On Sun, Nov 05, 2023 at 12:13:17PM +, Matthias Nagel via Postfix-users
wrote:
> Viktor, you recommend to use proxymap in combination with LDAP,
Yes.
> especially if all LDAP lookups use the same connection.
Regardless of whether the connection settings are the same across all
tables. But
As Viktor mentions, best practice is to:
- Share the LDAP socket handle among the three tables that connect
to the same LDAP endpoint (i.e. delay the bind with bind=no in the
three *cf files).
- Open LDAP tables from outside the chroot, by configuring LDAP
tables as proxy:ldap:/path/to/file, and
Dear Viktor, dear Wietse,
Viktor, you recommend to use proxymap in combination with LDAP, especially if
all LDAP lookups use the same connection. Indeed, this is the case for my
setup. The LDAP server, the bind DN and bind passwd are the same. Only the
search base, the query filter and the
Viktor Dukhovni via Postfix-users:
> On Sat, Nov 04, 2023 at 09:48:32AM -0400, Wietse Venema via Postfix-users
> wrote:
>
> > To be precise: Postfix opens your LDAP configuration file and asks
> > the LDAP library to create an LDAP client instance, before entering
> > the chroot jail and before
On Sat, Nov 04, 2023 at 09:48:32AM -0400, Wietse Venema via Postfix-users wrote:
> To be precise: Postfix opens your LDAP configuration file and asks
> the LDAP library to create an LDAP client instance, before entering
> the chroot jail and before accepting any SMTP client commmands.
>
>
Matthias Nagel via Postfix-users:
> Hello all,
>
> I am using Postfix 3.8.1 on Ubuntu 23.10. Per distribution default,
> Postfix runs chrooted. I have setup LDAP lookups for most maps.
> OpenLDAP is only listening via UNIX socket on
> ldapi:///var/run/slapd/ldapi.
>
> For all but one LDAP lookup