Author: Joseph Kezar Date: To: exim-users Subject: [Exim] LDAP Efficiency
Can someone better versed in Exim's configuration help me determine if this is the most efficient way to process LDAP aliases.
____(Director)________________________________________________
internal_ldap_aliases:
driver = aliasfile
search_type = ldapm
query = ldap://ldap.doc.state.vt.us/ \
ou=People,o=Vermont Department of Corrections,c=US?mail?sub? \
(memberOfGroup=${lookup ldapdn {ldap://ldap.doc.state.vt.us/ou=Groups,o=Vermont Department of Corrections,c=US??sub?(cn=${local_part})}})
file_transport = address_file
pipe_transport = address_pipe
____________________________________________________________
Whats happening is due to our prexisting x.500(LDAP) mess we are forced to use this convention.
We have groups like:
____(LDAP Group Object)___________________________________
dn: cn=MIS Staff,ou=Groups,o=Vermont Department of Corrections,c=US
objectClass top?
objectClass rfc822MailGroup
cn mis
__________________________________________________________
now for the users:
____(LDAP User Object)____________________________________
dn: uid=jkezar + cn=Joseph Kezar,ou=Central Office,ou=Groups,o=Vermont Department of Corrections,c=US
objectClass: top
objectClass: person
memberOfGroup: cn=MIS Staff,ou=Groups,o=Vermont Department of Corrections,c=US
mail: jkezar@???
__________________________________________________________
1) So when we receive an email for "mis@???" the configuration search for cn=mis and returns the DN.
2) Then it searches the People for the attribute memberOfGroup="That DN"
When I watch the -d9 logs it seems like there is a heck of alot of recurrsion. Am I right?