On Thu, Jun 09, 2011 at 06:19:30AM -0000, ross.sysadm wrote:
> I have problems with "expansion_limit".
>
> Postfix + Dovecot + AD + multiple email domains.
What Postfix feature is the table below supposed to support?
http://www.postfix.org/DEBUG_README.html#mail
> server_host = srv-ad.cn.energy
> search_base = dc=cn,dc=energy
> version = 3
> bind = yes
> bind_dn = ldapmail@cn.energy
> bind_pw = passwd
> chase_referrals = no
> query_filter =
> (&(objectCategory=person)(|(mail=%s)(proxyAddresses=%s))(!(userAccountControl=514)))
Remove the "proxyAddresses=%s" clause from the query, it is useless.
The values of "proxyAddresses" attribute in MSFT AD are not rfc822
addresses. Rather, these are "protocol:protocol-specific-address"
type:value strings. No l
> result_attribute = mail, proxyAddresses
Likewise, remove proxyAddresses from the result attribute list, its
data type is different from "mail", so you're returning "apples and
oranges".
> expansion_limit = 1
> result_format = %d/%u
Perhaps you're trying to build a virtual_mailbox_maps table, if so,
indeed you need exactly one result. All the more reason to return just
one attribute.
Temporarily comment out the "expansion_limit = 1" parameter, and repeat
the postmap query. If multiple values are returned you have multiple
objects in MSFT AD that satisfy the query, fix that, then go back to
using "expansion_limit = 1".
>
> postmap -v -q system@cn.energy ldap:/etc/postfix/ldap-users.cf
> postmap: dict_ldap_get_values[1]: Search found 1 match(es)
> postmap: warning: dict_ldap_get_values[1]: /etc/postfix/ldap-users.cf:
> Expansion limit exceeded for key: 'system@cn.energy'
> postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
> postmap: dict_ldap_lookup: Search returned
> oblr.cn.energy.gov.ua/simbios,cn.energy/system
>
> I not understand how resolve this situation.
> Please help me.
>
>
--
Viktor.
