Re: [exim] howto store virtual users in ldap

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jonas Meurer
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] howto store virtual users in ldap
On 21/07/2005 Jonathan Gonzalez wrote:
> You can grab the actual state, being well configured or not from my Exim
> dedicated folder @ http://www.surestorm.com/EXIM4


i found a very helpful example configuration (though it uses
qmail.schema, i modified it to use my own schema attached below) at
http://www.exim.org/exim-html-4.50/doc/html/C051.txt

my exim4 configuration has the following macros at the beginning:
---snip---
ldap_default_servers = 127.0.0.1::389
BASEDN = ou=mail,ou=accounts,dc=resivo,dc=mejo,dc=net

GET_ADDRESS_DATA = ${lookup ldap {ldap:///BASEDN??sub?(&(uid=${quote_ldap:$local_part}@${quote_ldap:$domain}))}}
GET_CATCHALL_DATA = ${lookup ldap {ldap:///BASEDN??sub?(&(uid=catchall@${quote_ldap:$domain}))}}
---snip---

and in the router section it has directly behind the system_users router:
---snip---
lookup:
driver = redirect
address_data = GET_ADDRESS_DATA
# data is intentionally left blank so that the router will decline
# we just want this router to do a lookup so the results are availble
# for the other routers.
data =

localdelivery:
driver = accept
condition = ${if match {${extract{uid}{$address_data}}}{$local_part@$domain} {1}{0}}
user = mail
group = mail
transport = maildir_home

MAILDIR_HOME_MAILDIR_LOCATION = ${extract{mailMessageStore}{$address_data}}
---snip---

a sample ldif file to add a user to ldap and the ldap schema is attached.

the only problem is MAILDIR_HOME_MAILDIR_LOCATION currently. if this
macro is set, the maildir_home transport uses it's value instead of the
default Maildir folder. currently the macro is set to '' when no
appropriate ldap user exists, which breaks other routers which are
configured later in the configuration, but i hope to get this fixed too.

also i plan to add alias management with ldap too. if you are interested
in configuration, let me know.

and another question: currently i need the 'inetOrgPerson' objectClass
for user entries in ldap, to have one structural object class. this
objectClass requires sn an cn, which are not used by my configuration.
is there any better structural objectClass to use for this purpose, or
shall i simply fill the attributes sn and cn with dummy values to make
ldap happy?

bye
jonas
dn: uid=test@???,ou=mail,ou=accounts,dc=domain,dc=com
    objectClass: inetOrgPerson
    objectClass: mailAccount
    uid: test@???
    sn: test
    cn: test
    mailMessageStore: /home/mailusers/domain.com/test/Maildir

#
# mailaccount-ldap (20050621) ldapv3 directory schema
#
# The offical qmail-ldap OID assigned by IANA is 7914
#
# This schema depends on:
#    - core.schema
#    - cosine.schema
#    - nis.schema
#


# Attribute Type Definitions

attributetype ( 1.3.6.1.4.1.7914.1.2.1.3 NAME 'mailMessageStore'
    DESC 'Path to the maildir on the mail system'
    EQUALITY caseExactIA5Match
    SUBSTR caseIgnoreIA5SubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.7914.1.2.1.4 NAME 'mailAlternateAddress'
    DESC 'Secondary (alias) mailaddresses for the same user'
    EQUALITY caseIgnoreIA5Match
    SUBSTR caseIgnoreIA5SubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

    
# Object Class Definitions

objectclass ( 1.3.6.1.4.1.7914.1.2.2.1 NAME 'mailAccount'
    DESC 'LDAP Virtual Mail Account'
    SUP top
    AUXILIARY
    MUST ( uid $ mailMessageStore )
    MAY ( homeDirectory $ userPassword ) )


objectclass ( 1.3.6.1.4.1.7914.1.3.2.1 NAME 'mailAlias'
    DESC 'LDAP Mail Alias'
    SUP top
    AUXILIARY
    MUST ( uid $ mailAlternateAddress ) )