Re: [Exim] LDAP with mailgroups

Top Page
Delete this message
Reply to this message
Author: Oliver Egginger
Date:  
To: exim-users
Subject: Re: [Exim] LDAP with mailgroups
you wrote:
> ...
> But how can I implement mailgroups in the LDAP Database, so that they can be
> resolved by Exim into the group-included users?
> ..


Ok here is our complete LDAP-exim configuration:
(sorry for the german comments)

-----------------------------------------------------------------------------> SNIP
# Listenverarbeitung
# Zuerst werden Listen verarbeitet, dann Aliase (Globale -> reale Mailadr)
# aufgeloest. Dann muss die Adresse (wenn sie lokal ist) direkt an einen
# lokalen User zustellbar sein. Listen werden in ldap verwaltet. Listen
# als listenmitglieder sind nicht erlaubt. Listen sind Objekte vom Typ
# rfc822MailGroup. Der Name (cn) einer Liste muss eindeutig sein
#
# preprocess list ersetzt die mailadresse durch den Listen-Namen
preprocess_list:
driver = aliasfile
search_type = ldap
query = "ldap://mailserv2.dvz.fh-giessen.de/o=FH%20Giessen,c=DE?cn?sub?(&(mail=$local_part@$domain)(objectclass=rfc822mailgroup))"
new_director = local_list

local_list:
driver = aliasfile
search_type = ldapm
query = "ldap://mailserv2.dvz.fh-giessen.de/o=FH%20Giessen,c=DE?otherMailbox?sub?(memberOfGroup=$local_part)"
errors_to = ${lookup ldap {ldap://primary.fh-giessen.de/o=FH%20Giessen,c=DE?errorsTo?sub?(&(cn=$local_part)(objectclass=rfc822mailgroup))} {$value} {postmaster}}
new_director = userforward

# ldap alias director; nach diesem Aufloesen eines Aliases wird ein lokaler
# Name ein in den Director localuser eingefuettert (keine mehrstufige alias
# Aufloesung). Listenmitgliedschaft wird gestreut gespeichert. Listenmitglieder
# haben ein memberOfGroup Feld mit dem Namen der Liste.
#

# Lokale Benutzer werden in der LDAP-Datenbank nachgeschlagen
ldap_lookup:
driver = aliasfile
search_type = ldap
query = "ldap://mailserv2.dvz.fh-giessen.de/o=FH%20Giessen,c=DE?otherMailbox?sub?(mail=$local_part@$domain)"
# new_director = localuser


Nachricht vom Mittwoch 06 Juni 2001 11:40:
> Dear List,
>
> we are using Exim with a LDAP Server. The Alias Function works very well.
>
> But how can I implement mailgroups in the LDAP Database, so that they can
> be resolved by Exim into the group-included users?
>
> Thank you very much,
> Volker Trox
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##

-----------------------------------------------------------------------------> SNIP

You have to define "memberOfGroup" in the LDAP-Schema files
if you are using LDAP-schema-checking.
And "rfc822MailGroup" and so on you need too.

Here is a LDAP-Schema definition file.
I test it under openldap 2.07.
It will not work with Openldap 1.xxxx

-----------------------------------------------------------------------------> SNIP
attributetype ( 1.3.6.1.4.1.8232.2.1.1 NAME 'memberOfGroup' SUP cn )

attributetype ( 1.3.6.1.4.1.8232.2.1.2 NAME 'moderator' SUP distinguishedName )

attributetype ( 1.3.6.1.4.1.8232.2.1.3 NAME 'joinable'
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} SINGLE-VALUE )

    
attributetype ( 1.3.6.1.4.1.8232.2.1.4 NAME 'rfc822RequestsTo' SUP mail )

attributetype ( 1.3.6.1.4.1.8232.2.1.5 NAME 'rfc822ErrorsTo' SUP mail )

objectclass ( 1.3.6.1.4.1.8232.2.2.1 NAME 'GroupMember' SUP top STRUCTURAL
    MUST ( cn )
    MAY ( memberOfGroup ) )

    
objectclass ( 1.3.6.1.4.1.8232.2.2.2 NAME 'rfc822MailGroup' SUP top STRUCTURAL
    MUST ( owner $ cn )
    MAY ( associatedDomain $ joinable $ mail $ member $ memberofGroup $ 
    moderator $ rfc822RequestsTo $ rfc822ErrorsTo  ) )


objectclass ( 1.3.6.1.4.1.8232.2.2.3 NAME 'fhgi-Member' SUP top STRUCTURAL
    MAY ( givenName $ memberOfGroup) )

    
objectclass ( 1.3.6.1.4.1.8232.2.2.4 NAME 'fhgi-Person' SUP top STRUCTURAL
    MAY ( cn $ uid $ uniqueIdentifier $ mail $ otherMailbox $ memberOfGroup $ uid) )
-----------------------------------------------------------------------------> SNIP


maybe it helps you...

Oliver


--
Oliver Egginger
FH Giessen-Friedberg
DV-Zentrum
Wiesenstrasse 14
35390 Giessen
Tel. +49 641 309-1283
Fax +49 641 309-2908
Mail: Oliver.Egginger@???