Re: [exim] LDAP second level queries?

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Marco Gaiarin
Data:  
Para: Mikhail Golub
CC: exim-users
Assunto: Re: [exim] LDAP second level queries?
Mandi! Mikhail Golub
In chel di` si favelave...

Sorry for the late answer.


> Maybe this?


Could be. At least i'm starting to understand, but still does not work.

For now, i've coded that:

 data = ${lookup ldapm {user=LOCAL_AD_BINDDN pass=LOCAL_AD_PASS ldap:///LOCAL_AD_BASE_DN?uid?sub?(&(objectClass=user)(|\
        ${sg \
            { ${lookup ldap {user=LOCAL_AD_BINDDN pass=LOCAL_AD_PASS ldap:///LOCAL_AD_BASE_DN?member?sub?(&(objectClass=group)(cn=${quote_ldap:${local_part}}))}} } \
                {([^,],[^,]|^)(.*)([^,],[^,]|\$)} {(distinguishedName=\$2)} \
        }\
    ))}}


Looking at ''internal'' query, work:

--------> group_ldap_aliases router <--------
local_part=ced domain=corsi.sv.lnf.it
checking domains
cached yes match for +local_domains
cached lookup data = NULL
corsi.sv.lnf.it in "+local_domains"? yes (matched "+local_domains" - cached)
R: group_ldap_aliases for ced@???
calling group_ldap_aliases router
rda_interpret (string): ${lookup ldapm {user="CN=mta,OU=Restricted,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it" pass="nontelado" ldap:///${quote_ldap:DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it}?uid?sub?(&(objectClass=user)(|${sg { ${lookup ldap {user="CN=mta,OU=Restricted,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it" pass="nontelado" ldap:///${quote_ldap:DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it}?member?sub?(&(objectClass=group)(cn=${quote_ldap:${local_part}}))}} } {([^,],[^,]|^)(.*)([^,],[^,]|\$)} {(distinguishedName=\$2)} }))}}
search_open: ldap "NULL"
cached open
search_find: file="NULL"
key="user="CN=mta,OU=Restricted,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it" pass="nontelado" ldap:///DC%3Dad%2CDC%3Dcorsi%2CDC%3Dsv%2CDC%3Dlnf%2CDC%3Dit?member?sub?(&(objectClass=group)(cn=ced))" partial=-1 affix=NULL starflags=0
LRU list:
:/etc/aliases
End
internal_search_find: file="NULL"
type=ldap key="user="CN=mta,OU=Restricted,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it" pass="nontelado" ldap:///DC%3Dad%2CDC%3Dcorsi%2CDC%3Dsv%2CDC%3Dlnf%2CDC%3Dit?member?sub?(&(objectClass=group)(cn=ced))"
database lookup required for user="CN=mta,OU=Restricted,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it" pass="nontelado" ldap:///DC%3Dad%2CDC%3Dcorsi%2CDC%3Dsv%2CDC%3Dlnf%2CDC%3Dit?member?sub?(&(objectClass=group)(cn=ced))
LDAP parameters: user=CN=mta,OU=Restricted,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it pass=nontelado size=0 time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldap URL = "ldap:///DC%3Dad%2CDC%3Dcorsi%2CDC%3Dsv%2CDC%3Dlnf%2CDC%3Dit?member?sub?(&(objectClass=group)(cn=ced))" server=localhost port=3268 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=localhost port=3268
re-using cached connection to LDAP server localhost:3268
Start search
ldap_result loop
LDAP entry loop
LDAP attr loop member:CN=gaio,CN=Users,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it
LDAP attr loop member:CN=amaronese,CN=Users,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it
search ended by ldap_result yielding 101
ldap_parse_result: 0
ldap_parse_result yielded 0: Success
LDAP search: returning: CN=gaio,,CN=Users,,DC=ad,,DC=corsi,,DC=sv,,DC=lnf,,DC=it,CN=amaronese,,CN=Users,,DC=ad,,DC=corsi,,DC=sv,,DC=lnf,,DC=it
lookup yielded: CN=gaio,,CN=Users,,DC=ad,,DC=corsi,,DC=sv,,DC=lnf,,DC=it,CN=amaronese,,CN=Users,,DC=ad,,DC=corsi,,DC=sv,,DC=lnf,,DC=it

eg, the query return the full DN of the users, comma separated, with commas
doubled, as expected.

