# Problem with Postfix and LDAP...

## ckoeber

I am having problems setting up Postfix with LDAP.

I have a valid OpenLDAP database with users that I would like to have mailboxes. 

The problem is that I get this error when I send mail to all users besides the root/postmaster/etc. mailboxes:

------------------------------------------------------------------------------------------------------------------------------------

```
#< #5.1.1 X-Postfix; unknown user: "username"> #SMTP#
```

------------------------------------------------------------------------------------------------------------------------------------

Eash user entry looks like the following:

------------------------------------------------------------------------------------------------------------------------------------

```
dn: cn=[[Username]],ou=Students,dc=wesleyseminary,dc=edu

uid: [[Username]]

displayName: Full Name of Person

givenName: First Name

objectClass: top

objectClass: person

objectClass: inetOrgPerson

objectClass: organizationalPerson

objectClass: mailUser

employeeNumber: Internal Person ID

sn: Last Name

cn: [[Username]]

userPassword: User Password

mail: [[Username]]@students.wesleyseminary.edu

maildrop: /home/studentemail/students.wesleyseminary.edu/[[Username]]
```

------------------------------------------------------------------------------------------------------------------------------------

My "main.cf" file looks like this:

------------------------------------------------------------------------------------------------------------------------------------

```
alias_maps = hash:/etc/mail/aliases, ldap:/etc/postfix/ldap-aliases.cf

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/lib64/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

default_destination_concurrency_limit = 20

home_mailbox = .Maildir/

html_directory = /usr/share/doc/postfix-2.6.6/html

inet_interfaces = all

local_destination_concurrency_limit = 2

local_recipient_maps = proxy:unix:passwd.byname $alias_maps

local_transport = virtual

mail_owner = postfix

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

mydestination =

mydomain = wts-zimbra.wesleysem.edu

myhostname = wts-zimbra.wesleysem.edu

mynetworks_style = subnet

newaliases_path = /usr/bin/newaliases

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.6.6/readme

sample_directory = /etc/postfix

sendmail_path = /usr/sbin/sendmail

setgid_group = postdrop

smtp_tls_note_starttls_offer = yes

smtp_use_tls = yes

smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

smtpd_recipient_restrictions = permit_sasl_authenticated,  permit_mynetworks,  reject_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

smtpd_tls_CAfile = /etc/postfix/cacert.pem

smtpd_tls_cert_file = /etc/postfix/newcert.pem

smtpd_tls_key_file = /etc/postfix/newkey.pem

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

smtpd_use_tls = yes

tls_random_source = dev:/dev/urandom

unknown_local_recipient_reject_code = 550

virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf

virtual_gid_maps = static:$studentemail-gid

virtual_mailbox_base = /home/studentemail/

virtual_mailbox_domains = /etc/postfix/virtual_domains.cf

virtual_mailbox_maps = ldap:/etc/postfix/ldap-maps.cf

virtual_minimum_uid = 1000

virtual_uid_maps = static:$studentemail-uid
```

------------------------------------------------------------------------------------------------------------------------------------

The "studentemail" account exists and the home directory for that account exists.

Now, here is my ldap-alias.cf file:

------------------------------------------------------------------------------------------------------------------------------------

```
server_host = current server host

search_base = ou=Students,dc=wesleyseminary,dc=edu

version=3

timeout = 10

size_limit = 1

bind = yes

bind_dn = correct bind dn

bind_pw = password

query_filter = (mail=%s)

result_attribute = cn
```

------------------------------------------------------------------------------------------------------------------------------------

And my ldap-map.cf file:

------------------------------------------------------------------------------------------------------------------------------------

```
server_host = current server host

search_base = ou=Students,dc=wesleyseminary,dc=edu

version=3

timeout = 10

size_limit = 1

bind = yes

bind_dn = correct bind dn

bind_pw = password

query_filter = (mail=%s)

result_attribute = maildrop
```

------------------------------------------------------------------------------------------------------------------------------------

What do I need to fix or change to get this working?

As a side question, do the directories need to exist for the users first? Or does Postfix create those directories for me?

Thank you for your time.

Regards,

Christopher Koeber

----------

## nativemad

 *Quote:*   

> virtual_mailbox_domains = /etc/postfix/virtual_domains.cf 

 

After a first look at it, i think that is your problem... i don't know what you have in that config file!?

It should be a list of domainnames with their transport (either in ldap or any other possible backend...)

Hope that helps a bit...

----------

## M

I think that if you had show_user_unknown_table_name = yes error would be unknown user in local recipient maps

my postfix is configured like this

local_recipient_maps = unix:passwd.byname, hash:/etc/postfix/aliases, ldap:/etc/postfix/ldap_local_recipients.cf

ldap_local_recipients.cf:

```
server_host = ldap.local.server

search_base = ou=People,dc=example,dc=com

query_filter = (&(objectClass=posixAccount)(uid=%u))

result_attribute = uid

version = 3

scope = one
```

but I never configured postfix for virtual domains... and I see you have $alias_maps at local_recipient_maps line so this should work I think, you have anything else in log messages? ldap errors or something...

also, I have configured nss_ldap, getent passwd at my server returns unix AND ldap users, I prefer to have it like this but you don't need that for postfix to work. For auto create home directories I use pam_mkhomedir.

edit: you will also need homeDirectory attribute in schema

----------

## Princess Nell

A useful debugging tool is postmap. You can use it to verify that map lookups return what they're supposed to. E.g.

```

postmap -q username ldap:/etc/postfix/ldap-aliases.cf

```

----------

