--
On Thu, Jul 11, 2002 at 05:32:32PM +0000, Lars Nixdorf wrote:
| I use exim-3 and openldap-2.0.25. I want to put the aliases in
| ldapserver. For single addresses there is no problem.
|
| But how could I use exim to handle groups/mailing lists with ldap?
Depends on your schema.
| Could anybody help me, perhaps with some example code...
For the schema I choose, the LDAP objects look like these examples :
dn: uid=dman,ou=People
objectClass: posixAccount
objectClass: mailRecipient
uid: dman
mail: Derrick.Hudson@???
mailAlternateAddress: dman@???
mailGroupLocalPart: group1
mailGroupLocalPart: group2
dn: uid=user2,ou=People
objectClass: posixAccount
objectClass: mailRecipient
uid: user2
mail: user2@???
mailGroupLocalPart: group1
mailGroupLocalPart: group3
(note that I modified the mailRecipient object class to have the
mailGroupLocalPart attribute, but I don't have a proper OID for it)
The exim config for the group looks like this :
# mail groups/lists as specified in LDAP
ldap_list:
driver = redirect
domains = +local_domains
data = ${lookup ldapm {\
ldap://the.host.name.example/\
ou=People\
?uid?one?\
(& (objectClass=mailRecipient) \
(mailGroupLocalPart=${quote_ldap:$local_part}) ) \
} {$value} fail }
(uhh, actually this is a router for exim 4, you'll have to upgrade or
backport this to exim3 yourself)
I have local users checked before any of the other ldap stuff is
checked, since local users are in LDAP (using pam_ldap and nss_ldap)
and the mail: attribute is First.LastName@domain, which needs to be
redirected to uid@domain, and uid@domain is a mailAlternateAddress
(which needs to not be redirected in a loop to itself).
I haven't tested this one, but something like this should work for a
schema using the "rfc822MailGroup" object class proposed by some
expired IETF drafts[1]. However, with this I have assumed that the value
associated with the attribute is the user's local part, not their ldap
dn.
ldap_list:
driver = redirect
domains = +local_domains
data = ${lookup ldap {\
ldap://the.host.name.example/\
ou=${quote_ldap:$local_part},ou=MailGroups\
?mailGroupMember?one?\
(& (objectClass=rfc822MailGroup) \
} {$value} fail }
HTH,
-D
[1] all the ldap-mail drafts are expired, and there really aren't any
standards that I could find
PS. A few days ago someone asked about handling the case where each
mail group member was stored as the dn. I just thought of a
solution to that -- redirect to "dn@domain", and have another
router that treats $local_part as the dn and redirects to the
actual local user name. That would actually allow people to send
mail to "dn@domain" instead of "user@domain", but that shouldn't
be a problem, especially if they never know that.
Another solution might be to use ${extract} if the dn contains the
username in the right format (and then bypass an extra ldap query
since the textual manipulation would suffice).
--
Many are the plans in a man's heart,
but it is the Lord's purpose that prevails.
Proverbs 19:21
http://dman.ddts.net/~dman/
--
[ Content of type application/pgp-signature deleted ]
--