Re: [exim] Delivering virtual mail as a real user

Inizio della pagina
Delete this message
Reply to this message
Autore: Jason Lixfeld
Data:  
To: exim-users
Oggetto: Re: [exim] Delivering virtual mail as a real user
Fixed it. Didn't need to bother specifying a user and group because
the user was a system user via pam_ldap so it could resolve the uid and
gid of the user without the direct ldap calls.

On 1-Oct-04, at 5:23 PM, Jason Lixfeld wrote:

> Ya, I'm not getting very far here :)
>
> I'm assuming that in the virtual_aliases router, this query:
>
> hide data = ${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca"
> pass=mykey
> ldap:///cn=$local_part,o=$domain,cn=hosting,dc=ebit,dc=ca?
> mailLocalAddress?}}
>
> will fill the $value variable with the contents of mailLocalAddress
> attribute, namely as per the ldif below "testuser.discord.ca". $value
> then would be passed to the virtualuser router which will pass it to
> the virtual_delivery transport. The transport has this line to try
> and expand the gid to run the delivery as:
>
> hide user = ${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca" pass=mykey
> ldap:///uid=$local_part,ou=users,dc=ebit,dc=ca?gid?}}
>
> when I used this query, I get the following errors in the debug. It
> would appear that $local_part is being expanded correctly from the
> virtual_alias router, but it looks like the search is failing when it
> gets punted to the virtual_delivery transport but I can't figure out
> why. I can run the same query on the ldap server itself and the
> results are fine, so I'm at a loss as to why it works in some places,
> but not others.
>
> Any ideas? I'm dying over here! :)
>
> 40984 --------> testuser.discord.ca@??? <--------
> 40984 locking /var/spool/exim/db/retry.lockfile
> 40984 locked /var/spool/exim/db/retry.lockfile
> 40984 opened hints database /var/spool/exim/db/retry: flags=0
> 40984 dbfn_read: key=T:testuser.discord.ca@???
> 40984 retry record exists: age=1444 (max=604800)
> 40984 time to retry = -2156 expired = 0
> 40984 search_open: ldap "NULL"
> 40984 search_find: file="NULL"
> 40984 key="user="cn=joeuser,dc=ebit,dc=ca" pass=mykey
> ldap:///uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca?gid?"
> partial=-1 affix=NULL starflags=0
> 40984 LRU list:
> 40984 internal_search_find: file="NULL"
> 40984 type=ldap key="user="cn=joeuser,dc=ebit,dc=ca" pass=mykey
> ldap:///uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca?gid?"
> 40984 database lookup required for user="cn=joeuser,dc=ebit,dc=ca"
> pass=mykey ldap:///uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca?gid?
> 40984 LDAP parameters: user=cn=Manager,dc=ebit,dc=ca pass=secret
> size=0 time=0 connect=-1 dereference=0
> 40984 perform_ldap_search: ldap URL =
> "ldap:///uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca?gid?"
> server=127.0.0.1 port=0 sizelimit=0 timelimit=0 tcplimit=-1
> 40984 after ldap_url_parse: host=127.0.0.1 port=0
> 40984 ldap_initialize with URL ldap://127.0.0.1:389/
> 40984 initialized for LDAP (v3) server 127.0.0.1:389
> 40984 LDAP_OPT_X_TLS_TRY set
> 40984 binding with user=cn=Manager,dc=ebit,dc=ca password=secret
> 40984 Start search
> 40984 ldap_result loop
> 40984 LDAP entry loop
> 40984 search ended by ldap_result yielding 101
> 40984 ldap_parse_result yielded 0: Success
> 40984 LDAP search: found no attributes
> 40984 lookup failed
> 40984 LOG: MAIN PANIC
> 40984 Failed to find group "" from expanded string "${lookup ldap
> {user="cn=joeuser,dc=ebit,dc=ca" pass=mykey
> ldap:///uid=$local_part,ou=users,dc=ebit,dc=ca?gid?}}" for the
> virtual_delivery transport
> 40984 virtual_delivery transport returned DEFER for
> testuser.discord.ca@???
> 40984 added retry item for T:testuser.discord.ca@???:
> errno=-28 0 flags=0
> 40984 post-process testuser.discord.ca@??? (1)
> 40984 LOG: MAIN
> 40984 == testuser.discord.ca@??? <testalias@???>
> R=virtualuser T=virtual_delivery defer (-28): Failed to find group ""
> from expanded string "${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca"
> pass=mykey ldap:///uid=$local_part,ou=users,dc=ebit,dc=ca?gid?}}" for
> the virtual_delivery transport
>
> ldapsearch:
>
> su-2.05b# ldapsearch -D "cn=joeuser,dc=ebit,dc=ca" -w mykey -b
> uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca "(uid=*)"
> # extended LDIF
