Re: [exim] LDAP router section

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Heiko Schlittermann
Datum:  
To: exim-users
Betreff: Re: [exim] LDAP router section
Hello,

Stanczak Slawomir <sws@???> (Mi 15 Sep 2010 19:36:18 CEST):
> Hi,

(…)
> ara:~# ldapsearch -x -b dc=ams,dc=szn,dc=pl '(uid=test)'
> # extended LDIF
> #
> # LDAPv3
> # base <dc=ams,dc=szn,dc=pl> with scope subtree
> # filter: (uid=test)
> # requesting: ALL
> #
>
> # test, people, ams.szn.pl
> dn: uid=test,ou=people,dc=ams,dc=szn,dc=pl
> uid: test
> cn: test
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> loginShell: /bin/bash
> uidNumber: 2205
> gidNumber: 1001
> homeDirectory: /home/prac/Adm/test
> gecos: Test, BPE Rek/AMS
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> -----------
>
> My example LDAP router section:
>
> ldap_user:
>    debug_print = "R: ldap_user for $local_part@$domain"
>    driver = accept
>    domains = +local_domains
>    local_parts = ${extract{uid}{${lookup ldap{ldap://212.14.2.145:389/ou=People,dc=ams,dc=szn,dc=pl}fail}}}
>    transport = local_delivery
>    cannot_route_message = Unknown user


All you want to do, is to check, if the uid=$local_part exists in your
LDAP.

To make the long line short, I'd set some macros and I'd emply the
ldap_servers config option.

    # global
    UBASE = ou=People,dc=ams,dc=szn,dc=pl
    ldap_default_servers = 212.14.2.145




     local_parts = ${lookup ldap{ldap:///UBASE?uid?sub?(uid=${quote_ldap:$local_part})}{$value}}


or
     local_parts = ${lookup ldapdn{ldap:///UBASE??sub?(uid=${quote_ldap:$local_part})}{$local_part}}



Alternative I think you could use the ldap query in a precondition, but
I'm not sure about the order of the preconditions (domains = … is one
precondition, condidtion = … woul'd be a second). If the domains = … is
checked first (to avoid uneccesary LDAP queries):

    driver = accept
    domains = …
    condition = ${lookup ldap{ldapdn:///UBASE??sub?(uid=${quote_ldap:$local_part})}{true}fail}
    …


But do not believe me anything, nothing of the above is tested!

--
Heiko