it fall back to using
                        > localhost then?

                        The table name is assumed to refer to a parameter prefix, rather than a
                        file-name, and in the absense of explicit settings for said parameters,
                        they all take the documented default values.

                        > It can't find the file and falls back to defaults which is localhost for
                        > $server_host, right?

                        It can't file the "prefix_..." variables, and assigns default values.

                        > Shouldn't it complain it can't find the specified file?

                        There is no specified file. To specify a file, start with a "/", and
                        then if the file is not found, an error is raised.

                        --
                        Viktor.

                        Disclaimer: off-list followups get on-list replies or get ignored.
                        Please do not ignore the "Reply-To" header.

                        To unsubscribe from the postfix-users list, visit
                        http://www.postfix.org/lists.html or click the link below:
                        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                        If my response solves your problem, the best way to thank me is to not
                        send an "it worked, thanks" follow-up. If you must respond, please put
                        "It worked, thanks" in the "Subject" so I can delete these quickly.
                      • Stan Hoeppner
                        ... I don t think this will vanish any time soon. All you ve done is move your config declarations from an external file into main.cf. Postfix parses all the
                        Message 11 of 13 , Sep 30, 2009
                        • 0 Attachment
                          Jakob Lenfers put forth on 9/30/2009 10:00 AM:
                          > Stan Hoeppner schrieb:
                          >> Jakob Lenfers put forth on 9/30/2009 5:43 AM:
                          >>> Stan Hoeppner schrieb:
                          >
                          >>>> "ldapsource_server_host"
                          >>>>
                          >>>> http://www.postfix.org/ldap_table.5.html
                          >>> That helped in some way, thanks... I put the statements into the main.cf
                          >>> as described, but now I'm still curious what I did wrong...
                          >> So, is it querying the remote LDAP server correctly now? If so, you're
                          >> welcome, and I'm glad it's working for you.
                          >
                          >
                          > It did (Thanks, really :)), but I'm quite puzzled why I cannot define it
                          > in an external file. This method is only there for compatibility, so it
                          > will vanish someday...

                          I don't think this will vanish any time soon. All you've done is move
                          your config declarations from an external file into main.cf. Postfix
                          parses all the config files at startup and reads all the configuration
                          data into its working set. In many(most?) cases, it doesn't matter
                          where (within which file) you define something as long as the definition
                          is valid for your version of postfix. Defining in main.cf can sometimes
                          shed light on things, as it did in this case, which is kinda why I
                          recommended those instructions. ;)

                          This isn't true for _all_ parameters, but for many you can put them
                          right into main.cf and it'll work fine. Wietse and Victor can explain
                          this far better than me. It's not the preferred method, as it clutters
                          main.cf. The more cluttered your main.cf is, the more difficult it can
                          be to troubleshoot some things. As I understand it, this is the main
                          reason/goal behind separating various things out into multiple config
                          files--it keeps things more organized and easier to troubleshoot. I.e.
                          it's more organizational than functional in nature.

                          So, now, after implementing Victor's advice about the filename leading
                          "/", comment out the lines in main.cf, and copy them back into your
                          external config file and see if it works.

                          --
                          Stan
                        • Jakob Lenfers
                          ... Thanks, that solved it. *shame* ... I find the manpage not clear on that issue, perhaps it could be said more explicitly here... ... a database. Jakob
                          Message 12 of 13 , Oct 1, 2009
                          • 0 Attachment
                            Victor Duchovni schrieb:
                            > On Wed, Sep 30, 2009 at 11:26:30PM +0200, Patrick Ben Koetter wrote:

                            >>> ldap:/some/file.cf

                            Thanks, that solved it. *shame*

                            >> What happens if you don't use it properly? Why does it fall back to using
                            >> localhost then?
                            > The table name is assumed to refer to a parameter prefix, rather than a
                            > file-name, and in the absense of explicit settings for said parameters,
                            > they all take the documented default values.

                            I find the manpage not clear on that issue, perhaps it could be said
                            more explicitly here...
                            | file_name
                            | The name of the lookup table source file when rebuilding
                            a database.

                            Jakob
                          • Victor Duchovni
                            ... http://www.postfix.org/ldap_table.5.html BACKWARDS COMPATIBILITY For backwards compatibility with Postfix version 2.0 and earlier, LDAP parameters can
                            Message 13 of 13 , Oct 1, 2009
                            • 0 Attachment
                              On Thu, Oct 01, 2009 at 09:35:02AM +0200, Jakob Lenfers wrote:

                              > I find the manpage not clear on that issue, perhaps it could be said
                              > more explicitly here...
                              > | file_name
                              > | The name of the lookup table source file when rebuilding
                              > a database.

                              http://www.postfix.org/ldap_table.5.html

                              BACKWARDS COMPATIBILITY
                              For backwards compatibility with Postfix version 2.0 and
                              earlier, LDAP parameters can also be defined in main.cf.
                              Specify as LDAP source a name that doesn't begin with a
                              slash or a dot. The LDAP parameters will then be accessi-
                              ble as the name you've given the source in its definition,
                              an underscore, and the name of the parameter. For exam-
                              ple, if the map is specified as "ldap:ldapsource", the
                              "server_host" parameter below would be defined in main.cf
                              as "ldapsource_server_host".

                              I see no mention of "file_name" in ldap_table(5).

                              --
                              Viktor.

                              Disclaimer: off-list followups get on-list replies or get ignored.
                              Please do not ignore the "Reply-To" header.

                              To unsubscribe from the postfix-users list, visit
                              http://www.postfix.org/lists.html or click the link below:
                              <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                              If my response solves your problem, the best way to thank me is to not
                              send an "it worked, thanks" follow-up. If you must respond, please put
                              "It worked, thanks" in the "Subject" so I can delete these quickly.
                            Your message has been successfully submitted and would be delivered to recipients shortly.