14 May 20:50
Re: substitution variables in ldap query_filter
From: Victor Duchovni <Victor.Duchovni <at> morganstanley.com>
Subject: Re: substitution variables in ldap query_filter
Newsgroups: gmane.mail.postfix.user
Date: 2008-05-14 18:50:19 GMT
Subject: Re: substitution variables in ldap query_filter
Newsgroups: gmane.mail.postfix.user
Date: 2008-05-14 18:50:19 GMT
On Wed, May 14, 2008 at 01:45:07PM -0500, John Heim wrote: > > ----- Original Message ----- > From: "Victor Duchovni" <Victor.Duchovni <at> morganstanley.com> > Cc: <postfix-users <at> postfix.org> > Sent: Wednesday, May 14, 2008 11:06 AM > >You can do *non-wildcard* canonical rewriting, and this won't break > >recipient validation. > > > >domain = legacy.example.com > >query_filter = mail=%u <at> current.example.com > >result_attribute = mail > > > I'm a bit confused. These are ldap parameters, right? So I'd change main.cf > from: > > canonical_maps = regexp:/etc/postfix/canonical > > to > > canonical_maps = ldap:/etc/postfix/canonical > Yes. > So postfix would do an ldap lookup to rewrite the headers. But then would > it do a second ldap lookup to validate the recipient? Rewriting happens after access control. Your wildcard canonical mapping was suppressing the validation lookup in virtual_alias_maps (relay_recipient_maps, ...). This additional lookup will now take place. LDAP (replica dedicated for mail) should not be a noticeable bottleneck. Don't over-optimize the LDAP lookups. -- -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:majordomo <at> postfix.org?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.
RSS Feed