Re: [Exim] Exim4+LDAP help please (Long )

Top Page
Delete this message
Reply to this message
Author: Barry Pederson
Date:  
To: Detelin Batchovski, exim-users
Subject: Re: [Exim] Exim4+LDAP help please (Long )
Detelin Batchovski wrote:

> Hello Exim-users,
> I need some help with LDAP and Exim4 mail delivery.And I realy can't
> understand what missing.


Being the day after thanksgiving, it's awful quiet around here so I've been
thinking about this some more.

Firstly, the way you're using the 'mail' attribute in LDAP isn't quite right,
I think normally you'd have a full e-mail address like 'test@???'
instead of just 'test'. So it should look more like:


dn: uid=test,dc=test,dc=com
givenName: test
mail: test@???
uid: test
sn: Knowles
cn: Alan Knowles
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: posixAccount
objectClass: CourierMailAccount
uidNumber: 2000
gidNumber: 2000
homeDirectory: test
userPassword: {crypt}/COxQ7y/a3frs

That way if you setup mail clients like Mozilla/Outlook/Eudora with Directory
Services to query your LDAP server, they'll find what they're looking for in
that 'mail' attribute.

Then I think what you'd want to do is setup an exim router something like
this (not tested, but based on what you provided mixed with how I've been
doing my LDAP setup):

ldap_user:
     driver = accept
     domains = test.com
     condition = ${lookup ldap {user="cn=admin,dc=test,dc=com" pass=admin \


ldap://localhost:389/dc=test,dc=com?mail?sub?(&(objectClass=CourierMailAccount)(uid=${local_part}))}
\
         {1}{0}}
     transport = local_delivery



Basically, for addresses @test.com it checks to see if there's an LDAP entry
tagged as a CourierMailAccount where the uid matches the local_part of the
address, and if so, schedule it for local_delivery. Also used 'ldap' instead
of 'ldapm' since you probably don't want multiple results there.

The local_part transport you had wouldn't have to change, although I don't
use courier so can't say if it was right or not.

The 'mail' attribute really doesn't come into it in the example above -
you're just looking for the 'uid' to match the part of the address before the
'@' You could get fancier though if you were hosting multiple domains, and
maybe would lookup based on the 'mail' in the LDAP query, and then in your
transport do another LDAP lookup to find the uid to use in the directory name.

    Barry