Re: [Exim] LDAP and Exim

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MAly S.P Dharshi at <-
MAly S.P Dharshi at ->
Delete this message
Reply to this message
Author: Douglas Gray Stephens
Date:  
To: Aly S.P Dharshi
CC: exim-users
Subject: Re: [Exim] LDAP and Exim

Aly,

At 20:38 on 1-December-2001, Aly S.P Dharshi wrote:
> Hi All,
> 
 >         I hope that you are well, I am trying to use the Maildir format with
 > ldap, we have a homeDirectory attribute in ldap at the moment to say
 > /home/aly.dharshi

> 
 >     I want to contact the ldap server with a query to be returned to replace the
 > line directory=/home/$local_part/Maildir with directory=<result from
 > ldap>/Maildir in the transport below:

> 
 >     local_delivery:
 >   driver = appendfile
 > #  file = /var/mail/${local_part}
 >   maildir_format = true
 >   directory = /home/$local_part/Maildir
 > #  directory =
 >   directory_mode = 0700
 >   delivery_date_add
 >   envelope_to_add
 >   return_path_add
 > # group = mail
 > # mode = 0660

> 
 >     How would one go about doing that, the manual gives an example but I am not
 > very clear about it, any help would be appreciated. Thanks in advance.
 

I am not sure how you are relating your local address into your LDAP
DIT.  There are two options:
 1.  You are searching on an attribute (e.g.
      mail=${local_part}@${domain}
     or
      username=${local_part}
     )


     Let's assume
      o  Your ldap server's is running on port 389 on a machine called
         myldapserver.mycom
      o  The search root for your LDAP DIT is
          ou=people,o=my com,c=us
      o  you are matching the username
      o  the user's directory is in an attribute called homeDirectory
     so for this you should try
      home_dir = ${lookup ldap{ldap://myldapserver.mycom:389/ou=people,o=my%20com,c=us?homeDirectory?one?username=${local_part}}{$value}fail}


 2.  You are searching on an distinguished name (e.g.
      dn=uid=dgraystephens,ou=people,o=my com,c=us
     ) to obtain the record


     Let's assume
      o  Your ldap server's is running on port 389 on a machine called
         myldapserver.mycom
      o  The search root for your LDAP DIT is
          ou=people,o=my com,c=us
      o  The local part of the address is the uid=xxx in the DN
      o  the user's directory is in an attribute called homeDirectory
     so for this you should try
      home_dir = ${lookup ldap{ldap://myldapserver.mycom:389/uid=${local_part},ou=people,o=my%20com,c=us?homeDirectory?base?}{$value}fail}


You can then substitute user-dir into the directory
directory=$home_dir/Maildir 


There are other things that you should consider, e.g.
 o  using the ldap_default_servers variable to define your ldap
    servers, e.g. 
     ldap_default_servers = "\
             myserver1.mycom::389  : \
             myserver2.mycom::389  : \
             myserver3.mycom::389"
    so that should your first LDAP server be unavailable Exim will
    automatically try the second server, etc..
 o  what happens if there are two matches (e.g. you are searching on
    something that is not unique. In this case you may want to use
    ldapm rather than ldap for the lookups, and trap that situation.


I hope this helps,

Douglas.

-- 

================================
Douglas GRAY STEPHENS        
Global Infrastructure (Directories)
Schlumberger Cambridge Research
High Cross,
Madingley Road,
Cambridge.
CB3 0EL
ENGLAND


Phone  +44 1223 325295
Mobile +44 773 0051628
Fax    +44 1223 311830
Email DGrayStephens@???
================================




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] Problems with condition and lookup in 2 files[Exim] exim problem->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)