* on the Sat, Jan 28, 2006 at 03:12:17PM -0500, Chris Knadle wrote:
> On Saturday 28 January 2006 11:13, Mike Cardwell wrote:
>> That would probably work yes. Sounds like more of a nasty hack than I
>> was wanting to go with though.
> Another way of doing this would be to run OpenLDAP locally on the mail
> server and replicate the necessary entries from AD. This way the only thing
> that needs altering would be where the lookups would occur, and the only time
> the link to AD has to be there is for the periodic sync of the two
> directories.
I did find a solution to this problem in the end by the way. There is a feature
in exim designed exactly for issue I was trying to resolve. I ended up adding
this to my config:
unknown_login = ${run{/path/to/exe $caller_uid}}
Where exe is a setuid script that takes a uid, and returns a username. Now,
sending mail causes lookups against the AD, but the AD doesn't get hammered
due to web requests on the same box. Problem solved.
Running exim in an environment where it can't lookup it's own username can't
be all that bad if there's an option for it...
Best wishes,
Mike