* Pavel Dimow <paveldi...@gmail.com>: > Hello, > > > I know that this is maybe question for more LDAP oriented users, but I hope > someone here can help me. I have a postfix with one "primary" domain and > dozen virtual domains. The problem is that users from primary domain use only > their username (without domain part) for SASL authentication and all > other users > (from virtual domains) are using usern...@somedomain as username. > Now my DIT is organized something like > > ou=people,o=somedomain.com,dc=acmecorp > ou=people,o=virtualdomain.com,dc=acmecorp > > > The question is how can I perform a search for a "primary" domain when I don't > have a domain part? Is there anyway that I can "append" a default domain when > %d is empty or I can make some sophisticated filter_search?
You can create a search filter that only searches for the localpart. But what if you have identical localparts in your local and your virtual domains and your search finds the localpart in "ou=people,o=virtualdomain.com,dc=acmecorp" first (first match wins)? You would have to create two separate searches and evaluate the local one first. It is probably better and more failsafe configuring Postfix to append a domain value if a client didn't send one like this: smtpd_sasl_local_domain = somedomain.com This way any search will only take place in "ou=people,o=somedomain.com,dc=acmecorp". This puts the burden to provide FQDN usernames to virtual users, but they should already know and nad have configured their systems apropriately. p...@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
