# [SOLVED] Problem with Postfix and OpenLDAP

## MasquedAvenger

Hey everyone.  I'm very confused about the setup I'm trying to make work and was wondering if someone could help me.  Here's my postfix config for dealing with LDAP (it's not very organized and is a bit clumsy due to the fact that I've been playing around with it trying to make things work):

```
#Virtual Domains and LDAP stuff

domains_server_host = ldaps://localhost:636

domains_server_port = 636

domains_versions = 3

domains_start_tls = yes

domains_search_base = ou=mail,dc=dev,dc=colannino,dc=org

domains_query_base  = (&(ou=%s))

domains_result_attribute = %s

domains_bind = no

domains_cache = yes

aliases_server_host = ldaps://localhost:636

aliases_server_port = 636

aliases_version = 3

aliases_start_tls = yes

aliases_search_base = ou=mail,dc=dev,dc=colannino,dc=org

aliases_query_base = (&(mail=%s)(objectClass=CourierMailAlias))

aliases_result_attribute = maildrop

aliases_bind = no

aliases_cache = yes

accounts_server_host = ldaps://localhost:636

accounts_server_port = 636

accounts_version = 3

accounts_start_tls = yes

accounts_search_base = ou=mail,dc=dev,dc=colannino,dc=org

accounts_query_filter = (&(mail=%s)(objectClass=CourierMailAccount))

accounts_result_attribute = mailbox

accounts_bind = no

accounts_cache = yes

virtual_mailbox_domains = ldap:domains

virtual_maps = ldap:alias

virtual_mailbox_base = /var/mail

virtual_mailbox_maps = ldap:accounts

virtual_minimum_uid  = 1002

virtual_uid_maps = static:1002

virtual_gid_maps = static:100
```

You'll notice that I specify more than once that it should use server_port 636, yet here's what I get in my logs:

```
Sep 24 23:42:01 dev postfix/trivial-rewrite[17588]: warning: dict_ldap_open: URL scheme ldaps requires protocol version 3

Sep 24 23:42:01 dev postfix/trivial-rewrite[17588]: warning: dict_ldap_open: domains ignoring cache

Sep 24 23:42:01 dev postfix/cleanup[17587]: warning: dict_ldap_connect: Unable to bind to server ldap://localhost:389 as : -1 (Can't contact LDAP server)

Sep 24 23:42:01 dev postfix/cleanup[17587]: warning: 49A9827C002: virtual_alias_maps map lookup problem for test@dev.colannino.org

Sep 24 23:42:01 dev postfix/pickup[17584]: warning: maildrop/75F4A284002: Error writing message file
```

You can see that it's trying regular ldap (not ldaps) and is trying port 389, even though I explicitly set it to 636.  I saw the message URL scheme ldaps requires protocol version 3, so I tried to explicitly set that as well.  It seems that everything I set in /etc/postfix/main.cf is ignored.  I even tried setting all server_host settings to something other than localhost, and yet it continues to query localhost.  I've restarted openldap and postfix multiple times and the same thing happens.  Does anyone have any ideas?  Thanks very much in advance.

Note: I did try running openldap as non-SSL also and I still had problems.

----------

## MasquedAvenger

I figured this out.  I was misunderstanding the documentation I was reading.  This is how the configuration should have been setup:

main.cf:

```
virtual_mailbox_domains = ldap:/etc/postfix/domains.cf

virtual_maps = ldap:/etc/postfix/aliases.cf

virtual_mailbox_base = /var/mail

virtual_mailbox_maps = ldap:/etc/postfix/mailboxes.cf

virtual_minimum_uid  = 1002

virtual_uid_maps = static:1002

virtual_gid_maps = static:100
```

Then, for each setting, use a separate file.  So for example, according to the config above, if I were to setup an LDAP lookup for the mailboxes I want to have, I would create a separate file with the lookup settings and point Postfix to it.  In the example above, I have that configuration in /etc/postfix/mailboxes.cf, so I would have in that file:

/etc/postfix/mailboxes.cf:

```
start_tls = yes

tls_require_cert = no

server_host = ldaps://localhost:636

server_port = 636

version = 3

search_base = ou=mail,dc=dev,dc=colannino,dc=org

query_filter = (&(mail=%s)(objectClass=CourierMailAccount))

result_attribute = mailbox

bind = no

cache = yes
```

The reason why it was ignoring my settings before was that I wasn't actually passing Postfix any variables that it understood, and so it just ignored them.  Now I have it working  :Smile:    I still haven't gotten LDAP working over SSL however, per the logs appended below, but I'll go ahead and get it working without SSL for now and worry about that later (when I actually start using the machine publicly.)  Notice from the logs below, however, that it's at least parsing my configuration now.  It's a start  :Smile: 

```
Sep 25 05:31:35 dev postfix/postfix-script: starting the Postfix mail system

Sep 25 05:31:35 dev postfix/master[1545]: daemon started -- version 2.1.5

Sep 25 05:31:35 dev postfix/cleanup[1553]: warning: dict_ldap_open: /etc/postfix/aliases.cf ignoring cache

Sep 25 05:31:35 dev postfix/pickup[1551]: D8AF327C002: uid=0 from=<root>

Sep 25 05:31:35 dev postfix/trivial-rewrite[1555]: warning: dict_ldap_open: /etc/postfix/aliases.cf ignoring cache

Sep 25 05:31:35 dev postfix/trivial-rewrite[1555]: warning: dict_ldap_open: /etc/postfix/domains.cf ignoring cache

Sep 25 05:31:35 dev postfix/cleanup[1553]: error: dict_ldap_connect: Unable to set STARTTLS: -1: Can't contact LDAP server
```

James

----------

