Re: [Exim] LDAP and the localuser router

Top Page
Delete this message
Reply to this message
Author: Douglas Gray Stephens
Date:  
To: Rodney Arne Karlsen
CC: exim-users
Subject: Re: [Exim] LDAP and the localuser router

Rodney,

At 09:21 (GMT+0200) on 5-July-2002, Rodney Arne Karlsen wrote:
> Hi all
>
> Thanks for the responses. Below is the local user director I found at
> http://www.bastard.net/~kos/mailrouter/sample-configure Most of the
> file I have been able to "translate" though this one is bugging me.
>
> localuser:
> driver = aliasfile
> transport = bsd_delivery
> search_type = ldap
> query = "ldap:///uid=$local_part,dc=$domain,o=top?uid"
> #user = ${lookup ldap{ldap:///uid=${local_part},dc=${domain},o=top?uidNumber}{$value}fail}
> #group = ${lookup ldap{ldap:///uid=${local_part},dc=${domain},o=top?gidNumber}{$value}fail}
> user = mail
> group = mail
>
> I tryed converting it to
>
> localuser:
> driver = accept
> transport = maildir_delivery
> # search_type = ldap
> data = ${lookup ldap{ldap:///uid=$local_part,dc=$domain,o=top?uid}}
> #user = ${lookup
> ldap{ldap:///uid=${local_part},dc=${domain},o=top?uidNumber}{$value}fail}
> #group = ${lookup
> ldap{ldap:///uid=${local_part},dc=${domain},o=top?gidNumber}{$value}fail}
> user = mail
> group = mail


I'm slightly confused by both examples. You are trying to search LDAP
specifying the distinguished name
uid=${local_part},dc=${domain},o=top
and asking to return the UID. Given with LDAP that the relative
distinguished name must be one of the values, the UID is either known
(when a single valued attributed ast $local_part), or is multivalued,
so you may wish to use extract to get to the correct value (and in
LDAP the order of data in an attribute is not guaranteed, although in
practice it is maintained in the order in which it was saved).

I would run
exim -d+lookup -bt some-local-user@domain
to see what exim was doing for the LDAP lookups.

Also I'm not certain that you are setting the correct search root.
You may want to set a search root, and LDAP filter, e.g.

data = ${lookup ldap{ldap:///o=myorg,c=us?uid?sub?cn=${local_part}}}
could return the UID attribute for the ONE record under a search base
of o=myorg,c=us matching the LDAP filter cn=${local_part}.


Douglas.


>
> before I read the manual on the accept router.
>
> All my servers have been using the usual /var/spool/mail delivery system
> in the past so my atempt to adapt to use maildir may also be broken.
>
> Derrick, if you have time, I would love to take a look at your config. I
> am always wiling look at new ways of doing things to improve the
> workings of my systems.
>
> Thanks
>
> Rodney Arne Karlsen
>
>
> Philip Hazel wrote:
>
> >On Thu, 4 Jul 2002, Rodney Arne Karlsen wrote:
> >
> >
> >
> >>I notice that in the v3 configs you could use a query to verify that the
> >>user is local, but in v4 this does not seem posable.
> >>
> >>
> >
> >An LDAP query? That should be as possible in v4 as it was in v3.
> >
> >
> >
> >>Am I just not finding the right part of the manual or have we lost a
> >>feature in the transition from 3 to 4?
> >>
> >>
> >
> >I don't think so. If you post your v3 director, I'm sure somebody will
> >be able to turn it into a v4 router for you.
> >
> >
> >
> >
>
>
>
>
>
>
> ----------------------------------
> EMAIL DISCLAIMER:
> WARNING:
> Any unauthorised use or interception of this email is illegal. If this email
> is not intended for you, you may not copy, distribute nor disclose the contents
> to anyone. Save for bona fide company matters, Rigel Services cc t/a Compu-Doc
> and Compu-Doc On-Line does not accept any responsibility for the opinions
> expressed in this email.
>
> For further details please see:
> http://www.compudoc.co.za/emaildisclaimer.php
> ----------------------------------
>


--

================================
Douglas GRAY STEPHENS
Technical Architect (Directories)
Schlumberger Cambridge Research
High Cross,
Madingley Road,
Cambridge.
CB3 0EL
ENGLAND

Phone  +44 1223 325295
Mobile +44 773 0051628
Fax    +44 1223 311830
Email DGrayStephens@???
================================