Re: [exim] Delivering virtual mail as a real user

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jason Lixfeld
Date:  
À: exim-users
Sujet: Re: [exim] Delivering virtual mail as a real user
Ya, I'm not getting very far here :)

I'm assuming that in the virtual_aliases router, this query:

hide data = ${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca" pass=mykey
ldap:///cn=$local_part,o=$domain,cn=hosting,dc=ebit,dc=ca?
mailLocalAddress?}}

will fill the $value variable with the contents of mailLocalAddress
attribute, namely as per the ldif below "testuser.discord.ca". $value
then would be passed to the virtualuser router which will pass it to
the virtual_delivery transport. The transport has this line to try and
expand the gid to run the delivery as:

hide user = ${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca" pass=mykey
ldap:///uid=$local_part,ou=users,dc=ebit,dc=ca?gid?}}

when I used this query, I get the following errors in the debug. It
would appear that $local_part is being expanded correctly from the
virtual_alias router, but it looks like the search is failing when it
gets punted to the virtual_delivery transport but I can't figure out
why. I can run the same query on the ldap server itself and the
results are fine, so I'm at a loss as to why it works in some places,
but not others.

Any ideas? I'm dying over here! :)

40984 --------> testuser.discord.ca@??? <--------
40984 locking /var/spool/exim/db/retry.lockfile
40984 locked /var/spool/exim/db/retry.lockfile
40984 opened hints database /var/spool/exim/db/retry: flags=0
40984 dbfn_read: key=T:testuser.discord.ca@???
40984 retry record exists: age=1444 (max=604800)
40984 time to retry = -2156 expired = 0
40984 search_open: ldap "NULL"
40984 search_find: file="NULL"
40984 key="user="cn=joeuser,dc=ebit,dc=ca" pass=mykey
ldap:///uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca?gid?" partial=-1
affix=NULL starflags=0
40984 LRU list:
40984 internal_search_find: file="NULL"
40984 type=ldap key="user="cn=joeuser,dc=ebit,dc=ca" pass=mykey
ldap:///uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca?gid?"
40984 database lookup required for user="cn=joeuser,dc=ebit,dc=ca"
pass=mykey ldap:///uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca?gid?
40984 LDAP parameters: user=cn=Manager,dc=ebit,dc=ca pass=secret size=0
time=0 connect=-1 dereference=0
40984 perform_ldap_search: ldap URL =
"ldap:///uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca?gid?"
server=127.0.0.1 port=0 sizelimit=0 timelimit=0 tcplimit=-1
40984 after ldap_url_parse: host=127.0.0.1 port=0
40984 ldap_initialize with URL ldap://127.0.0.1:389/
40984 initialized for LDAP (v3) server 127.0.0.1:389
40984 LDAP_OPT_X_TLS_TRY set
40984 binding with user=cn=Manager,dc=ebit,dc=ca password=secret
40984 Start search
40984 ldap_result loop
40984 LDAP entry loop
40984 search ended by ldap_result yielding 101
40984 ldap_parse_result yielded 0: Success
40984 LDAP search: found no attributes
40984 lookup failed
40984 LOG: MAIN PANIC
40984 Failed to find group "" from expanded string "${lookup ldap
{user="cn=joeuser,dc=ebit,dc=ca" pass=mykey
ldap:///uid=$local_part,ou=users,dc=ebit,dc=ca?gid?}}" for the
virtual_delivery transport
40984 virtual_delivery transport returned DEFER for
testuser.discord.ca@???
40984 added retry item for T:testuser.discord.ca@???:
errno=-28 0 flags=0
40984 post-process testuser.discord.ca@??? (1)
40984 LOG: MAIN
40984 == testuser.discord.ca@??? <testalias@???>
R=virtualuser T=virtual_delivery defer (-28): Failed to find group ""
from expanded string "${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca"
pass=mykey ldap:///uid=$local_part,ou=users,dc=ebit,dc=ca?gid?}}" for
the virtual_delivery transport

ldapsearch:

su-2.05b# ldapsearch -D "cn=joeuser,dc=ebit,dc=ca" -w mykey -b
uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca "(uid=*)"
# extended LDIF
#
# LDAPv3
# base <uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca> with scope sub
# filter: (uid=*)
# requesting: ALL
#

