Hi Bill,
On 08/30/2011 07:33 PM CEST +02:00, W B Hacker wrote:
> Micha Lenk wrote:
>> I would like to use a warn ACL to set an ACL variable depending on the
>> result of a LDAP lookup using ${lookup ldapm{...}}. I use something
>> similar like this:
>>
>> warn condition = ${lookup ldapm{...}}
>> set acl_c0 = 1
>>
>> This works just fine, except for one thing: In case the lookup fails for
>> some reason (e.g. the LDAP server is currently unreachable), I would
>> like the entire ACL to return defer and *not* continue with the next
>> ACL. How do I achieve that?
>
> A 'warn' verb ordinarily makes a log entry or sets a marker - it
> doesn't, in and of itself, otherwise affect the flow of the smtp
> session. Exim WILL continue to the next acl regardless.
>
> So ... to achieve the next part of your goal some SUBSEQUENT acl - not
> necessarily the next immediate one - would need to be a 'defer' based on
> whatever the warn had set into [ the | a | several] variable(s).
Yes, but that is where my problem starts. If I use
warn set acl_c_ad_lookup_ok = ${lookup ldapm{...}{1}{0}}
then I get acl_c_ad_lookup_ok set to 0 as soon as either the LDAP server
is unreachable, or the lookup fails to match. So, in a later 'defer'
ACL, I cannot distinguish between temporary errors and lookup mismatches.
> There can be tests for either/both fail-to-match and fail-to-access LDAP.
This seems to be the problem I fail to solve at the moment. Can you
please elaborate these tests a little bit more?
Thanks in advance,
Micha
