Results 1 to 2 of 2

Thread: [SOLVED] Postfix and front-end MTA with LDAP check

  1. #1
    Join Date
    Nov 2006
    Rep Power

    Default [SOLVED] Postfix and front-end MTA with LDAP check

    I am trying to get a front-end Postfix MTA to validate against the Zimbra LDAP but getting the following error
    Aug  2 12:04:40 gateway postfix/master[1310]: warning: /usr/libexec/postfix/trivial-rewrite: bad command startup -- throttling
    Aug  2 12:05:40 gateway postfix/proxymap[1718]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
    Aug  2 12:05:40 gateway postfix/trivial-rewrite[1717]: fatal: proxy:ldap:/etc/postfix/,lock|fold_fix): table lookup problem
    Aug  2 12:05:41 gateway postfix/smtpd[1316]: warning: premature end-of-input on private/rewrite socket while reading input attribute name
    I have copied /opt/zimbra/conf/ldap*.cf across to the server and have updated them to use the correct paths
    server_host = ldap://XXXXXXXXXXXX:389
    server_port = 389
    search_base =
    query_filter = (&(|(zimbraMailDeliveryAddress=%s)(zimbraMailAlias=%s)(zimbraMailCatchAllAddress=%s))(zimbraMailStatus=enabled))
    result_attribute = zimbraMailDeliveryAddress,zimbraMailForwardingAddress,zimbraPrefMailForwardingAddress,zimbraMailCatchAllForwardingAddress
    version = 3
    start_tls = yes
    tls_ca_cert_dir = /etc/postfix/ca
    bind = yes
    bind_dn = uid=zmpostfix,cn=appaccts,cn=zimbra
    bind_pw = XXXXXXXXX
    timeout = 30
    The certs have also been copied across from /opt/zimbra/conf/ca. If I perform a ldapsearch and specify the bind credentials plus the query filter it returns the correct results; so firewall is not a issue.

    Any ideas please

  2. #2
    Join Date
    Nov 2006
    Rep Power


    Duh! After strace'ing the proxmap process I found that I have failed to create the symlink to the cert

    Validation is now working a treat and have LMTP between the two server aswell
    Last edited by uxbod; 08-02-2009 at 03:36 AM.

Similar Threads

  1. Querying zimbra LDAP hidden accounts
    By inigoml in forum Administrators
    Replies: 1
    Last Post: 04-13-2009, 07:12 AM
  2. Replies: 7
    Last Post: 04-17-2008, 08:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts