I've posted a couple messages about this already and I started to
make some headway thanks to the replies I've received, but at this
point I got nothin' on how to get any farther ahead than I am now...
I'm building an exim 4.62 system running FreeBSD 6.1-RELEASE. It's a
system for mail virtual hosting with a precondition to avoid username
collisions whenever possible so we've given our LDAP users usernames
that include their domain part to create their full username. For
example:
User: Joe Domain: Example.com Local User: joe.example.com Email:
joe@???
Each email address is considered an alias which is then expanded to
get the local user where mail is supposed to be delivered. The alias
is expanded through the virtual_aliases router and then the real user
is found by the virtual_user router.
Each of these users is a genuine, glorified system user. They can
ssh in, they have a UID/GID and a home directory. Command line tools
on the system console work to identify the users flawlessly (id
joe.example.com, cd ~joe.example.com, etc) thanks to PAM/LDAP and NSS/
LDAP. This also means that check_local_user *should* work too,
because it uses getpwnam() and getpwnam() can already identify these
users on the system, but it appears that check_local_user can't
identify the users and it's causing me no end of grief and I can't
for the life of me figure out why!
I was digging through google and I came across the
max_username_length option, but I don't think that's the issue
because the OS has already been configured to accept 64 character
usernames and none of these usernames are > 64 characters.
My routers/transports configuration for this stuff looks like this,
but as I said, it fails in the virtual_user router (see errors below)
virtual_aliases:
driver = redirect
local_part_suffix = +* : -*
local_part_suffix_optional
allow_fail
allow_defer
hide data = ${lookup ldap {ldap:///o=
$domain,ou=hosting,ou=mail,dc=example,dc=ca?mailLocalAddress?sub?(&
(uid=$local_part))}}
file_transport = address_file
pipe_transport = address_pipe
virtual_user:
debug_print = "Virtual User Router Called Here"
driver = accept
check_local_user
local_part_suffix = +* : -*
local_part_suffix_optional
transport = virtual_delivery
cannot_route_message = Unknown user!
virtual_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
mode = 0660
directory = ${lookup ldap {ldap:///uid=
$local_part,ou=users,ou=auth,dc=example,dc=ca?homeDirectory?}}/Maildir/
create_directory
maildir_format = true
--------> virtual_aliases router <--------
local_part=jlixfeld.example.ca domain=mail.example.ca
calling virtual_aliases router
rda_interpret (string): ${lookup ldap {ldap:///o=
$domain,ou=hosting,ou=mail,dc=example,dc=ca?mailLocalAddress?sub?(&
(uid=$local_part))}}
search_open: ldap "NULL"
cached open
search_find: file="NULL"
key="ldap:///o=mail.example.ca,ou=hosting,ou=mail,dc=example,dc=ca?
mailLocalAddress?sub?(&(uid=jlixfeld.example.ca))" partial=-1
affix=NULL starflags=0
LRU list:
internal_search_find: file="NULL"
type=ldap key="ldap:///
o=mail.example.ca,ou=hosting,ou=mail,dc=example,dc=ca?
mailLocalAddress?sub?(&(uid=jlixfeld.example.ca))"
database lookup required for ldap:///
o=mail.example.ca,ou=hosting,ou=mail,dc=example,dc=ca?
mailLocalAddress?sub?(&(uid=jlixfeld.example.ca))
LDAP parameters: user=NULL pass=NULL size=0 time=0 connect=0
dereference=0
perform_ldap_search: ldap URL = "ldap:///
o=mail.example.ca,ou=hosting,ou=mail,dc=example,dc=ca?
mailLocalAddress?sub?(&(uid=jlixfeld.example.ca))" server=127.0.0.1
port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=127.0.0.1 port=0
re-using cached connection to LDAP server 127.0.0.1:389
Start search
search ended by ldap_result yielding 101
ldap_parse_result: 0
ldap_parse_result yielded 32: No such object
lookup failure forced
LDAP search failed - error 32: No such object/
ou=hosting,ou=mail,dc=example,dc=ca
lookup failed
expanded:
file is not a filter file
parse_forward_list:
virtual_aliases router declined for jlixfeld.example.ca@???
--------> system_aliases router <--------
local_part=jlixfeld.example.ca domain=mail.example.ca
calling system_aliases router
rda_interpret (string): ${lookup{$local_part}lsearch{/etc/aliases}}
search_open: lsearch "/etc/aliases"
search_find: file="/etc/aliases"
key="jlixfeld.example.ca" partial=-1 affix=NULL starflags=0
LRU list:
:/etc/aliases
End
internal_search_find: file="/etc/aliases"
type=lsearch key="jlixfeld.example.ca"
file lookup required for jlixfeld.example.ca
in /etc/aliases
lookup failed
expanded:
file is not a filter file
parse_forward_list:
system_aliases router declined for jlixfeld.example.ca@???
--------> virtual_user router <--------
local_part=jlixfeld.example.ca domain=mail.example.ca
checking for local user
virtual_user router skipped: jlixfeld.example.ca is not a local user
no more routers
----------- end verify ------------
accept: condition test failed
accept: endpass encountered - denying access
SMTP>> 550 Unknown user!
550 Unknown user!
So all that being said, I can comment out check_local_user and it
will no longer fail at the virtual_user router, however it will then
attempt to deliver to the proper maildir configured in the transport,
however it will fail on a permission denied because the delivery
isn't run as the local user so it can't write to the maildir. I
suppose I can set the user and group in the transport by LDAP calls,
but that would be ridiculous to have to do a) because the system
recognizes these users, so exim should to and b) I have an exim 4.54
system running on FreeBSD 5.4 system that does all this perfectly
already, so I KNOW it works.
Can anyone see anything here at all that looks off base? I'm totally
lost at this point! :(
Thanks in advance.
