Re: [exim] Using Exim with LDAP

Mon, 04 Apr 2016 06:49:54 -0700 

Hi,

Luca Bertoncello <[email protected]> (So 03 Apr 2016 19:18:32 CEST):
> If I search with ldapsearch:
> 
> ldapsearch -x -h dc1.cch.intra -D "CN=system,CN=Users,DC=cch,DC=intra" -W -b
> "cn=users,dc=cch,dc=intra" -s sub
> "(&(objectClass=user)(!(isCriticalSystemObject=TRUE))(mail=*))" sAMAccountName

Ok, but for a router you probably do not want to get the full list of
users.

> I get the full list of the users on the system, that have an E-Mail.
> Well, now I have to use this query in Exim, so I wrote:
> 
> hide ldap_default_servers = <; dc1.cch.intra:3268
> LDAP_AD_BINDDN = "CN=system,CN=Users,DC=cch,DC=intra"
> LDAP_AD_PASS = "myVerySecret"
> LDAP_AD_BASE_DN = "CN=Users,DC=cch,DC=intra"
> LDAP_AD_MAIL_RCPT = \
>   user=LDAP_AD_BINDDN \
>   pass=LDAP_AD_PASS \
>   ldap:///LDAP_AD_BASE_DN\
>   ?sAMAccountName?sub?\
>   (&\
>     (objectClass=user)\
>     (!(isCriticalSystemObject=TRUE))\
>     (mail=*)\
>   )
> 
> and then in the router:
> 
> localWrite_gw:
>   driver = redirect
>   allow_filter
>   domains = +local_domains
>   user = EXIM_UID
>   group = EXIM_GID
>   data = ${lookup ldap {LDAP_AD_MAIL_RCPT} {# EXIM Filter\n\nsave 
> /var/spool/mail/$value/Maildir}fail}
                    ~~~~ 

The "ldap" query expects a *single* object's attributes as a result. But
you're looking for all(!) your users: mail=*.

If you expect multiple objects in your answer, you need an ldapm lookup.
(But I think, you don't need it here).

Modify the filter of your ldap query to

    … (mail=${quote_ldap:$local_part@$domain})


(And as Jeremy pointed out, why not 

    data = ${lookup ldap{…}{/var/spool/mail/$value/Maildir}fail}

No need for the filter.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

Attachment: signature.asc
Description: Digital signature

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to