Hello,
Stanczak Slawomir <sws@???> (Mi 15 Sep 2010 19:36:18 CEST):
> Hi,
(…)
> ara:~# ldapsearch -x -b dc=ams,dc=szn,dc=pl '(uid=test)'
> # extended LDIF
> #
> # LDAPv3
> # base <dc=ams,dc=szn,dc=pl> with scope subtree
> # filter: (uid=test)
> # requesting: ALL
> #
>
> # test, people, ams.szn.pl
> dn: uid=test,ou=people,dc=ams,dc=szn,dc=pl
> uid: test
> cn: test
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> loginShell: /bin/bash
> uidNumber: 2205
> gidNumber: 1001
> homeDirectory: /home/prac/Adm/test
> gecos: Test, BPE Rek/AMS
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> -----------
>
> My example LDAP router section:
>
> ldap_user:
> debug_print = "R: ldap_user for $local_part@$domain"
> driver = accept
> domains = +local_domains
> local_parts = ${extract{uid}{${lookup ldap{ldap://212.14.2.145:389/ou=People,dc=ams,dc=szn,dc=pl}fail}}}
> transport = local_delivery
> cannot_route_message = Unknown user
All you want to do, is to check, if the uid=$local_part exists in your
LDAP.
To make the long line short, I'd set some macros and I'd emply the
ldap_servers config option.
# global
UBASE = ou=People,dc=ams,dc=szn,dc=pl
ldap_default_servers = 212.14.2.145
…
local_parts = ${lookup ldap{ldap:///UBASE?uid?sub?(uid=${quote_ldap:$local_part})}{$value}}
or
local_parts = ${lookup ldapdn{ldap:///UBASE??sub?(uid=${quote_ldap:$local_part})}{$local_part}}
Alternative I think you could use the ldap query in a precondition, but
I'm not sure about the order of the preconditions (domains = … is one
precondition, condidtion = … woul'd be a second). If the domains = … is
checked first (to avoid uneccesary LDAP queries):
driver = accept
domains = …
condition = ${lookup ldap{ldapdn:///UBASE??sub?(uid=${quote_ldap:$local_part})}{true}fail}
…
But do not believe me anything, nothing of the above is tested!
--
Heiko