[exim] LDAP in router condition

Top Page
Delete this message
Reply to this message
Author: François Wautier
Date:  
To: Exim Users List
Subject: [exim] LDAP in router condition

Hi,

Ihave been using Eximfor quite some time.. It works great.

I recently setup a new server (version 4.67). This server is a "virtual user"
only type of setup. My "users" and aliases are defined in an Active Directory
tree.

It is mostly working, but there is one thing I can not get to work.

I am trying to do something like FAQ Q9802, essentially limiting the users
that are able to send to the outside. I also want to the user to
authenticate.

Here is the router I have come up with (the latest version anyway)

check_outgoing:
     driver = redirect
     domains = ! +local_domains
     condition = ! or { ={$sender_address}{}}{${lookup ldap {\
                user=LDAP_AD_BINDDN \
                pass=LDAP_AD_PASS \
                ldap:///dc=mydomain,dc=com??sub?
(&(distinguishedName=$authenticated_id)
(memberOf=cn=Internet-Email,ou=Groups,dc=mydomain,dc=com))}{yes}{no}}}
     allow_fail
     data = :fail: You are not allowed to send outside our domain



I run exim in debug mode, and I can see that things are setup correctly.
The LDAP query looks good and it returns the expected result. Yet, the router
always succeed, i.e.
the condition is always true and I can never send email to the outside world

I am probably tired, but could someone point mein the right direction.

Thanks
    François