Re: [Exim] LDAP search scope

On (2003/11/06 15:56), craig jackson wrote:

> I have a recipient verify local part that looks like this.....
> ${lookup ldap {user="cn=admin,dc=co,dc=com" \
> pass=PASS ldap:///cn=${quote_ldap:$local_part},\
> ou=${quote_ldap:$domain},dc=co,dc=com?cn?sub}} : \

Sub isn't appropriate, because it returns all entries in the hierarchy
below the matching entry.

You definitely want base for this.

> The base dn is....
> cn=username1,ou=domain,dc=co,dc=com
> The are DNs below the base dn like this......
> cn=group1,cn=username1,ou=domain,dc=co,dc=com
>
> This verify fails because more than one cn is returned.

I'd expect that.

> I have tried scope of one,base,sub. and ldapm but it always fails until
> I delete the sub dn.

What happens when you request base instead of sub? You say it fails,
but you don't say how.

> I'm fairly new to ldap and exim. Any ideas how this can work?

I'm fairly new to LDAP as well, so don't take what I say as gospel. I
do have the luxury of a couple of LDAP books on my desk, which is why I
answered.

My advice is to use ldapsearch (or similar) to test that you get the
results you expect on the command-line. Then try from within Exim.

Ciao,
Sheldon.