# testuser.discord.ca, users, ebit.ca
dn: uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca
cn: testuser.discord.ca
uid: testuser.discord.ca
uidNumber: 10000
gidNumber: 10000
gecos: Joe User
mailbox: /usr/home/discord.ca/testuser/Maildir/
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: CourierMailAccount
objectClass: top
loginShell: /usr/local/bin/bash
homeDirectory: /usr/home/discord.ca/testuser
userPassword:: e01ENX1YWnhveHNVTzA5QXFMODlVOWptVHRnPT0=
mail: testuser@???

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
su-2.05b#

On 1-Oct-04, at 12:08 PM, Jason Lixfeld wrote:

> I'm trying to figure out how to deliver mail as a specific user out of
> LDAP.
>
> The routers and transports are listed below, as are the ldifs for the
> alias and the real user the alias points to.
>
> The message hits the virtual_aliases router, the mailLocalAddress is
> returned and the message is redirected and processed now by the
> virtual_user router which delivers based on the virtual_delivery
> transport -- this is where the problem is. I've tried a bunch of user
> = and group = options, but I can't get it to work. The reason why is
> because local_part of the email address in question here testuser but
> is not actually the username of the real user. the real username is
> testuser.discord.ca. Another user might have a real name of
> joeuser.thisdomain.tld so the suffix after testuser will not always be
> constant. If there was a way in the virtual_delivery transport to
> tell the user = and group = to run as the user mailLocalAddress
> testuser.discord.ca, my problems would be solved. I'm sure there is a
> way, I'm just missing it.
>
> Any way to write arbitrary variables or something that I can pass to
> different transports? In the listed virtual_transport below, you'll
> see some of the attempts I've made to try to get this work work.
>
> Anyone have any ideas?
>
> ldif:
>
> dn:cn=testalias,o=discord.ca,cn=hosting,dc=ebit,dc=ca
> cn: testalias
> objectClass: top
> objectClass: organizationalRole
> objectClass: CourierMailAlias
> objectClass: inetLocalMailRecipient
> mail: testalias@???
> mailLocalAddress: jason@???
> mailLocalAddress: testuser.discord.ca
>
> dn:uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca
> cn: testuser.discord.ca
> uid: testuser.discord.ca
> uidNumber: 10000
> gidNumber: 10000
> gecos: Test User
> mailbox: /usr/home/discord.ca/testuser/Maildir/
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: CourierMailAccount
> objectClass: top
> loginShell: /usr/local/bin/bash
> homeDirectory: /usr/home/discord.ca/testuser
> userPassword: {MD5}XZxoxsUO09AqL89U9jmTtg==
> mail: testuser@???
>
> virtual_aliases:
> driver = redirect
> allow_fail
> allow_defer
> hide data = ${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca"
> pass=mykey
> ldap:///cn=$local_part,o=$domain,cn=hosting,dc=ebit,dc=ca?
> mailLocalAddress?}}
>
> virtualuser:
> driver = accept
> check_local_user
> local_part_suffix = +* : -*
> local_part_suffix_optional
> transport = virtual_delivery
> cannot_route_message = Unknown user
> no_more
>
> virtual_delivery:
> driver = appendfile
> delivery_date_add
> envelope_to_add
> return_path_add
> mode = 0660
> #hide user = ${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca"
> pass=mykey
> ldap:///uid=${quote_ldap:$local_part.$domain},ou=users,dc=ebit,dc=ca?
> uid?}}
> #hide group = ${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca"
> pass=mykey
> ldap:///uid=${quote_ldap:$local_part.$domain},ou=users,dc=ebit,dc=ca?
> gid?}}
> #user = $local_user_uid
> #group = $local_user_gid
> hide directory = ${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca"
> pass=mykey ldap:///uid=$local_part,ou=users,dc=ebit,dc=ca?mailbox?}}
> create_directory
> maildir_format=true
> maildir_tag= ,S=$message_size
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> Exim details at http://www.exim.org/ ##