[CentOS] Postfix and LDAP

Tue Dec 15 19:36:54 UTC 2015
Alexander Dalloz <ad+lists at uni-x.org>

Am 14.12.2015 um 21:42 schrieb Ranbir:
> Hi Everyone,
> I thought I'd try asking here before joining the postfix mail list
> since I'm running postfix on a CentOS 7 box.
> I want to look up accounts via LDAP (an IPA server also on CentOS 7). I
> created an "ldap_aliases" file and successfully tested it with the
> postmap command: I can get the email address for an arbitrary user.
> But, when I add the very same file to main.cf, I don't see anything in
> the normal or debug logs for postfix that would indicate postfix is
> even trying to do a ldap lookup.

Can you please provide the "postmap -q ranbir at thesandhufamily.ca 
ldap:/etc/postfix/ldap_aliases" call output? I guess 
"ranbir at thesandhufamily.ca" (from log below) is the alias and not the 
result of the alias.

> Here are the relevant configs:
> # Virtual domains
> virtual_mailbox_base = /var/spool/mail
> virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox
> virtual_mailbox_domains = thesandhufamily.ca
> virtual_alias_maps = hash:/etc/postfix/virtual,
> hash:/etc/mailman/virtual-mailman, ldap:/etc/postfix/ldap_aliases

Plain main.cf excerpts are not useful to debug a failure situation. At 
least run yourself "postconf -n" to make sure that what you intend to 
configure is really set for Postfix. In case this thread goes on, paste 
it here.

What cannot be concluded from your config is how you achieve LMTP 
delivery. virtual_transport being used?

> NB: I believe I don't need to use ldap for virtual_mailbox_maps and virtual_mailbox_domains, but I could be wrong.

Correct, you can mix different map types.

> All I get is errors like this:
> Dec 14 09:53:35 mailman01 postfix/lmtp[31011]: A968CC2516D: to=<ranbir at thesandhufamily.ca>, relay=[]:24, delay=1.1, delays=0.78/0/0.01/0.27, dsn=5.1.1, status=bounced (host[] said: 550 5.1.1 <ranbir at thesandhufamily.ca> User doesn't exist: ranbir at thesandhufamily.ca (in reply to RCPT TO command))

Not your Postfix refuses the mail but the host on IP address 
does that on the LMTP listener. That system, the mail storage server 
does not know the mailbox "ranbir at thesandhufamily.ca". So, should 
"ranbir at thesandhufamily.ca" exist there or should that address have been 
translated by the virtual_alias_maps?

> Am I supposed to enable something else in postfix to make ldap work? What I've read about this seems to indicate I'm doing it correctly.

If the manual postmap lookup succeeds, then the map type is supported. 
You can query the possible map types with "postconf -m". Postfix on 
CentOS 7 is compiled agains LDAP, thus the ldap map type is supported.