Re: [Exim] EXIM LDAP Virtual Users & Distribution Lists

Top Page
Delete this message
Reply to this message
Author: Stephen Gran
Date:  
To: exim-users
Subject: Re: [Exim] EXIM LDAP Virtual Users & Distribution Lists
On Sun, May 16, 2004 at 10:12:46AM +0100, Lee W said:
> Hi Everyone,
>
> First of all I better say that I have only just started using exim so am still
> finding my feet (please be gentle :->)
>
> I am trying to setup a completely virtual mail server (users with no shell
> accounts) that users will access though LDAP and a couple of things I am having
> trouble figuring out.
>
> Firstly, one of the things I wish to do is keep the users mail & files (accessed
> via SAMBA) seperate. So I need to specify two paths in the accounts, the
> posixAccount LDAP type has an attribute for homeDirectory, but I have been
> unable to find an equivilent mailDirectory attribute anywhere. Would it be
> possible to use the attribute 'otherMailbox' to represent something like
> 'EXIMDIR:/var/mail/vusers/user1' which is the users maildir on the server or can
> someone suggest another way of doing it?


I'm asssuming you just want to do something like:

ldap_virtual_mail_spool:
debug_print = "T: ldap_appendfile for $local_part@$domain"
driver = appendfile
file = /var/mail/vusers/$domain/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
mode_fail_narrower = false

For your transport. You don't need any kind of lookup for that. If you
want to specify an otherMailbox, you could query it first, and then fall
through to the above, but I think it sounds like you only want to do the
above. I also believe (although I could be wrong) that mailMessageStore
is the attribute that you're looking for - it's part of the objectClass
mailUser. That also gives you access to the attribute mailQuota, which
could be helpful. Here is a link to the schema implementing these
things:
http://www.bastard.net/~kos/mailrouter/mailrouter.schema

> Secondly (and this is the bit I really cannot get my head round), is there a
> good way of storing distribution lists in LDAP so that the email address for the
> list only has to be updated in one place, or does every user have to have the
> list address as part of the account properties? I though that I may be able to
> setup a transport that deals on with distribution lists and therefore be able to
> find the name of the list by the address and then do a second query to determine
> who are the members of that lists. Sorry that I unable to provide an example of
> the LDAP query as I still trying to figure it out but here is roughly what I
> think could be done:-
>
>     Mail comes in addressed to all-users@???
>     EXIM performs LDAP query for mail:
> all-users@???,objectclass=InetOrgPerson
>     If no entry is found it passes though to the LISTS router which checks for
> the same address but with
>        objectclass=InetDistributionList
>     If entry is found then another query is run that finds multiple users that
> have attribute listMember: distListName (from the
>        previous query).
>     If no entries our found message bounces or possibly is simply discarded.

>
> I have made up a few LDAP objects in there as I was unable to find any for
> handling lists.
>
> Thanks in advance for any advice anyone can offer or to tell me that I am going
> about this completely the wrong way.


Why not use regular mailing list software? :)

That being said, you want to do the equivalent of storing an
/etc/aliases type expansion in LDAP with many possible lookups. You
want the objectClass mailAlias for this, I think (again, I could be
wrong) For this, you do a lookup for mailAlias=all-users, and check the
data stored in the mailAliasedName attribute - there can be multiple
entries of this attribute for the kind of thing you're looking for.

I am not sure that fully answers your questions, but that's as far as I
can get without my quotient of caffeine :)

HTH,
--
--------------------------------------------------------------------------
|  Stephen Gran                  | The universe is ruled by letting things |
|  steve@???             | take their course.  It cannot be ruled  |
|  http://www.lobefin.net/~steve | by interfering.   -- Chinese proverb    |

--------------------------------------------------------------------------