I feel I should also mention i do a user lookup later for the full address, which works fine.
Kyle A. King Quentus Technologies, INC Cell: 703-635-9512 Work: 253-218-6030 Fax: 206-462-1861 Email: kyle.k...@quentustech.com On 02/25/2012 10:00 PM, Viktor Dukhovni wrote: > On Sat, Feb 25, 2012 at 01:27:53PM -0800, Kyle King wrote: > >> I am using the ldap lookup for relay_domains, > The lookup keys for this table are domains, not email addresses. > >> relay_domains = ldap:/etc/postfix/ldap-domains.cf > Fine, this is used by trivial-rewrite(8) only, and so there is not > point in using proxymap(8) here as each trivial-rewrite already > handles multiple clients including the queue-manager, so the > indirection mostly would add latency. So indeed avoid "proxy:ldap" > here, or avoid LDAP entirely if you can keep the domain list > up-to-date in an indexed table. > >> ldap-domains.cf: >> server_host = localhost >> search_base = dc=example,dc=com >> scope = sub >> query_filter = (registeredAddress=%d) > This query filter is no good, there is never an @domain part in a > lookup key that is just the domain, so the query never happens. You > need: > > query_filter = registeredAddress=%s This query_filter does not return any value >> result_attribute = registeredAddress > Better to use a single-valued attribute as the result attribute. You can > then set: > > result_format = %S > using postmap -q <address with correct domain> ldap:/etc/postfix/ldap-domains.cf this result_format does not return anything > to just return the lookup key (in an access(5) map you could return > OK %S) if that's preferable to the randomly chosen single-valued attribute. > With relay_domains, the selected attribute is not important as the lookup > result is ignored, it just needs to be non-empty, but it is best to avoid > accumulating multiple values just to ignore them. A single result scales > better. > >> typical ldap entry: >> >> dn: o=company,dc=example,dc=com >> o: company >> objectClass: organization >> structuralObjectClass: organization >> entryUUID: <uuid> >> creatorsName: cn=admin,dc=example,dc=com >> createTimestamp: <timestamp> >> registeredAddress: example.com >> registeredAddress: mydomain.com > For example, "o" or "entryUUID". >
