Loading ...
Sorry, an error occurred while loading the content.
 

LDAP trouble with Postfix

Expand Messages
  • Zhou, Yan
    Hi there, I am using Postfix 2.3.3 to integrate with RedHat Open LDAP server. I verified that my LDAP set up is correct, because I used the same configuration
    Message 1 of 3 , Sep 30, 2010
      Hi there,

      I am using Postfix 2.3.3 to integrate with RedHat Open LDAP server. I
      verified that my LDAP set up is correct, because I used the same
      configuration on another Postfix server, it worked.
      The following is how I ask LDAP to validate domain name.

      main.cf:

      mydestination = $myhostname, localhost.$mydomain, localhost,
      ldap:acceptdomains

      acceptdomains_server_host = ldap://<hostname>:389/
      acceptdomains_server_port = 389
      acceptdomains_search_base =
      ou=domain,dc=hubdirect,dc=int,dc=medplus,dc=com
      acceptdomains_query_filter = (domainname=%s)
      acceptdomains_result_attribute = domainname

      When I do postmap for testing a domain: test.medplus.com, here is what I
      get.

      postmap -qv test.medplus.com ldap:acceptdomains
      postmap: fatal: open database test.medplus.com.db: No such file or
      directory

      postmap -q test.medplus.com ldap:acceptdomains
      <---return nothing in command line--->

      When I looked in LDAP log, I see the query issued correctly but nothing
      is retrieved.

      However, in another environment having identical setup, I am getting
      "test.medplus.com" back in response, thus showing Postfix knows this
      domain.

      Any idea why Postfix lookup LDAP does not work in this particular
      instance? The only difference between the two environment is that:
      - on the one working, my LDAP root node has the
      "dc=int,dc=medplus,dc=com".
      - on the one not working, my LDAP root node has "dc=medplus,dc=com", and
      "dc=int" is one level below the root.

      Both entries have the same DN path "dc=int,dc=medplus,dc=com".


      Thanks,

      Yan










      Confidentiality Notice: The information contained in this electronic transmission is confidential and may be legally privileged. It is intended only for the addressee(s) named above. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by telephone (513) 229-5500 or by email (postmaster@...). After replying, please erase it from your computer system.
    • Jeroen Geilman
      ... You re asking test.medplus.com for key v . man postmap for correct syntax. ... Where is that log ? What does the LDAP *server* log ? Map files must be
      Message 2 of 3 , Sep 30, 2010
        On 09/30/2010 09:54 PM, Zhou, Yan wrote:
        > Hi there,
        >
        > I am using Postfix 2.3.3 to integrate with RedHat Open LDAP server. I
        > verified that my LDAP set up is correct, because I used the same
        > configuration on another Postfix server, it worked.
        > The following is how I ask LDAP to validate domain name.
        >
        > main.cf:
        >
        > mydestination = $myhostname, localhost.$mydomain, localhost,
        > ldap:acceptdomains
        >
        > acceptdomains_server_host = ldap://<hostname>:389/
        > acceptdomains_server_port = 389
        > acceptdomains_search_base =
        > ou=domain,dc=hubdirect,dc=int,dc=medplus,dc=com
        > acceptdomains_query_filter = (domainname=%s)
        > acceptdomains_result_attribute = domainname
        >
        > When I do postmap for testing a domain: test.medplus.com, here is what I
        > get.
        >
        > postmap -qv test.medplus.com ldap:acceptdomains
        > postmap: fatal: open database test.medplus.com.db: No such file or
        > directory
        >

        You're asking "test.medplus.com" for key "v".
        man postmap for correct syntax.

        > postmap -q test.medplus.com ldap:acceptdomains
        > <---return nothing in command line--->
        >
        > When I looked in LDAP log, I see the query issued correctly but nothing
        > is retrieved.
        >

        Where is that log ? What does the LDAP *server* log ?

        Map files must be fully named; "acceptdomains" is not a full pathname.


        --
        J.
      • Zhou, Yan
        Thanks, Jeroen, see my comment below. ... This is the output of postmap -vq test.medplus.com ldap:acceptdomains It does query into LDAP but returns nothing
        Message 3 of 3 , Sep 30, 2010
          Thanks, Jeroen, see my comment below.

          > > postmap -qv test.medplus.com ldap:acceptdomains
          > > postmap: fatal: open database test.medplus.com.db: No such file or
          > > directory
          > >
          >

          This is the output of postmap -vq test.medplus.com ldap:acceptdomains

          It does query into LDAP but returns nothing when the same LDAP query
          returns value in another LDAP browser.

          postmap: dict_open: ldap:acceptdomains
          postmap: dict_ldap_lookup: In dict_ldap_lookup
          postmap: dict_ldap_lookup: No existing connection for LDAP source
          acceptdomains, reopening
          postmap: dict_ldap_connect: Connecting to server
          ldap://hub-dev-app01.dev.medplus.com:389/
          postmap: dict_ldap_connect: Actual Protocol version used is 2.
          postmap: dict_ldap_connect: Binding to server
          ldap://hub-dev-app01.dev.medplus.com:389/ as dn
          postmap: dict_ldap_connect: Successful bind to server
          ldap://hub-dev-app01.dev.medplus.com:389/ as
          postmap: dict_ldap_connect: Cached connection handle for LDAP source
          acceptdomains
          postmap: dict_ldap_lookup: acceptdomains: Searching with filter
          (domainname=test.medplus.com)
          postmap: dict_ldap_get_values[1]: Search found 0 match(es)
          postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
          postmap: dict_ldap_lookup: Search returned nothing
          postmap: dict_ldap_close: Closed connection handle for LDAP source
          acceptdomains


          > > postmap -q test.medplus.com ldap:acceptdomains
          > > <---return nothing in command line--->
          > >
          > > When I looked in LDAP log, I see the query issued correctly but
          > nothing
          > > is retrieved.
          > >
          >
          > Where is that log ? What does the LDAP *server* log ?
          >

          I am referring to Open LDAP Server access log, I see the query being
          issued, the same query from LDAP browser does return value, but the one
          from Postfix returns nothing.


          > Map files must be fully named; "acceptdomains" is not a full pathname.
          >
          >
          > --
          > J.

          I think what I have is an alternative option, unless it is no longer
          supported by Postfix 2.3.3? That works with same version of Postfix in
          another environment. I also see output from postmap -vq.

          Yan













          Confidentiality Notice: The information contained in this electronic transmission is confidential and may be legally privileged. It is intended only for the addressee(s) named above. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by telephone (513) 229-5500 or by email (postmaster@...). After replying, please erase it from your computer system.
        Your message has been successfully submitted and would be delivered to recipients shortly.