著者: Sheldon Hearn 日付: To: craig jackson CC: exim-users 題目: Re: [Exim] LDAP search scope
On (2003/11/06 15:56), craig jackson wrote:
> I have a recipient verify local part that looks like this.....
> ${lookup ldap {user="cn=admin,dc=co,dc=com" \
> pass=PASS ldap:///cn=${quote_ldap:$local_part},\
> ou=${quote_ldap:$domain},dc=co,dc=com?cn?sub}} : \
Sub isn't appropriate, because it returns all entries in the hierarchy
below the matching entry.
You definitely want base for this.
> The base dn is....
> cn=username1,ou=domain,dc=co,dc=com
> The are DNs below the base dn like this......
> cn=group1,cn=username1,ou=domain,dc=co,dc=com
>
> This verify fails because more than one cn is returned.
I'd expect that.
> I have tried scope of one,base,sub. and ldapm but it always fails until
> I delete the sub dn.
What happens when you request base instead of sub? You say it fails,
but you don't say how.
> I'm fairly new to ldap and exim. Any ideas how this can work?
I'm fairly new to LDAP as well, so don't take what I say as gospel. I
do have the luxury of a couple of LDAP books on my desk, which is why I
answered.
My advice is to use ldapsearch (or similar) to test that you get the
results you expect on the command-line. Then try from within Exim.