Re: virtual_maibox_maps, ldap lookups, and multiple attributes

[ben thielsen]

On Feb 01, 2009, at 23.15, ben thielsen wrote:

hi-
i'm using an ldap lookup map for virtual_maibox_maps and haven't  
been able to get the lookup to work quite the way i'd like.  users  
exist in the ldap tree as  
uid=user,ou=people,ou=users,ou=accounts,dc=example,dc=com, and  
currently i'm using the mailLocalAddress attribute to store  
addresses which should be delivered to the filesystem, by virtual.   
users potentially have multiple addresses in their entry using this  
attribute, each of which should be delivered to a discrete mailbox -  
e.g.:

dn: uid=user,ou=people,ou=users,ou=accounts,dc=example,dc=com
mailLocalAddress: u...@foo.com  -  delivered to foo.com/user/Maildir/
mailLocalAddress: u...@bar.net  - delivered to bar.net/user/Maildir/
mailLocalAddress: u...@foobar.org       - delivered to foobar.org/u/Maildir/

this works well for entries that contain only a single  
mailLocalAddress attribute, but not so well when multiple attributes  
exist.  using %U and %D in the result_format value appeared to be a  
step in the right direction, but still returns more than one result,  
which suggested that there might be a more sensible approach.  i  
also experimented with expansion_limit and size_limit, neither of  
which appeared to change the outcome (aside from introducing  
failures).

at first glance, it seems to me that being able to use % expansions  
in the result_attribute might get me what i'm after (e.g.  
result_attribute = mailLocalAddress=%s or such), the idea being that  
only attributes that matched a particular value would be returned.   
since this isn't possible though, according to the ldap_table man  
page, i'm wondering how else i might achieve my goal, without  
requiring independent entries in ldap for each mailbox.

thanks
-ben

apologies-

i meant to include my lookup map, as it currently stands (horribly  
munged, out of unreasonable paranoia):

version = 3
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
server_host = ldaps://ldap.example.com
bind_dn = cn=postfix,ou=under,ou=services,ou=accounts,dc=example,dc=com
bind_pw = xxxxxxxxxxxxxx
search_base = ou=people,ou=users,ou=accounts,dc= example,dc= com
query_filter = (&(objectClass=inetLocalMailRecipient)(mailLocalAddress= 
%s)(memberOf=cn=mail_recipients,dc= 
%d,ou=domains,ou=mail,dc=example,dc=com))
result_attribute = mailLocalAddress
result_format = %D/%U/Maildir/

-ben