So, i've tried to build the second 'internal' query as above... evidently my
perl regex knowledge is not so good... the result:

search_open: ldapm "NULL"
cached open
search_find: file="NULL"
key="user="CN=mta,OU=Restricted,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it" pass="nontelado" ldap:///DC%3Dad%2CDC%3Dcorsi%2CDC%3Dsv%2CDC%3Dlnf%2CDC%3Dit?uid?sub?(&(objectClass=user)(|(distinguishedName= CN=gaio,,CN=Users,,DC=ad,,DC=corsi,,DC=sv,,DC=lnf,,DC=it,CN=amaronese,,CN=Users,,DC=ad,,DC=corsi,,DC=sv,,DC=lnf,,DC=it )))" partial=-1 affix=NULL starflags=0
LRU list:
:/etc/aliases
End
internal_search_find: file="NULL"
type=ldapm key="user="CN=mta,OU=Restricted,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it" pass="nontelado" ldap:///DC%3Dad%2CDC%3Dcorsi%2CDC%3Dsv%2CDC%3Dlnf%2CDC%3Dit?uid?sub?(&(objectClass=user)(|(distinguishedName= CN=gaio,,CN=Users,,DC=ad,,DC=corsi,,DC=sv,,DC=lnf,,DC=it,CN=amaronese,,CN=Users,,DC=ad,,DC=corsi,,DC=sv,,DC=lnf,,DC=it )))"
database lookup required for user="CN=mta,OU=Restricted,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it" pass="nontelado" ldap:///DC%3Dad%2CDC%3Dcorsi%2CDC%3Dsv%2CDC%3Dlnf%2CDC%3Dit?uid?sub?(&(objectClass=user)(|(distinguishedName= CN=gaio,,CN=Users,,DC=ad,,DC=corsi,,DC=sv,,DC=lnf,,DC=it,CN=amaronese,,CN=Users,,DC=ad,,DC=corsi,,DC=sv,,DC=lnf,,DC=it )))
LDAP parameters: user=CN=mta,OU=Restricted,DC=ad,DC=corsi,DC=sv,DC=lnf,DC=it pass=nontelado size=0 time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldapm URL = "ldap:///DC%3Dad%2CDC%3Dcorsi%2CDC%3Dsv%2CDC%3Dlnf%2CDC%3Dit?uid?sub?(&(objectClass=user)(|(distinguishedName= CN=gaio,,CN=Users,,DC=ad,,DC=corsi,,DC=sv,,DC=lnf,,DC=it,CN=amaronese,,CN=Users,,DC=ad,,DC=corsi,,DC=sv,,DC=lnf,,DC=it )))" server=localhost port=3268 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=localhost port=3268
re-using cached connection to LDAP server localhost:3268
Start search
search ended by ldap_result yielding 101
ldap_parse_result: 0
ldap_parse_result yielded 0: Success
LDAP search: no results
lookup failed
expanded:
file is not a filter file
parse_forward_list:
group_ldap_aliases router declined for ced@???

Apart that i need a second ${sg } run to remove the double quotes, the
regexp:

    {([^,],[^,]|^)(.*)([^,],[^,]|\$)} {(distinguishedName=\$2)}


does not work.


Someone can help me? Thanks.


PS: Jeremy, really i've not understood here how can i use ${listextract }
instead of ${sg } here...

-- 
  Chiedere a Gates come sviluppare le nuove tecnologie in Italia è come farsi
  spiegare da Berlusconi come promuovere il pluralismo dell'informazione.
  La risposta è semplice: «ghe pensi mi!»        (Pietro Folena)