RE: [Exim] LDAP or DB ?

Top Page
Delete this message
Reply to this message
Author: Oliver Egginger
Date:  
To: exim-users
Subject: RE: [Exim] LDAP or DB ?
hello,

> I will compile it after friday an post it to the list.
> Then everyone have a clue to make up his mind.

I make it already today.
:)

I am over and over happy and amazed about the elementariness to
build up a LDAP-Server with OpenLDAP.
Look at the "slapd.conf" file example; thats the whole thing.

Its a only a simple LDAP-Server configuration,
but it will serve your exim well.

In the "dvz-group.ldif" file you will found a simple
example of a LDAP-structur for normal mailaccounts
and lists.

I post the "fh-giessen.de.schema" file (with self defined LDAP-attributes)
again.
Don't wonder at the attribute "othermailbox".
The "other" stands for "other than X.400".
Also I post the LDAP-relevant "exim.conf" stuff once again.
I keeped three relevant sections ("local_deliver", "userforward" and "localuser")
in it for a better understanding.

regards
Oliver



Note:
Could you please mail your LDAP-Questions to
openldap-software@???
instead of my private e-mail address?

Yes I am familiar with OpenLDAP but
I am no expert.
Subscribe the list above and you will meet some
adepts.
I' am on this list too.
:)

regards
Oliver




--
Oliver Egginger
FH Giessen-Friedberg
DV-Zentrum
Wiesenstrasse 14
35390 Giessen
Tel. +49 641 309-1283
Fax +49 641 309-2908
Mail: Oliver.Egginger@???
# some necessary LDAP-schemes
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/fh-giessen.de.schema

pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args

schemacheck on

# ldbm-Definitionen fuer fh-giessen.de
database ldbm
suffix "O=FH Giessen,C=DE"
directory /usr/local/var/openldap-ldbm

# Administrator-Access
rootdn "cn=root,O=FH Giessen,C=DE"
rootpw <plaintext password>

# index definitions
index uid,mail,memberOfGroup pres,eq
index cn,sn,givenname pres,eq,sub
index objectClass eq

#ldbm accesscontrol
access to *
    by dn="cn=root,O=FH Giessen,C=DE" write
    by * read

dn: o=FH Giessen,c=DE
telephonenumber: +44 641 309-1
objectclass: top
objectclass: organization
objectclass: quipuObject
objectclass: quipuNonLeafObject
streetaddress: Wiesenstrasse 14 35309 Giessen
o: FH Giessen
o: Fachhochschule Giessen

dn: ou=People, o=FH Giessen,c=DE
ou: People
objectclass: organizationalUnit
objectclass: top
objectclass: quipuObject
objectclass: quipuNonLeafObject

dn: ou=Groups, o=FH Giessen,c=DE
ou: Groups
objectclass: top
objectclass: organizationalUnit
objectclass: quipuObject
objectclass: quipuNonLeafObject

dn: ou=MNI, ou=People, o=FH Giessen,c=DE
ou: MNI
ou: People
objectclass: top
objectclass: organizationalUnit
objectclass: quipuObject
objectclass: quipuNonLeafObject
description: Fachbereich Mathematik Naturwissenschaften und Informatik

dn: cn=Oliver Egginger, ou=MNI, ou=People, O=FH Giessen,C=DE
objectClass: top
objectClass: pilotObject
objectClass: person
objectClass: newPilotPerson
objectClass: inetOrgPerson
objectClass: fhgi-Member
objectClass: GroupMember
userClass: Angestellt
givenName: Oliver
sn: Egginger
cn: Oliver Egginger
street: Wiesenstrasse 14
o: FH Giessen
ou: mni
ou: People
l: Giessen
uniqueIdentifier: 747588--hg6522
memberOfGroup: DV-Zentrum
memberOfGroup: DVZ
mail: oliver.egginger@???
mail: o.egginger@???
mail: egginger@???
otherMailbox: hg6522@???
uid: hg6522

