Re: [exim] Requesting Direction/Advice for LDAP lookups

Pàgina inicial
Delete this message
Reply to this message
Autor: Nigel Wade
Data:  
A: exim-users
Assumpte: Re: [exim] Requesting Direction/Advice for LDAP lookups
On Tuesday 28 Jun 2005 21:29, Jason Martens wrote:
> On Tue, 2005-06-28 at 15:14 -0500, Herb Martin wrote:
> > > Is this doable? Is there a better way to do this? I would
> > > appreciate any input.
> >
> > It is very doable -- there is plenty of Microsoft,
> > and others, source code to do the lookups in VB,
> > C, or C#. You can also do it in Perl which has
> > LDAP libraries.
>
> Thanks for the input. I was hoping to be able to do this with a
> (somewhat) simple redirect router, and possibly some shell scripting, or
> just some code on my linux mail server that can do the query, return the
> addresses. Is this doable, or will I have to do more coding than that?


It all depends on how your directory is organized. If you can get the list of
recipients from a single LDAP query it is definitely doable. I already do
this sort of thing using OpenLDAP. I don't see why AD should be much
different (other than MS is *always* different ;-)).

I put our users into different OUs and in my exim4.conf I use these OUs to
generate group mailing lists on the fly. For example, to send mail to all
"student" accounts I have the follwing setup:

STUDENT_ACCOUNT_BASE = ou=students,ACCOUNT_BASE
LDAPS = ldaps://my.ldap.server/
LDAPU = uid=eximbinddn,dc=your.base.dc
LDAPP = eximpassword

ldap_students:
  driver = redirect
  verify_recipient
  condition = ${if eq {$local_part} {students} {1} {0}}
  data = ${lookup ldapm { \
                user=LDAPU \
                pass=LDAPP \
                LDAPSSTUDENT_ACCOUNT_BASE?\
                uid?one?(mail=1)} {$value} {}}


this will expand the recipient students into the result of the lookup for all
uids in the ou=students sub-section of ACCOUNT_BASE which have the "mail"
attribute set to 1. LDAPU/LDAPP is an account which has permission to search
the relevent attributes in the directory. I have created a special account
just for Exim to do searches.

AD will be different, how different I have no idea. It's something I might be
having to find out for myself shortly...

-- 
Nigel Wade, System Administrator, Space Plasma Physics Group,
            University of Leicester, Leicester, LE1 7RH, UK 
E-mail :    nmw@??? 
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555