Re: [exim] warn ACL and deferred LDAP lookup

Top Page
Delete this message
Reply to this message
Author: Micha Lenk
Date:  
To: exim-users
Subject: Re: [exim] warn ACL and deferred LDAP lookup
Hi Bill,

On 08/30/2011 07:33 PM CEST +02:00, W B Hacker wrote:
> Micha Lenk wrote:
>> I would like to use a warn ACL to set an ACL variable depending on the
>> result of a LDAP lookup using ${lookup ldapm{...}}. I use something
>> similar like this:
>>
>> warn condition = ${lookup ldapm{...}}
>>       set acl_c0 = 1

>>
>> This works just fine, except for one thing: In case the lookup fails for
>> some reason (e.g. the LDAP server is currently unreachable), I would
>> like the entire ACL to return defer and *not* continue with the next
>> ACL. How do I achieve that?
>
> A 'warn' verb ordinarily makes a log entry or sets a marker - it
> doesn't, in and of itself, otherwise affect the flow of the smtp
> session. Exim WILL continue to the next acl regardless.
>
> So ... to achieve the next part of your goal some SUBSEQUENT acl - not
> necessarily the next immediate one - would need to be a 'defer' based on
> whatever the warn had set into [ the | a | several] variable(s).


Yes, but that is where my problem starts. If I use

warn set acl_c_ad_lookup_ok = ${lookup ldapm{...}{1}{0}}

then I get acl_c_ad_lookup_ok set to 0 as soon as either the LDAP server
is unreachable, or the lookup fails to match. So, in a later 'defer'
ACL, I cannot distinguish between temporary errors and lookup mismatches.

> There can be tests for either/both fail-to-match and fail-to-access LDAP.


This seems to be the problem I fail to solve at the moment. Can you
please elaborate these tests a little bit more?

Thanks in advance,
Micha