dn: cn=Frodo Feinbein, ou=MNI, ou=People, O=FH Giessen,C=DE
objectClass: top
objectClass: pilotObject
objectClass: person
objectClass: newPilotPerson
objectClass: inetOrgPerson
objectClass: fhgi-Member
objectClass: GroupMember
userClass: FH Student
givenName: Frodo
sn: Feinbein
cn: Frodo Feinbein
street: Wiesenstrasse 14
o: FH Giessen
ou: mni
ou: People
l: Giessen
uniqueIdentifier: 112233--hg12345
memberOfGroup: DV-Zentrum
memberOfGroup: DVZ
mail: frodo.feinbein@???
mail: f.feinbein@???
mail: feinbein@???
otherMailbox: hg12345@???
uid: hg12345

dn: cn=DVZ, ou=Groups, O=FH Giessen,C=DE
objectClass: rfc822MailGroup
owner: dn=cn=Oliver Egginger,ou=mni,ou=People,o=FH Giessen,c=DE
rfc822ErrorsTo: oliver.egginger@???
rfc822RequestsTo: oliver.egginger@???
mail: dvz@???
joinable: FALSE
member: cn=Oliver Egginger,ou=mni,ou=People,o=FH Giessen,c=DE
member: cn=Frodo Feinbein,ou=mni,ou=People,o=FH Giessen,c=DE
cn: DVZ
# for the local delivery
local_delivery:
driver = appendfile
file = /var/spool/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
# mode = 0660


# ------- BEGINN OF LDAP-LIST PROCESSING -------

# list processing
# At first lists will be handled, then aliase will be resolved.
# (global mailaddress -> "othermailbox" (which is the real mailaddress; no aliase)).
# After this the address (if its local) have to be delivered to an local users
# (the user must exist).
# Lists are administered in LDAP.
# Membership of a group is strewn administered. LDAP-entrys of list members include
# a "memberOfGroup" attribut, which saves the name of the list.
# The "memberOfGroup" attribut type allowes multilple values.
# Lists as members of lists are not allowed.
# Lists are objects of the type "rfc822MailGroup".
# The name (cn) have to be unique.

# "preprocess_list" replaces the mail address by the list name
preprocess_list:
driver = aliasfile
search_type = ldap
query = "ldap://mailserv2.dvz.fh-giessen.de/o=FH%20Giessen,c=DE?cn?sub?(&(mail=$local_part@$domain)(objectclass=rfc822mailgroup))"
new_director = local_list

# "local_list" receives all the mailboxes of the users, which memberOfGroup attribut is set to the
# name of the group (the "cn" attribute is set in the section above).
# Exims "ldapm" search type can receive more than one entry, without generating an error.
local_list:
driver = aliasfile
search_type = ldapm
query = "ldap://mailserv2.dvz.fh-giessen.de/o=FH%20Giessen,c=DE?otherMailbox?sub?(memberOfGroup=$local_part)"
errors_to = ${lookup ldap {ldap://mailserv2.dvz.fh-giessen.de/o=FH%20Giessen,c=DE?errorsTo?sub?(&(cn=$local_part)(objectclass=rfc822mailgroup))} {$value} {postmaster}}
new_director = userforward

# ldap alias director; after this resolution af an alias a local_part
# is handed down to the "localuser" director (no multi level alias resolution).

# ------- END OF LDAP-LIST PROCESSING (jump to forwarding...) -------

# "ldap_lookup" is for normal LDAP entrys (normal users which are no lists)
ldap_lookup:
driver = aliasfile
search_type = ldap
query = "ldap://mailserv2.dvz.fh-giessen.de/o=FH%20Giessen,c=DE?otherMailbox?sub?(mail=$local_part@$domain)"
# new_director = localuser

# userforward
userforward:
driver = forwardfile
file = .forward
# no_verify
no_expn
check_ancestor
filter = true


# This director matches local user mailboxes.
localuser:
driver = localuser
transport = local_delivery