On Sat, Nov 04, 2023 at 09:48:32AM -0400, Wietse Venema via Postfix-users wrote:
> To be precise: Postfix opens your LDAP configuration file and asks > the LDAP library to create an LDAP client instance, before entering > the chroot jail and before accepting any SMTP client commmands. > > HOWEVER, Postfix does not connect to LDAP sockets before entering > the chroot jail and before accepting any SMTP client commmands. The > LDAP library decides when it wants to do that. IIRC there we were once upon a time requeting immediate connections to LDAP, but that was not ideal: - It complicated connection sharing across multiple tables with the same underlying backend server, that differ only in the query deails. - It also (when chrooted) meant automatic reconnect on error to an alternative server, ... would not necessarily work. - ... IIRC, the is in principle a way to perform an early, rather than delayed LDAP bind, but the OP should instead use: proxy:ldap:... with "proxyread" not chrooted. This further improves connection sharing and is a best practice. -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org