ldap map questions?

10/03/2006, 16h30

Doing local_recipient_maps with ldap.
local_recipient_maps = $alias_maps, ldap:/etc/postfix/ldap-users.cf,
hash:/etc/postfix/local-accounts

/etc/postfix/ldap-users.cf is
bind = no
version = 3
timeout = 20

## set the size_limit to 1 since we only
## want to find one email address match
size_limit = 1
expansion_limit = 0
#tls_ca_cert_file =
#tls_cert =
#tls_key =
start_tls = no
tls_require_cert = no
server_host = ldap://mstldap.advocap.org ldap://fonldap.advocap.org \
ldap://neeldap.advocap.org
scope = sub
search_base = ou=People,dc=advocap,dc=org
query_filter = (uid=%u)
result_attribute = uid

This does work as is but want to make a couple changes and can not get
them to work.

Have mail attribute that has values like mail=bill@advocap.org

Would like to just check the userid part of mail.
Tried things like:
query_filter = (mail=%u)
result_attribute = mail

As I don't really understand what the query_filter and result_attribute
do it's been challenging ;-)

Also like to use use tls or ssl. It seems to fail every time I try.
Do I have to have certs and keys? If so what form?

Thanks

John

10/03/2006, 22h56

> I don't really understand what the query_filter and result_attribute do

Did you take a look at the output of "man 5 ldap_tables" ? It has some useful
information about LDAP related configuration syntax.

The query_filter creates the search string to be performed against the LDAP
server. For example, mail=%u results in mail=bill, and mail=%s results in
mail=bill@adocap.org.

The result_attribute, is the name of an attribute in your LDAP database for who's value
you want returned from the query. If you are just using LDAP to determine whether
the address is for a valid local recipient, then the result_attribute isn't really
used, and can be set to anything or nothing ("").

When the LDAP query is used for some other purpose, such as virtual_mailbox_maps
or virtual_alias_maps, then result attribute values are needed, and they could be
multiple, if for example you wanted to alias an address to multiple addresses.
(So watch out when using size_limit = 1).

> Also like to use use tls or ssl. It seems to fail every time I try.
> Do I have to have certs and keys? If so what form?

Yes, the minimum configs required are, for example:

version = 3
tls_ca_cert_file = /usr/share/ssl/certs/cacert.pem
tls_cert = /etc/postfix/certs/postfix_public_cert.pem
tls_key = /etc/postfix/certs/postfix_private_key.pem
start_tls=yes

Also, I think that you need to use "ldaps" instead of "ldap", as in:

server_host = ldaps://mstldap.advocap.org

--
Greg

10/03/2006, 16h30	#1
John McMonagle Messages: n/a Hébergeur:	ldap map questions? Doing local_recipient_maps with ldap. local_recipient_maps = $alias_maps, ldap:/etc/postfix/ldap-users.cf, hash:/etc/postfix/local-accounts /etc/postfix/ldap-users.cf is bind = no version = 3 timeout = 20 ## set the size_limit to 1 since we only ## want to find one email address match size_limit = 1 expansion_limit = 0 #tls_ca_cert_file = #tls_cert = #tls_key = start_tls = no tls_require_cert = no server_host = ldap://mstldap.advocap.org ldap://fonldap.advocap.org \ ldap://neeldap.advocap.org scope = sub search_base = ou=People,dc=advocap,dc=org query_filter = (uid=%u) result_attribute = uid This does work as is but want to make a couple changes and can not get them to work. Have mail attribute that has values like mail=bill@advocap.org Would like to just check the userid part of mail. Tried things like: query_filter = (mail=%u) result_attribute = mail As I don't really understand what the query_filter and result_attribute do it's been challenging ;-) Also like to use use tls or ssl. It seems to fail every time I try. Do I have to have certs and keys? If so what form? Thanks John

10/03/2006, 22h56	#2
Greg Hackney Messages: n/a Hébergeur:	Re: ldap map questions? > I don't really understand what the query_filter and result_attribute do Did you take a look at the output of "man 5 ldap_tables" ? It has some useful information about LDAP related configuration syntax. The query_filter creates the search string to be performed against the LDAP server. For example, mail=%u results in mail=bill, and mail=%s results in mail=bill@adocap.org. The result_attribute, is the name of an attribute in your LDAP database for who's value you want returned from the query. If you are just using LDAP to determine whether the address is for a valid local recipient, then the result_attribute isn't really used, and can be set to anything or nothing (""). When the LDAP query is used for some other purpose, such as virtual_mailbox_maps or virtual_alias_maps, then result attribute values are needed, and they could be multiple, if for example you wanted to alias an address to multiple addresses. (So watch out when using size_limit = 1). > Also like to use use tls or ssl. It seems to fail every time I try. > Do I have to have certs and keys? If so what form? Yes, the minimum configs required are, for example: version = 3 tls_ca_cert_file = /usr/share/ssl/certs/cacert.pem tls_cert = /etc/postfix/certs/postfix_public_cert.pem tls_key = /etc/postfix/certs/postfix_private_key.pem start_tls=yes Also, I think that you need to use "ldaps" instead of "ldap", as in: server_host = ldaps://mstldap.advocap.org -- Greg

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email