OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Alex van den Bogaerdt (alex_at_ergens.op.het.net)
Date: Thu Jan 02 2003 - 15:39:16 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Thu, Jan 02, 2003 at 12:56:06PM -0500, Victor.Duchovnimorganstanley.com wrote:
    > On Thu, 2 Jan 2003, Wietse Venema wrote:
    >
    > > Alex van den Bogaerdt:
    > > > When querying LDAP postfix asks for "userdomain.tld" first and if
    > > > this doesn't exist it tries "domain.tld" (for a default mailbox).
    > > > Can this be disabled and if so: how? Couldn't find it in the docs,
    > > > a pointer would be quite welcome.
    > >
    > > See LDAP_README, discussion of the domain parameter.
    > >
    >
    > This still looks up "domain.tld" for the domains whose users one does
    > want be found in LDAP. A long time ago I suggested that setting

    Bingo. This is what I tried to explain.

    > "ldapsource_domain" should disable lookups of domain only keys (both
    > "domain anything" and "domain), since:
    >
    > - Setting "ldapsource_domain" is a performance optimization. So the
    > administrator is looking to save on LDAP queries.
    >
    > - With the candidate domains enumerated outside of LDAP, it is reasonable
    > to list their status as virtual alias domains or their catch-all mailboxes
    > outside of LDAP also.

    And one additional problem: The catch all is now in the hands of
    another admin. I can of course ask to have this entry removed from
    LDAP however it is just a matter of waiting until some other exchange
    admin screws up again. They just don't (want to) understand why such
    an "innocent entry that isn't a real email address" can mess something
    up somewhere different from their scope.

    > This idea was rejected (probably justifiably), because the real solution
    > would to implement appropriate map search flags accross all map types, and
    > some people might want to narrow the domains and leave the catchall in
    > LDAP despite the extra cost.

    Apart from editing the source: Is there another hack possible?
    If possible I don't want to build and maintain postfix from a
    modified source.

    Can something be done on the exchange side perhaps?

    TIA 

    -- 
Much of what looks like rudeness in hacker circles is not intended to give
offence. Rather, it's the product of the direct, cut-through-the-bullshit
communications style that is natural to people who are more concerned about
solving problems than making others feel warm and fuzzy.

    http://www.tuxedo.org/~esr/faqs/smart-questions.html