Re: [Exim] Using nis/ldap in a reliable fashion (i.e. withou…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Nico Erfurth
Datum:  
To: Marc MERLIN
CC: exim-users
Betreff: Re: [Exim] Using nis/ldap in a reliable fashion (i.e. without losing mail)
Marc MERLIN wrote:
>>Exim has nis-support built in (if you enable it).
>
>
> Ok, so do you have to rewrite
>
> localuser:
> driver = accept
> check_local_user
> transport = local_delivery
>
> and replace check_local_user with a condition string that does an explicit
> NIS lookup?

ACK!

> Something like:
> condition = nis;passwd

This would miss a key, the next one should be better
condition = ${lookup {$local_part} nis {passwd}{1}}
...I think, but i never used nis ;)

>>>if the ldap server was unreachable or the query otherwise failed with
>>>anything else than "query suceeded, no results" ?
>>
>>Yes it is, without tweaking exim would send a temp-reject if the
>>connection or the query to the LDAP-server fails, in the case of no
>>return-value it will do what you want ;)
>
>
> Cool.
> I'll have to look at the example config files, but I take it you also need
> to replace check_local_user and write an ldap query instead.

check_local_user uses getpwnam (or something similar), so it MUST be
replaced ;)
Your setup would be much like a virtual-user setup, but with real users.

> But if you do that, what about all my routers that do this:
> userforward:
> driver = redirect
> allow_filter
> check_ancestor
> check_local_user
> file = $home/.forward
> file_transport = address_file
>
> ($home gets defined by check_local_user)
> Do I need to do a separate ldap query and reconstruct home myself?


Replace $home with a lookup for the users homedir.

>>Partly this would be possible, the only problem i would see, is that you
>>can't set the home_directory reliable for filters (i had this problem
>>some months ago)
> Ah, ok, so we're on the same page then :-)
> I suppose I could do a nis query on the auto.home map

(i hope map is a NIS-Term, otherwise you should stop thinking in
postfix-terms ;) )
yes, think so, MAYBE it could be done with some fancy routers and the
usage of home_directory in them, i don't know ;)

<notetoself>
Stop thinking about creating such stuff....
</notetoself>

>>>What happens if the ldap server(s) is/are down? Will exim think that the
>>>query returned no results, or will it detect the failure and return a
>>>temporary failure or defer the Email if the email has already been
>>>accepted?
>>
>>it will detect the error and send a temp-reject
> Great.
>
>
>>>Does exim cache ldap queries like postfix does?
>>For query-style lookups, a single data cache per lookup type is kept.
>>The files are closed and the caches flushed at strategic points during
>>delivery - for example, after all routing is complete.
>
>
> Ah, I forgot about that one, thanks. I wonder if it caches the individual
> atoms of an ldap query (probably) or the whole query, and I'm not sure I
> understand how long the result is cached.

exim -d helps, it will tell you if it used a cached or a new result.

> If the queries happen in the child exim process, that would unfortunately
> mean that there would be little caching for a user query and that the user
> would be looked up for every single mail that comes in.

You can do neat things with address_data and extract.
By using address_data you can lookup (mostly) ALL data with one query
and reuse the data with extract.

BTW, do you have a mixed LDAP/NIS config?

ciao