Postfix using LDAP lookup works for virtual_mailbox_maps, but fails for virtual_mailbox_domains

I'm setting up a Postfix/Dovecot/LDAP server on Debian Squeeze with all virtual mailboxes (as opposed to aliases). I've successfully setup Dovecot, and have Postfix correctly looking to ldap for virtual_mailbox_maps, but once I connect up virtual_mailbox_domains, I get these errors and no delivery:

Jun  5 15:52:51 extranet postfix/smtpd[2090]: warning: problem talking to service rewrite: Success
Jun  5 15:52:51 extranet postfix/master[1432]: warning: process /usr/lib/postfix/trivial-rewrite pid 2219 killed by signal 6
Jun  5 15:52:51 extranet postfix/master[1432]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling

Here's postconf -d mail_version:

# postconf -d mail_version
mail_version = 2.7.1

Here's postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
allow_untrusted_routing = yes
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 24h
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
debug_peer_level = 2
debug_peer_list = 124.149.148.61
delay_warning_time = 4h
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_size_limit = 0
maximal_queue_lifetime = 24h
mydestination = mail.example.com, extranet.example.com, localhost
myhostname = mail.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = $mydestination
relayhost = 
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
    permit_mynetworks, reject_unauth_destination,
    check_recipient_access hash:/etc/postfix/access,
    reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access,
    reject_non_fqdn_hostname, reject_invalid_hostname, check_helo_access hash:/etc/postfix/helo_access,
    reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit
smtpd_sasl_auth_enable = no
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/mail.example.com.2013.chain.pem
smtpd_tls_key_file = /etc/ssl/private/exampl.2013.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = no
virtual_mailbox_domains = ldap:/etc/postfix/ldap_virtual_domains.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap_virtual_maps.cf
virtual_transport = dovecot

/etc/postfix/ldap_virtual_maps.cf:

server_host = ldaps://mail.example.com/
search_base = ou=People,dc=example,dc=com
version = 3
bind_dn = uid=mail,ou=Services,dc=example,dc=com
bind_pw = *************
query_filter = (&(objectclass=inetOrgPerson)(mail=%s))
result_attribute = mail

And here is /etc/postfix/ldap_virtual_domains.cf:

server_host = ldaps://mail.example.com/
search_base = ou=Domains,dc=example,dc=com
version = 3
bind_dn = uid=mail,ou=Services,dc=example,dc=com
bind_pw = ************
query_filter = associatedDomain=%s
result_attribute = associatedDomain

If I run a manual check using postmap, I get a response:

# postmap -q example.com ldap:/etc/postfix/ldap_virtual_domains.cf
example.com

Manual ldapsearches work fine too. I'm using the same credentials for the successful virtual_mailbox_maps, which is working, so I'm quite perplexed.

P.S. The ldap lookup for virtual_mailbox_maps was also not working. The dovecot virtual_transport was working. For some reason, that was overlooked, so no LDAP queries were working from postfix, but they were working for postmap.