I'm still hitting my head on the wall triying to make nested LDAP queries
work (in AD).
Some examples:
Having a group name, getting the group DN:
> ${lookup ldap
> {user=${quote_ldap:CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it}
> pass="nontelado"
> ldap:///${quote_ldap:OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it}?distinguishedName?sub?(&(objectClass=group)(mail=s...@fvg.lnf.it))}}
CN=sir,,OU=Users,,OU=FVG,,DC=ad,,DC=fvg,,DC=lnf,,DC=it
> ${sg {${lookup ldap
> {user=${quote_ldap:CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it}
> pass="nontelado"
> ldap:///${quote_ldap:OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it}?distinguishedName?sub?(&(objectClass=group)(mail=s...@fvg.lnf.it))}}}
> {,,} {,}}
CN=sir,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
But if i try to query users with that result:
> ${lookup ldapm
> {user=${quote_ldap:CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it}
> pass="nontelado"
> ldap:///${quote_ldap:OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it}??uid?sub?(&(objectClass=user)(memberOf=${sg
> {${lookup ldap
> {user=${quote_ldap:CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it}
> pass="nontelado"
> ldap:///${quote_ldap:OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it}?distinguishedName?sub?(&(objectClass=group)(mail=s...@fvg.lnf.it))}}}
> {,,} {,}}))}}
Failed: lookup of
"user=CN%3Dmta%2COU%3DRestricted%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit
pass="nontelado"
ldap:///OU%3DFVG%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit??uid?sub?(&(objectClass=user)(memberOf=CN=sir,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it))"
gave DEFER: ldap_url_parse: (error 8) parsing
"ldap:///OU%3DFVG%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit??uid?sub?(&(objectClass=user)(memberOf=CN=sir,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it))"
Ok, i supposed was a quote trouble:
> ${quote_ldap:${sg {${lookup ldap
> {user=${quote_ldap:CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it}
> pass="nontelado"
> ldap:///${quote_ldap:OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it}?distinguishedName?sub?(&(objectClass=group)(mail=s...@fvg.lnf.it))}}}
> {,,} {,}}}
CN%3Dsir%2COU%3DUsers%2COU%3DFVG%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit
> ${lookup ldapm
> {user=${quote_ldap:CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it}
> pass="nontelado"
> ldap:///${quote_ldap:OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it}??uid?sub?(&(objectClass=user)(memberOf=${quote_ldap:${sg
> {${lookup ldap
> {user=${quote_ldap:CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it}
> pass="nontelado"
> ldap:///${quote_ldap:OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it}?distinguishedName?sub?(&(objectClass=group)(mail=s...@fvg.lnf.it))}}}
> {,,} {,}}}))}}
Failed: lookup of
"user=CN%3Dmta%2COU%3DRestricted%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit
pass="nontelado"
ldap:///OU%3DFVG%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit??uid?sub?(&(objectClass=user)(memberOf=CN%3Dsir%2COU%3DUsers%2COU%3DFVG%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit))"
gave DEFER: ldap_url_parse: (error 8) parsing
"ldap:///OU%3DFVG%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit??uid?sub?(&(objectClass=user)(memberOf=CN%3Dsir%2COU%3DUsers%2COU%3DFVG%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit))"
Narrowing the troubles lead me to the fact that seems that query with DN
does not work:
> ${lookup ldapm
> {user=${quote_ldap:CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it}
> pass="nontelado"
> ldap:///${quote_ldap:OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it}??uid?sub?(&(objectClass=user)(memberOf="CN=sir,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it"))}}
Failed: lookup of
"user=CN%3Dmta%2COU%3DRestricted%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit
pass="nontelado"
ldap:///OU%3DFVG%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit??uid?sub?(&(objectClass=user)(memberOf="CN=sir,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it"))"
gave DEFER: ldap_url_parse: (error 8) parsing
"ldap:///OU%3DFVG%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit??uid?sub?(&(objectClass=user)(memberOf="CN=sir,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it"))"
> ${lookup ldapm
> {user=${quote_ldap:CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it}
> pass="nontelado"
> ldap:///${quote_ldap:OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it}??uid?sub?(&(objectClass=user)(memberOf=${quote_ldap:CN=sir,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it}))}}
Failed: lookup of
"user=CN%3Dmta%2COU%3DRestricted%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit
pass="nontelado"
ldap:///OU%3DFVG%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit??uid?sub?(&(objectClass=user)(memberOf=CN%3Dsir%2COU%3DUsers%2COU%3DFVG%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit))"
gave DEFER: ldap_url_parse: (error 8) parsing
"ldap:///OU%3DFVG%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit??uid?sub?(&(objectClass=user)(memberOf=CN%3Dsir%2COU%3DUsers%2COU%3DFVG%2CDC%3Dad%2CDC%3Dfvg%2CDC%3Dlnf%2CDC%3Dit))"
But doing an LDAP query by other means, eg ldapsearch:
root@vdmsv1:/etc/exim4# ldapsearch -x -LLL -D
CN=mta,OU=Restricted,DC=ad,DC=fvg,DC=lnf,DC=it -w "nontelado" -H
ldaps://vdcsv1.ad.fvg.lnf.it -b OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
"(&(objectClass=user)(memberOf=CN=sir,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it))"
uid
dn: CN=amaronese,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
uid: amaronese
dn: CN=gaio,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
uid: gaio
work as expected. What i'm missing?!
Thanks.
--
E quindi vado avanti e non mi svesto,
dei panni che son solito portare (F. Guccini)
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
