Craig Jackson wrote:
> Exim 4.22, openldap
>
> I'd like to check user once rather in each router. Where is the best
> place place to do this?
An LDAP "map" consists of a key looked up and a result returned, 2
dimensions - like a telephone directory. you have to give a key (can
consist of several parameters - like a name, initials, street address
etc in a directory) and have to have the lookup return a single or
compound (comma-separated) result.
Don't even *try* to mix conditions into your router lookups, since if a
router lookup fails, the lookup simply passes by default to the next
router (this behavior can be negated in any router:) You're just making
things impossible for yourself. Most routers simply "fall through to the
next, some don't.
Here is a router for local users from my own server. It comes in the
router section. What you want returned in this router is the local
part's uid. You use an objectclass and an attribute to look this up.
Doesn't matter that it repeats 'uid', it works ;) I use ldaps on port
636 for encrypted traffic (Exim doesn't do starttls on port 389)
localuser:
driver = accept
cannot_route_message = Unknown user
local_parts = ${lookup ldapm \
{user="cn=admin,dc=billy,dc=demon,dc=nl" pass=adminpassword \
ldaps://localhost/\
dc=billy,dc=demon,dc=nl?uid?sub?\
(&(objectClass=posixAccount)(uid=$local_part))\
}\
{$local_part} fail }
transport = local_delivery
The ldif would be a normal Posix account ldif.
Here is a router for system aliases. Where it comes in the routers
doesn't much matter What you're wanting to return is the
mailroutingaddress by feeding it inetLocalMailRecipient and
mailLocalAddress. It you want to have different "real" users
(mailroutingaddress) for different aliases, set up other "maps" (means
both in LDAP and Exim):
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup ldapm \
{user="cn=admin,dc=billy,dc=demon,dc=nl" pass=adminpassword \
ldaps://localhost/\
ou=groups,dc=billy,dc=demon,dc=nl?mailRoutingAddress?sub?\
(&(objectClass=inetLocalMailRecipient)(mailLocalAddress=${quote_ldap:$local_part}))\
}\
{$value} fail }
file_transport = address_file
pipe_transport = address_pipe
The ldif for, for example, root, ftp and postmaster looks like:
dn: cn=sysaliases,ou=mailaliases,ou=groups,dc=billy,dc=demon,dc=nl
objectClass: top
objectClass: person
objectClass: inetLocalMailRecipient
sn: sysaliases
cn: sysaliases
mailRoutingAddress: tonye@???
mailLocalAddress: root
mailLocalAddress: ftp
mailLocalAddress: postmaster
<- etc. -->
--Tonni
--
Tony Earnshaw
Once the camel's head has entered your tent,
it's very difficult to stop the rest of the
animal from following it
http://www.billy.demon.nl
Mail: billy-at-billy.demon.nl
