CentOS - Dec 2015 - Postfix and LDAP

Hi Everyone,

I thought I'd try asking here before joining the postfix mail list
since I'm running postfix on a CentOS 7 box.

I want to look up accounts via LDAP (an IPA server also on CentOS 7). I
created an "ldap_aliases" file and successfully tested it with the
postmap command: I can get the email address for an arbitrary user.
But, when I add the very same file to main.cf, I don't see anything in
the normal or debug logs for postfix that would indicate postfix is
even trying to do a ldap lookup.

Here are the relevant configs:

# Virtual domains
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox
virtual_mailbox_domains = thesandhufamily.ca
virtual_alias_maps = hash:/etc/postfix/virtual,
hash:/etc/mailman/virtual-mailman, ldap:/etc/postfix/ldap_aliases

NB: I believe I don't need to use ldap for virtual_mailbox_maps and
virtual_mailbox_domains, but I could be wrong.

All I get is errors like this:

Dec 14 09:53:35 mailman01 postfix/lmtp[31011]: A968CC2516D: to=<ranbir at
thesandhufamily.ca>, relay=10.200.5.24[10.200.5.24]:24, delay=1.1,
delays=0.78/0/0.01/0.27, dsn=5.1.1, status=bounced (host
10.200.5.24[10.200.5.24] said: 550 5.1.1 <ranbir at thesandhufamily.ca>
User doesn't exist: ranbir at thesandhufamily.ca (in reply to RCPT TO
command))

Am I supposed to enable something else in postfix to make ldap work? What
I've read about this seems to indicate I'm doing it correctly.

-- 
Ranbir
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.centos.org/pipermail/centos/attachments/20151214/6e35724a/attachment-0001.sig>

Am 14.12.2015 um 21:42 schrieb Ranbir:
> Hi Everyone,
>
> I thought I'd try asking here before joining the postfix mail list
> since I'm running postfix on a CentOS 7 box.
>
> I want to look up accounts via LDAP (an IPA server also on CentOS 7). I
> created an "ldap_aliases" file and successfully tested it with
the
> postmap command: I can get the email address for an arbitrary user.
> But, when I add the very same file to main.cf, I don't see anything in
> the normal or debug logs for postfix that would indicate postfix is
> even trying to do a ldap lookup.
Can you please provide the "postmap -q ranbir at thesandhufamily.ca 
ldap:/etc/postfix/ldap_aliases" call output? I guess 
"ranbir at thesandhufamily.ca" (from log below) is the alias and not
the
result of the alias.
> Here are the relevant configs:
>
> # Virtual domains
> virtual_mailbox_base = /var/spool/mail
> virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox
> virtual_mailbox_domains = thesandhufamily.ca
> virtual_alias_maps = hash:/etc/postfix/virtual,
> hash:/etc/mailman/virtual-mailman, ldap:/etc/postfix/ldap_aliases
Plain main.cf excerpts are not useful to debug a failure situation. At 
least run yourself "postconf -n" to make sure that what you intend to 
configure is really set for Postfix. In case this thread goes on, paste 
it here.

What cannot be concluded from your config is how you achieve LMTP 
delivery. virtual_transport being used?
> NB: I believe I don't need to use ldap for virtual_mailbox_maps and
virtual_mailbox_domains, but I could be wrong.
Correct, you can mix different map types.
> All I get is errors like this:
>
> Dec 14 09:53:35 mailman01 postfix/lmtp[31011]: A968CC2516D: to=<ranbir
at thesandhufamily.ca>, relay=10.200.5.24[10.200.5.24]:24, delay=1.1,
delays=0.78/0/0.01/0.27, dsn=5.1.1, status=bounced (host
10.200.5.24[10.200.5.24] said: 550 5.1.1 <ranbir at thesandhufamily.ca>
User doesn't exist: ranbir at thesandhufamily.ca (in reply to RCPT TO
command))
Not your Postfix refuses the mail but the host on IP address 10.200.5.24 
does that on the LMTP listener. That system, the mail storage server 
does not know the mailbox "ranbir at thesandhufamily.ca". So, should 
"ranbir at thesandhufamily.ca" exist there or should that address have
been
translated by the virtual_alias_maps?
> Am I supposed to enable something else in postfix to make ldap work? What
I've read about this seems to indicate I'm doing it correctly.
If the manual postmap lookup succeeds, then the map type is supported. 
You can query the possible map types with "postconf -m". Postfix on 
CentOS 7 is compiled agains LDAP, thus the ldap map type is supported.

Alexander