Re: [Exim] LDAP and Exim

Top Page
Delete this message
Reply to this message
Author: Aly S.P Dharshi
Date:  
To: Douglas Gray Stephens
CC: exim-users
Subject: Re: [Exim] LDAP and Exim
Hello Douglas,

        Thank you very much for the help, you examples make it clear to
understand the way it works now, much thanks, if you are ever in Lethbridge,
Alberta, Canada, I owe you a drink !! Doesn't SLB have branch in Calgary anyway
?


    Cheers,


        Aly.



----- Original Message -----
From: "Douglas Gray Stephens" <DGrayStephens@???>
To: "Aly S.P Dharshi" <aly.dharshi@???>
Cc: <exim-users@???>
Sent: Sunday, December 02, 2001 8:03 AM
Subject: Re: [Exim] LDAP and Exim


>
>
> Aly,
>
> At 20:38 on 1-December-2001, Aly S.P Dharshi wrote:
> > Hi All,
> >
>  >         I hope that you are well, I am trying to use the Maildir format

with
> > ldap, we have a homeDirectory attribute in ldap at the moment to say
> > /home/aly.dharshi
> >
>  >     I want to contact the ldap server with a query to be returned to

replace the
> > line directory=/home/$local_part/Maildir with directory=<result from
> > ldap>/Maildir in the transport below:
> >
>  >     local_delivery:
>  >   driver = appendfile
>  > #  file = /var/mail/${local_part}
>  >   maildir_format = true
>  >   directory = /home/$local_part/Maildir
>  > #  directory =
>  >   directory_mode = 0700
>  >   delivery_date_add
>  >   envelope_to_add
>  >   return_path_add
>  > # group = mail
>  > # mode = 0660

> >
>  >     How would one go about doing that, the manual gives an example but I am

not
> > very clear about it, any help would be appreciated. Thanks in advance.
>
> I am not sure how you are relating your local address into your LDAP
> DIT.  There are two options:
>  1.  You are searching on an attribute (e.g.
>       mail=${local_part}@${domain}
>      or
>       username=${local_part}
>      )

>
>      Let's assume
>       o  Your ldap server's is running on port 389 on a machine called
>          myldapserver.mycom
>       o  The search root for your LDAP DIT is
>           ou=people,o=my com,c=us
>       o  you are matching the username
>       o  the user's directory is in an attribute called homeDirectory
>      so for this you should try
>       home_dir = ${lookup

ldap{ldap://myldapserver.mycom:389/ou=people,o=my%20com,c=us?homeDirectory?one?u
sername=${local_part}}{$value}fail}
>
>  2.  You are searching on an distinguished name (e.g.
>       dn=uid=dgraystephens,ou=people,o=my com,c=us
>      ) to obtain the record

>
>      Let's assume
>       o  Your ldap server's is running on port 389 on a machine called
>          myldapserver.mycom
>       o  The search root for your LDAP DIT is
>           ou=people,o=my com,c=us
>       o  The local part of the address is the uid=xxx in the DN
>       o  the user's directory is in an attribute called homeDirectory
>      so for this you should try
>       home_dir = ${lookup

ldap{ldap://myldapserver.mycom:389/uid=${local_part},ou=people,o=my%20com,c=us?h
omeDirectory?base?}{$value}fail}
>
> You can then substitute user-dir into the directory
> directory=$home_dir/Maildir
>
>
> There are other things that you should consider, e.g.
>  o  using the ldap_default_servers variable to define your ldap
>     servers, e.g.
>      ldap_default_servers = "\
>              myserver1.mycom::389  : \
>              myserver2.mycom::389  : \
>              myserver3.mycom::389"
>     so that should your first LDAP server be unavailable Exim will
>     automatically try the second server, etc..
>  o  what happens if there are two matches (e.g. you are searching on
>     something that is not unique. In this case you may want to use
>     ldapm rather than ldap for the lookups, and trap that situation.

>
> I hope this helps,
>
> Douglas.
>
> --
>
> ================================
> Douglas GRAY STEPHENS
> Global Infrastructure (Directories)
> Schlumberger Cambridge Research
> High Cross,
> Madingley Road,
> Cambridge.
> CB3 0EL
> ENGLAND
>
> Phone  +44 1223 325295
> Mobile +44 773 0051628
> Fax    +44 1223 311830
> Email DGrayStephens@???
> ================================

>
>