* Pavel Dimow <paveldi...@gmail.com>: > if postfix append the "primary" domain value then it's quite ok with me, I > guess it's not a performance penalty for postfix?
I have never measured and I believe it is not worth doing so. The performance penalty should be negligible. > I can then use auth_default_realm in dovecot and problem should be solved. All roads lead to Rome. ;) p...@rick > > On Sat, Jul 24, 2010 at 2:38 PM, Patrick Ben Koetter <p...@state-of-mind.de> > wrote: > > * Pavel Dimow <paveldi...@gmail.com>: > >> Hello, > >> > >> > >> I know that this is maybe question for more LDAP oriented users, but I hope > >> someone here can help me. I have a postfix with one "primary" domain and > >> dozen virtual domains. The problem is that users from primary domain use > >> only > >> their username (without domain part) for SASL authentication and all > >> other users > >> (from virtual domains) are using usern...@somedomain as username. > >> Now my DIT is organized something like > >> > >> ou=people,o=somedomain.com,dc=acmecorp > >> ou=people,o=virtualdomain.com,dc=acmecorp > >> > >> > >> The question is how can I perform a search for a "primary" domain when I > >> don't > >> have a domain part? Is there anyway that I can "append" a default domain > >> when > >> %d is empty or I can make some sophisticated filter_search? > > > > You can create a search filter that only searches for the localpart. But > > what > > if you have identical localparts in your local and your virtual domains and > > your search finds the localpart in > > "ou=people,o=virtualdomain.com,dc=acmecorp" first (first match wins)? You > > would have to create two separate searches and evaluate the local one first. > > > > It is probably better and more failsafe configuring Postfix to append a > > domain > > value if a client didn't send one like this: > > > > smtpd_sasl_local_domain = somedomain.com > > > > This way any search will only take place in > > "ou=people,o=somedomain.com,dc=acmecorp". This puts the burden to provide > > FQDN > > usernames to virtual users, but they should already know and nad have > > configured their systems apropriately. > > > > p...@rick > > > > -- > > All technical questions asked privately will be automatically answered on > > the > > list and archived for public access unless privacy is explicitely required > > and > > justified. > > > > saslfinger (debugging SMTP AUTH): > > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> > > -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