> #
> # LDAPv3
> # base <uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca> with scope sub
> # filter: (uid=*)
> # requesting: ALL
> #
>
> # testuser.discord.ca, users, ebit.ca
> dn: uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca
> cn: testuser.discord.ca
> uid: testuser.discord.ca
> uidNumber: 10000
> gidNumber: 10000
> gecos: Joe User
> mailbox: /usr/home/discord.ca/testuser/Maildir/
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: CourierMailAccount
> objectClass: top
> loginShell: /usr/local/bin/bash
> homeDirectory: /usr/home/discord.ca/testuser
> userPassword:: e01ENX1YWnhveHNVTzA5QXFMODlVOWptVHRnPT0=
> mail: testuser@???
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> su-2.05b#
>
> On 1-Oct-04, at 12:08 PM, Jason Lixfeld wrote:
>
>> I'm trying to figure out how to deliver mail as a specific user out
>> of LDAP.
>>
>> The routers and transports are listed below, as are the ldifs for the
>> alias and the real user the alias points to.
>>
>> The message hits the virtual_aliases router, the mailLocalAddress is
>> returned and the message is redirected and processed now by the
>> virtual_user router which delivers based on the virtual_delivery
>> transport -- this is where the problem is. I've tried a bunch of
>> user = and group = options, but I can't get it to work. The reason
>> why is because local_part of the email address in question here
>> testuser but is not actually the username of the real user. the real
>> username is testuser.discord.ca. Another user might have a real name
>> of joeuser.thisdomain.tld so the suffix after testuser will not
>> always be constant. If there was a way in the virtual_delivery
>> transport to tell the user = and group = to run as the user
>> mailLocalAddress testuser.discord.ca, my problems would be solved.
>> I'm sure there is a way, I'm just missing it.
>>
>> Any way to write arbitrary variables or something that I can pass to
>> different transports? In the listed virtual_transport below, you'll
>> see some of the attempts I've made to try to get this work work.
>>
>> Anyone have any ideas?
>>
>> ldif:
>>
>> dn:cn=testalias,o=discord.ca,cn=hosting,dc=ebit,dc=ca
>> cn: testalias
>> objectClass: top
>> objectClass: organizationalRole
>> objectClass: CourierMailAlias
>> objectClass: inetLocalMailRecipient
>> mail: testalias@???
>> mailLocalAddress: jason@???
>> mailLocalAddress: testuser.discord.ca
>>
>> dn:uid=testuser.discord.ca,ou=users,dc=ebit,dc=ca
>> cn: testuser.discord.ca
>> uid: testuser.discord.ca
>> uidNumber: 10000
>> gidNumber: 10000
>> gecos: Test User
>> mailbox: /usr/home/discord.ca/testuser/Maildir/
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> objectClass: shadowAccount
>> objectClass: CourierMailAccount
>> objectClass: top
>> loginShell: /usr/local/bin/bash
>> homeDirectory: /usr/home/discord.ca/testuser
>> userPassword: {MD5}XZxoxsUO09AqL89U9jmTtg==
>> mail: testuser@???
>>
>> virtual_aliases:
>> driver = redirect
>> allow_fail
>> allow_defer
>> hide data = ${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca"
>> pass=mykey
>> ldap:///cn=$local_part,o=$domain,cn=hosting,dc=ebit,dc=ca?
>> mailLocalAddress?}}
>>
>> virtualuser:
>> driver = accept
>> check_local_user
>> local_part_suffix = +* : -*
>> local_part_suffix_optional
>> transport = virtual_delivery
>> cannot_route_message = Unknown user
>> no_more
>>
>> virtual_delivery:
>> driver = appendfile
>> delivery_date_add
>> envelope_to_add
>> return_path_add
>> mode = 0660
>> #hide user = ${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca"
>> pass=mykey
>> ldap:///uid=${quote_ldap:$local_part.$domain},ou=users,dc=ebit,dc=ca?
>> uid?}}
>> #hide group = ${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca"
>> pass=mykey
>> ldap:///uid=${quote_ldap:$local_part.$domain},ou=users,dc=ebit,dc=ca?
>> gid?}}
>> #user = $local_user_uid
>> #group = $local_user_gid
>> hide directory = ${lookup ldap {user="cn=joeuser,dc=ebit,dc=ca"
>> pass=mykey ldap:///uid=$local_part,ou=users,dc=ebit,dc=ca?mailbox?}}
>> create_directory
>> maildir_format=true
>> maildir_tag= ,S=$message_size
>>
>>
>> --
>> ## List details at http://www.exim.org/mailman/listinfo/exim-users
>> Exim details at http://www.exim.org/ ##
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> Exim details at http://www.exim.org/ ##