Re: [exim] Using Exim with LDAP

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] Using Exim with LDAP
Hi,

Luca Bertoncello <lucabert@???> (So 03 Apr 2016 19:18:32 CEST):
> If I search with ldapsearch:
>
> ldapsearch -x -h dc1.cch.intra -D "CN=system,CN=Users,DC=cch,DC=intra" -W -b
> "cn=users,dc=cch,dc=intra" -s sub
> "(&(objectClass=user)(!(isCriticalSystemObject=TRUE))(mail=*))" sAMAccountName


Ok, but for a router you probably do not want to get the full list of
users.

> I get the full list of the users on the system, that have an E-Mail.
> Well, now I have to use this query in Exim, so I wrote:
>
> hide ldap_default_servers = <; dc1.cch.intra:3268
> LDAP_AD_BINDDN = "CN=system,CN=Users,DC=cch,DC=intra"
> LDAP_AD_PASS = "myVerySecret"
> LDAP_AD_BASE_DN = "CN=Users,DC=cch,DC=intra"
> LDAP_AD_MAIL_RCPT = \
>   user=LDAP_AD_BINDDN \
>   pass=LDAP_AD_PASS \
>   ldap:///LDAP_AD_BASE_DN\
>   ?sAMAccountName?sub?\
>   (&\
>     (objectClass=user)\
>     (!(isCriticalSystemObject=TRUE))\
>     (mail=*)\
>   )

>
> and then in the router:
>
> localWrite_gw:
> driver = redirect
> allow_filter
> domains = +local_domains
> user = EXIM_UID
> group = EXIM_GID
> data = ${lookup ldap {LDAP_AD_MAIL_RCPT} {# EXIM Filter\n\nsave /var/spool/mail/$value/Maildir}fail}

                    ~~~~ 


The "ldap" query expects a *single* object's attributes as a result. But
you're looking for all(!) your users: mail=*.

If you expect multiple objects in your answer, you need an ldapm lookup.
(But I think, you don't need it here).

Modify the filter of your ldap query to

    … (mail=${quote_ldap:$local_part@$domain})



(And as Jeremy pointed out, why not

    data = ${lookup ldap{…}{/var/spool/mail/$value/Maildir}fail}


No need for the filter.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -