OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Victor.Duchovni_at_morganstanley.com
Date: Thu Jan 02 2003 - 11:56:06 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Thu, 2 Jan 2003, Wietse Venema wrote:

    > Alex van den Bogaerdt:
    > > When querying LDAP postfix asks for "userdomain.tld" first and if
    > > this doesn't exist it tries "domain.tld" (for a default mailbox).
    > > Can this be disabled and if so: how? Couldn't find it in the docs,
    > > a pointer would be quite welcome.
    >
    > See LDAP_README, discussion of the domain parameter.
    >

    This still looks up "domain.tld" for the domains whose users one does
    want be found in LDAP. A long time ago I suggested that setting
    "ldapsource_domain" should disable lookups of domain only keys (both
    "domain anything" and "domain), since:

    - Setting "ldapsource_domain" is a performance optimization. So the
    administrator is looking to save on LDAP queries.

    - With the candidate domains enumerated outside of LDAP, it is reasonable
    to list their status as virtual alias domains or their catch-all mailboxes
    outside of LDAP also.

    This idea was rejected (probably justifiably), because the real solution
    would to implement appropriate map search flags accross all map types, and
    some people might want to narrow the domains and leave the catchall in
    LDAP despite the extra cost.

    So for now he is stuck with the extra lookup. I apply an unofficial patch
    to src/util/dict_ldap.c in my own Postfix builds. Anyone suitably
    motivated to squeeze out unnecessary LDAP queries can try this out, no
    warranty! This suppresses LDAP lookups against domains listed in
    ldapsource_domain (both "dom.ain" and "dom.ain" are not tried).

    Index: src/util/dict_ldap.c
    diff -u src/util/dict_ldap.c:1.1.1.12 src/util/dict_ldap.c:1.1.1.12.28.1
    --- src/util/dict_ldap.c:1.1.1.12 Thu Oct 17 14:35:54 2002
    +++ src/util/dict_ldap.c Sun Dec 22 23:08:24 2002
    -624,11 +624,8
         if (dict_ldap->domain) {
             const char *p = strrchr(name, '');

    - if (p != 0)
    - p = p + 1;
    - else
    - p = name;
    - if (match_list_match(dict_ldap->domain, p) == 0) {
    + if (p == 0 || p == name ||
    + match_list_match(dict_ldap->domain, ++p) == 0) {
                 if (msg_verbose)
                     msg_info("%s: domain of %s not found in domain list", myname,
                              name); 

    -- 
	Viktor.