On (2003/10/16 16:09), Sheldon Hearn wrote:
> I'm using the following macro, because I reuse it in my
> ldap_localdelivery router:
>
> LDAP_MANAGER = user="cn=Manager,dc=clue,dc=bz" pass=secret
> LDAP_LOCAL_USER = \
> ${if \
> eq \
> {$local_part@$domain} \
> { \
> lookup{$local_part@$domain} \
> ldap{LDAP_MANAGER \
> ldap:///cn=$local_part@$domain,dc=clue,dc=bz?mail?base \
> } \
> } \
> {yes}{no} \
> }
Horribly flawed. I finally figured out that I needed ${lookup ...}, and
then found that the ldap lookup itself was broken. Here's what I ended
up with:
LDAP_MANAGER = user="cn=Manager,dc=clue,dc=bz" pass=secret
LDAP_LOOKUP_EMAIL = \
${lookup \
ldapm{ \
LDAP_MANAGER \
ldap:///ou=people,dc=clue,dc=bz?mail?sub?\
(cn=${quote_ldap:$local_part@$domain})\
} \
{$value} \
}
LDAP_LOCAL_USER = \
${if \
eq \
{$local_part@$domain} \
{LDAP_LOOKUP_EMAIL} \
{yes}{no} \
}
Then the check_rcpt ACL condition works:
accept condition = LDAP_LOCAL_USER
I insert the following router before all others:
ldapuser:
driver = accept
condition = LDAP_LOCAL_USER
transport = ldap_delivery
cannot_route_message = Unknown user
The ldap_delivery transport is simple enough, but hasn't yet been
extended to get the mailbox path from LDAP:
ldap_delivery:
driver = appendfile
maildir_format
check_string = ""
create_directory
current_directory = /var/mail
directory = /var/mail/$domain/$local_part
directory_mode = 0775
user = mailnull
group = mail
mode = 0660
delivery_date_add
envelope_to_add
return_path_add
no_mode_fail_narrower
Big up to Tony Earnshaw, whose past postings in the archives were
invaluable[1]. And my LDAP books[2] arrive tomorrow, so I hope not to
be bugging you all with too much of this any time soon. When I end up
with something I think others will find useful, I'll follow up.
Ciao,
Sheldon.
[1] The great thing about calling someone's contribution invaluable is
that it supports non-payment. ;-)
[2] LDAP System Administration
[ISBN: 1565924916]
Understanding and Deploying LDAP Directory Services (2nd Edition)
[ISBN: 0672323168]
