On Thu, Jun 09, 2011 at 06:19:30AM -0000, ross.sysadm wrote: > I have problems with "expansion_limit". > > Postfix + Dovecot + AD + multiple email domains.
What Postfix feature is the table below supposed to support? http://www.postfix.org/DEBUG_README.html#mail > server_host = srv-ad.cn.energy > search_base = dc=cn,dc=energy > version = 3 > bind = yes > bind_dn = ldapmail@cn.energy > bind_pw = passwd > chase_referrals = no > query_filter = > (&(objectCategory=person)(|(mail=%s)(proxyAddresses=%s))(!(userAccountControl=514))) Remove the "proxyAddresses=%s" clause from the query, it is useless. The values of "proxyAddresses" attribute in MSFT AD are not rfc822 addresses. Rather, these are "protocol:protocol-specific-address" type:value strings. No l > result_attribute = mail, proxyAddresses Likewise, remove proxyAddresses from the result attribute list, its data type is different from "mail", so you're returning "apples and oranges". > expansion_limit = 1 > result_format = %d/%u Perhaps you're trying to build a virtual_mailbox_maps table, if so, indeed you need exactly one result. All the more reason to return just one attribute. Temporarily comment out the "expansion_limit = 1" parameter, and repeat the postmap query. If multiple values are returned you have multiple objects in MSFT AD that satisfy the query, fix that, then go back to using "expansion_limit = 1". > > postmap -v -q system@cn.energy ldap:/etc/postfix/ldap-users.cf > postmap: dict_ldap_get_values[1]: Search found 1 match(es) > postmap: warning: dict_ldap_get_values[1]: /etc/postfix/ldap-users.cf: > Expansion limit exceeded for key: 'system@cn.energy' > postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values > postmap: dict_ldap_lookup: Search returned > oblr.cn.energy.gov.ua/simbios,cn.energy/system > > I not understand how resolve this situation. > Please help me. > > -- Viktor.