Re: [exim] Address rewriting based on an LDAP query

Pàgina inicial
Delete this message
Reply to this message
Autor: Nigel Wade
Data:  
A: exim-users
Assumpte: Re: [exim] Address rewriting based on an LDAP query
Dionte Wilson wrote:
> Hi all.
>
> I was wondering if Exim can be configured to use LDAP for recipient
> lookups?


Certainly.

>
> It is crucial that I be able to rewrite the addressed based on
> information supplied
> in the search DN and the output of the LDAP query.
>
> For example:
>
> I want to be able to address a message to "someone@testdomain" in the
> RCPT TO command.
> I would like the LDAP search DN to be based on the handle in the above
> address.
>
> The LDAP server will only return the hostname of the box where the
> recipient mailbox is located.
>
> I would like the address used in the RCPT TO command to be rewritten
> based on information in the original RCPT TO command, and also from the
> output of the LDAP search.
>
> For example, if the user is found, hostA is returned in the query.
>
> I would like Exim to take the handle supplied in the original RCPT TO
> command, append the @ sign, followed by the output of the LDAP search,
> followed by the domain supplied as part of the original RCPT TO command.
>
> Is this possible????
>


I can't say for certain that it definitely is possible, but I think that it
ought to be. What you are trying to do is not a lot different from normal
aliasing using a redirect router.

For example, this is the router definition I use for aliasing. For a alias to
match the $local_part must be defined as a rfc822mailMember attribute of a entry
of class nisMailAlias. Somehow you need to construct the "data" part of the
redirect router from the combination of the return of the ldap lookup and
$local_part. This is the bit I am not sure about.

ldap_aliases:
   driver = redirect
   allow_fail
   allow_defer
   data = ${lookup ldap { \
                 user=LDAPU \
                 pass=LDAPP \
                 LDAPS/LDAP_BASE?\


rfc822mailMember?sub?(&(objectClass=nisMailAlias)(cn=${quote_ldap:$local_part}))} \
                 {$value} fail}
   file_transport = address_file
   pipe_transport = address_pipe



where LDAPU and LDAPS are the bind id and password. LDAPS is the URI of the LDAP
server, and LDAP_BASE is the base of the search.

-- 
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw@???
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555