Hello all,
I am struggling with integrating Exim (4.93, on Ubuntu) with Samba4 AD.
I have gotten to a point where I can see the proverbial "light at the end
of the tunnel", but it's still a bit far off.
So, I have a typical user in the AD:
*root@adc0:/var/log/dovecot# samba-tool user show odhiambo*
ldb_wrap open of secrets.ldb
dn: CN=Odhiambo Washington,CN=Users,DC=newideatest,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Odhiambo Washington
sn: Washington
givenName: Odhiambo
instanceType: 4
whenCreated: 20201120101420.0Z
displayName: Odhiambo Washington
uSNCreated: 4086
name: Odhiambo Washington
objectGUID: e6969596-8b28-41af-b5d8-cea63cc97f98
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-701866827-3355127779-3787685610-1106
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: odhiambo
sAMAccountType: 805306368
userPrincipalName: odhiambo@???
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=newideatest,DC=local
mail: odhiambo@???
loginShell: /bin/bash
userAccountControl: 512
pwdLastSet: 132505181852397220
whenChanged: 20201122112945.0Z
uSNChanged: 4104
distinguishedName: CN=Odhiambo Washington,CN=Users,DC=newideatest,DC=local
And I have the following configuration in the relevant routers in Exim:
LDAP_AD_MAIL_RCPT = \
user=LDAP_AD_BIND_DN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE_DN\
?sAMAccountName?sub?\
(&\
(objectClass=user)\
(!(isCriticalSystemObject=TRUE))\
(mail=${quote_ldap:$local_part@$domain})\
)
user_ad_aliases:
debug_print = "R: user_ad_aliases for $local_part@$domain"
driver = redirect
domains = +local_domains
data = ${lookup ldapm{LDAP_AD_MAIL_RCPT}}
#
dovecot:
debug_print = "R: dovecot for $local_part@$domain"
driver = accept
domains = +local_domains
transport = dovecot_virtual_delivery
cannot_route_message = Unknown user
The problem I am experiencing is that a test against _any_ address,
existent or not, passes!
root@adc0:/home/wash# exim -bt odhiambo@??? #Test1 existent
user
R: user_ad_aliases for odhiambo@???
R: dovecot for odhiambo@???
odhiambo@???
router = dovecot, transport = dovecot_virtual_delivery
root@adc0:/home/wash# exim -bt kskskssls@??? #Test2 -
nonexistent user
R: user_ad_aliases for kskskssls@???
R: dovecot for kskskssls@???
kskskssls@???
router = dovecot, transport = dovecot_virtual_delivery
I do not expect #Test2 to succeed, but I am also clueless as to how to stop
it. Generally, a test for a nonexistent user should not succeed, no?
What do I need to change in the lookup query to achieve that?
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)
