[Exim] ldap lookup -- multiple results

Top Page
Delete this message
Reply to this message
Author: Derrick 'dman' Hudson
Date:  
To: exim-users
Subject: [Exim] ldap lookup -- multiple results
--

I'm having some fun configuring exim (4.05) to pull all sorts of
routing and control information from an OpenLDAP server. (it's
working out quite well, actually)

I did run into a little snag, though. I want to set up some lists
where list membership is given as an attribute on the user's LDAP
entry. The compilation of all members can then easily be determined
by a LDAP search that filters on that attribute. This seems to be the
easiest way to keep list membership manageable for system admins. The
problem I ran into is this message from exim (wrapped for
readability):

    message: failed to expand
            "${lookup ldap {ldap://barak.itusa.org/ou=People,
            o=International Teams?uid?sub?
            (mailGroupLocalPart=${quote_ldap:$local_part}) } }":


        lookup of
            "ldap://barak.itusa.org/ou=People,o=International Teams?uid?sub?
            (mailGroupLocalPart=aitp) "


        gave DEFER: LDAP search: more than one entry (2) was returned
            (filter not specific enough?)


This is on a 'redirect' router. I didn't finish the expansion string
because I wasn't sure how to convert the multiple return entries into
a list of addresses. (one step at a time :-))

Is it unreasonable to want to perform a lookup like this? If not, can
this be a feature request?

In the meantime, I've created a script to do the query and then print
out a comma-separated list of the 'uid' values which is handled by a
${run expansion. The problem with the script is twofold -- 1) extra
overhead and 2) it's slow. (I don't know why #2 is)

-D

--

How to shoot yourself in the foot with Java:

You find that Microsoft and Sun have released incompatible class
libraries both implementing Gun objects. You then find that although
there are plenty of feet objects implemented in the past in many other
languages, you cannot get access to one. But seeing as Java is so cool,
you don't care and go around shooting anything else you can find.
    (written by Mark Hammond)


http://dman.ddts.net/~dman/

--
[ Content of type application/pgp-signature deleted ]
--