LDAP postfix "User doesn't exist"

Question

I have a postfix server, which forwards all the emails to a dovecot server via LMTP. The usersname/groups are kept in a 389-Directory Server (LDAP)

In /etc/postfix/transport I have a few lines like (one per each domain that I host):

mydomain.com                   lmtp:inet:[192.168.50.223]:10025

In /etc/postfix/main.cf I have:

relay_recipient_maps = proxy:ldap:/etc/postfix/ldap-users-389.cf
...
virtual_alias_maps = ldap:/etc/postfix/ldap-groups-389.cf
...
transport_maps = hash:/etc/postfix/transport

In /etc/postfix/ldap-users-389.cf:

server_host = ds
search_base = ou=people,dc=adomaine,dc=tld
version = 3
query_filter = (&(objectClass=nsPerson)(|(mail=%s)(mailAlternateAddress=%s)))
result_attribute = mail
#result_filter = OK
bind = yes
bind_dn = cn=Directory Manager
bind_pw = XXXXXXXXXX

In /etc/postfix/ldap-groups-389.cf:

server_host = ds
search_base = ou=groups,dc=adomain,dc=tld
version = 3
query_filter = (&(objectClass=mailgroup)(|(mail=%s)(mail=%d)))
leaf_result_attribute = mail
special_result_attribute = uniqueMember
bind = yes
bind_dn = cn=Directory Manager
bind_pw = XXXXXXXX

I setup a "people" in LDAP:

dn=cn=myname,ou=people,dc=yellowgnu,dc=net

with the following attributes:

objectClass top
objectClass nsPerson
objectClass nsAccount
objectClass nsOrgPerson
objectClass posixAccount
objectClass mailrecipient
cn  myname
mail    myname@adomain.tld
mailAlternateAddress    myname@seconddomain.tld

The error that I see in /var/log/maillog of the postfix server is:

May  7 18:33:54 mx postfix/lmtp[16088]: D29FE60E5173: to=<myname@seconddomain.tld>, relay=192.168.50.223[192.168.50.223]:10025, delay=39, delays=33/0.01/0.01/5.9, dsn=5.1.1, status=bounced (host 192.168.50.223[192.168.50.223] said: 550 5.1.1 <myname@seconddomain.tld> User doesn't exist: myname@seconddomain.tld (in reply to RCPT TO command))

Even in the logs of LDAP I see something like:

[07/May/2023:18:33:34.962281900 +0300] conn=235 op=21 SRCH base="ou=people,dc=adomain,dc=tld" scope=2 filter="(&(objectClass=nsPerson)(|(mail=myname@seconddomain.tld)(mailAlternateAddress=
myname@seconddomain.tld)))" attrs="mail"
[07/May/2023:18:33:36.665394512 +0300] conn=235 op=21 ENTRY dn="cn=myname,ou=people,dc=adomaine,dc=tld"
[07/May/2023:18:33:36.866690132 +0300] conn=235 op=21 RESULT err=0 tag=101 nentries=1 wtime=1.014704138 optime=1.951879611 etime=2.966580180

and, when I ran on the postfix server the following command it results in the actual email address where I expect email to be delivered:

# postmap -q myname@seconddomain.tld ldap:/etc/postfix/ldap-users-389.cf
myname@adomain.tld

Thanks !

your dc= samples are just copypaste mistakes and ldap in reality has just one such nsPerson instance, right? (see [this](https://meta.serverfault.com/questions/963/what-information-should-i-include-or-obfuscate-in-my-posts/6063#6063) for some guidance on consistent obfuscation) — anx, May 08 '23 at 20:46

LDAP postfix "User doesn't exist"

0 Answers0