On 2012-02-03 at 12:48 -0800, Kyle King wrote:
> I have set up so that the domain is found in ldap but still unsure, how
> to search that an ldap object has a set value. I know in postfix this is
> done by searching for (&(cn=%d)(member=%u)).
Globally set ldap_default_servers to point to the default list of
servers.
Figure out which attributes you want. That's the attribute list. If
you specify only one, then you get back just a value; if you specify
none, or more than one, then you get back multiple attributes in
key="value" format, so you can use ${extract...} with the results.
${lookup ldap {ldap:///cn=groups,dc=example,dc=org?homeDirectory,mail?sub?(&(cn=${quote_ldap:$domain})(member=${quote_ldap:$local_part}))}}
That is the query. If you specify it as the value of the "condition"
rule on a Router, then the Router will only take the message if the
query returns a non-empty string (ie, there were matches).
You can repeat the query, and as long as it's the same, and run in the
same process, the result will be taken from a small in-memory cache.
Often, folks define a macro at the start of the file, so that they can
then do something like:
${extract{homeDirectory}{QUERY_LDAP_GROUP}}
and rely upon the cached query. If you later want to optimise things,
once you understand things better, then you can do the query in an ACL
and set an $acl_m_foo variable which you can reference; that variable is
stored with the message, so you *never* repeat the LDAP query, even when
running in a different delivery process. (Of course, then bad LDAP data
which wedges messages in a queue is harder to fix, as opposed to just
fixing the LDAP data and letting a queue run pick up the fixed data).
What exactly you do with the data depends on what you're trying to do:
send it to an interior mail-host, deliver it to a per-user mailbox, etc.
There are "redirect" and "accept" drivers for the Routers which will
handle those two cited examples. You still need to specify what you
want done with the mails. You don't give enough information for me to
help with that.
--
https://twitter.com/syscomet
