Hi Thomas,
> I have a ldap-directory with valid users, and I only want to accept
> users in this directory.
>
> ldapsearch -h ldapsrv -b "ou=DE,o=tirili" -x mail="my.user@???" mail
>
> returns
>
> dn: CN=My User,OU=DE,O=tirili
> mail: my.user@???
>
> I thought about a ACL like this
>
> acl_check_rcpt:
>
> deny message = User Unknown
> condition = ${lookup ldap query = ?????????}
>
> But how is the correct syntax for the ldap query ?
>
> Or do you have better Ideas for my accept-only-users-in-ldap-directory ?
>
> Thanks for any help in advance.
begin routers
check_ldapuser:
driver = accept
verify_only
no_more
address_data = ${lookup ldap {ldap:///ou=DE,o=tirili?dn?one?(mail=${quote_ldap:$local_part}@$domain)} {$value}fail}
cannot_route_message = Unknown recipient <${quote:$local_part}@$domain>
and verify = sender in an check_rcpt acl.
(Sorry, untested).
The advantage is that you can run this *after* alias expansion.
