Hi,
Luca Bertoncello <lucabert@???> (So 03 Apr 2016 19:18:32 CEST):
> If I search with ldapsearch:
>
> ldapsearch -x -h dc1.cch.intra -D "CN=system,CN=Users,DC=cch,DC=intra" -W -b
> "cn=users,dc=cch,dc=intra" -s sub
> "(&(objectClass=user)(!(isCriticalSystemObject=TRUE))(mail=*))" sAMAccountName
Ok, but for a router you probably do not want to get the full list of
users.
> I get the full list of the users on the system, that have an E-Mail.
> Well, now I have to use this query in Exim, so I wrote:
>
> hide ldap_default_servers = <; dc1.cch.intra:3268
> LDAP_AD_BINDDN = "CN=system,CN=Users,DC=cch,DC=intra"
> LDAP_AD_PASS = "myVerySecret"
> LDAP_AD_BASE_DN = "CN=Users,DC=cch,DC=intra"
> LDAP_AD_MAIL_RCPT = \
> user=LDAP_AD_BINDDN \
> pass=LDAP_AD_PASS \
> ldap:///LDAP_AD_BASE_DN\
> ?sAMAccountName?sub?\
> (&\
> (objectClass=user)\
> (!(isCriticalSystemObject=TRUE))\
> (mail=*)\
> )
>
> and then in the router:
>
> localWrite_gw:
> driver = redirect
> allow_filter
> domains = +local_domains
> user = EXIM_UID
> group = EXIM_GID
> data = ${lookup ldap {LDAP_AD_MAIL_RCPT} {# EXIM Filter\n\nsave /var/spool/mail/$value/Maildir}fail}
~~~~
The "ldap" query expects a *single* object's attributes as a result. But
you're looking for all(!) your users: mail=*.
If you expect multiple objects in your answer, you need an ldapm lookup.
(But I think, you don't need it here).
Modify the filter of your ldap query to
… (mail=${quote_ldap:$local_part@$domain})
(And as Jeremy pointed out, why not
data = ${lookup ldap{…}{/var/spool/mail/$value/Maildir}fail}
No need for the filter.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
