I am playing quite seriously with LDAP at the moment, and I have a
suggestion for an improvement - unless I have missed something, in which
case please point me in the right direction :-)
My issue is this. For the sake of efficiency in a very large environment, I
would like to use same LDAP query multiple times, and extract different bits
of information from the results each time. Exim already caches the query, so
that should ensure that only one search takes place.
In other words, I want to do a query like
ldap:///base?attr1,attr2,attr3?scope?filter
This returns "attr1=red, attr1=blue, attr2=fred, attr3=smith" (for example).
But each time I do the query, I want to extract a different attribute.
Now, I notice that the NIS+ support has a syntax "<query>:<field>" which can
extract a value in this way:
http://www.exim.org/exim-html-3.10/doc/html/spec_6.html#SEC149
and also the single-key version of ${lookup ...}. LDAP doesn't seem to
have a corresponding syntax, though.
There is of course the ${extract{fieldname}{data}} operator, however it
doesn't do what I want for several reasons:
(1) it expects spaces as separators, not comma-space.
(2) if there is a repeated attribute, it only returns the first one.
(3) I can't use this syntax where a query is explicitly required, e.g.
driver = aliasfile
search_type = ldap
query = ldap:///base?attr1,attr2,attr3?scope?filter
i.e. there is nowhere to put an expansion operator here, as the query
results are used immediately by the driver. (In this particular case I could
perhaps get round it using smartuser/new_address instead of aliasfile, if
the right extract operator were available)
Now, it would be possible to extend the syntax of ldap queries like NIS+,
but a more transparent solution would be to enhance the caching so that, for
example, when you do
ldap:///base?attr1,attr2,attr3?scope?filter
ldap:///base?attr1?scope?filter
the second query uses the cached results of the first. That would be really
nice, but maybe not too easy to implement. I've done a bit of testing, and
it seems that exim doesn't have this behaviour at the moment - two separate
queries are done.
Any comments or suggestions welcome.
One other point: I am using an LDAP search in local_domains, and the
knock-on effect of this is that every incoming HELO command triggers an LDAP
search on the HELO name of the remote system. Is there any way I can stop
this happening?
Thanks,
Brian Candler.