[exim] Multi-valuied LDAP lookups in domain lists

Top Page
Delete this message
Reply to this message
Author: Jake Scott
Date:  
To: Exim Users
Subject: [exim] Multi-valuied LDAP lookups in domain lists

I'm trying to configure Exim to use an LDAP directory for a list of
domains to relay for. What I'd like to do, is have a single entry in
the directory, with a multi-valued attribute, such as:

dn:cn=relayDomains,ou=config,dc=flirble,dc=org
cn: relayDomains
objectClass: flirbleDomainList
objectClass: top
associatedDomain: poptart.org
associatedDomain: flirble.org
associatedDomain: testing.org


... etc

I've put this into my exim config:

   domainlist relay_to_domains = \
           ${lookup ldap {user=LDAP_BIND pass=LDAP_PWD
   \                          


ldaps:///cn=relayDomains,LDAP_CONFIG?associatedDomain?base?(associatedDomain=$domain)
}}

Now, the lookup succeeds - but relaying is always denied. I think this
is becasue the LDAP lookup returns all the associatedDomain attribute
values, comma separated. From the debug output:

    >>> check domains = +relay_to_domains
    >>> poptart.org in "poptart.org, flirble.org, testing.org"? no (end
   of list)
    >>> poptart.org in "+relay_to_domains"? no (end of list)
    >>> accept: condition test failed


Is there a way to make this work, or is this really not a good way to go
about this? Presumably I need to make the lookup return colon-separated
values instead of comma-separated values?...

Any help much appreciated!


Jake