The reason the query is setup like that is we have several internal domains and a user may have an alias for one or all of them depending on their employment history. Since it is working as expected, I'd rather leave it as is, unless you feel it may be a contributor to the issue I am seeing.
-----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Viktor Dukhovni Sent: Friday, February 10, 2017 1:38 PM To: Postfix users <postfix-users@postfix.org> Subject: Re: dict_ldap_lookup questions > On Feb 10, 2017, at 1:15 PM, Gomes, Rich <gomes-r...@aramark.com> wrote: > > domain = first.com, second.com, third.com, fourth.com, fifth.com, > sixth.com server_host = pool.internal.domain.com search_base = > dc=internal, dc=domain, dc=com version = 3 > > # Filter > query_filter = (&(objectclass=person)(proxyAddresses=smtp:%s)) > leaf_result_attribute = proxyAddresses The query filter looks fine. So query performance should fine, provided you use "proxy:ldap:..." instead of "ldap:..." some servers don't like having thousands of connections and using "proxy:" pools requests from multiple smtpd(8) servers over a single connection in proxyread(8). Separately, your result attribute is odd. I know of no Postfix table that expects multiple "smtp:<address>" address values. Also you're not using any "speciail_result_attribute" fiels, so "leaf_result_attribute" should just be "result_attribute". For object existence use: query_filter = (&(proxyAddresses=smtp:%s)(objectclass=person)) result_attribute = mail -- Viktor.