Disable local users - reject with "user unknown"
I'm trying to configure postfix not to use local accounts for delivery,
only LDAP. To do this I'm putting sth like this into main.cf:
ldap-staff.cf and ldap-users.cf are similar and I can lookup users using
search_base = ou=staff,ou=People,dc=example,dc=com
scope = one
version = 3
bind = no
Why am I trying to do such stupid thing? I'd like to keep things tidy in
systems (like not to get files owned by number - uid of a inactive
user), so I keep inactive users in
ou=disabled,ou=staff,ou=People,dc=example,dc=com and I like to keep it
that way. In PAM however, it has to stay configured as is, so the search
scope is set to sub.
This also would resolve issue of accepting mail (spam mostly) for
daemons which has their own users.
Bottomline is that even with the above configuration mail is delivered
for inactive users.
Is there any possibility to configure postfix not to lookup users in the
system? Or maybe I'm approaching the issue from the wrong side?
Do you have any thoughts?