[exim] Exim+Samba4 AD - lookup problem

Top Page
Delete this message
Reply to this message
Author: Odhiambo Washington
Date:  
To: exim users
Subject: [exim] Exim+Samba4 AD - lookup problem
Hello all,

I am struggling with integrating Exim (4.93, on Ubuntu) with Samba4 AD.
I have gotten to a point where I can see the proverbial "light at the end
of the tunnel", but it's still a bit far off.

So, I have a typical user in the AD:

*root@adc0:/var/log/dovecot# samba-tool user show odhiambo*
ldb_wrap open of secrets.ldb
dn: CN=Odhiambo Washington,CN=Users,DC=newideatest,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Odhiambo Washington
sn: Washington
givenName: Odhiambo
instanceType: 4
whenCreated: 20201120101420.0Z
displayName: Odhiambo Washington
uSNCreated: 4086
name: Odhiambo Washington
objectGUID: e6969596-8b28-41af-b5d8-cea63cc97f98
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-701866827-3355127779-3787685610-1106
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: odhiambo
sAMAccountType: 805306368
userPrincipalName: odhiambo@???
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=newideatest,DC=local
mail: odhiambo@???
loginShell: /bin/bash
userAccountControl: 512
pwdLastSet: 132505181852397220
whenChanged: 20201122112945.0Z
uSNChanged: 4104
distinguishedName: CN=Odhiambo Washington,CN=Users,DC=newideatest,DC=local

And I have the following configuration in the relevant routers in Exim:

LDAP_AD_MAIL_RCPT = \
  user=LDAP_AD_BIND_DN \
  pass=LDAP_AD_PASS \
  ldap:///LDAP_AD_BASE_DN\
 ?sAMAccountName?sub?\
  (&\
    (objectClass=user)\
    (!(isCriticalSystemObject=TRUE))\
    (mail=${quote_ldap:$local_part@$domain})\
  )


user_ad_aliases:
   debug_print = "R: user_ad_aliases for $local_part@$domain"
   driver           = redirect
   domains       = +local_domains
   data             = ${lookup ldapm{LDAP_AD_MAIL_RCPT}}


#
dovecot:
   debug_print = "R: dovecot for $local_part@$domain"
   driver          = accept
   domains      = +local_domains
   transport     = dovecot_virtual_delivery
   cannot_route_message = Unknown user


The problem I am experiencing is that a test against _any_ address,
existent or not, passes!

root@adc0:/home/wash# exim -bt odhiambo@??? #Test1 existent
user
R: user_ad_aliases for odhiambo@???
R: dovecot for odhiambo@???
odhiambo@???
router = dovecot, transport = dovecot_virtual_delivery

root@adc0:/home/wash# exim -bt kskskssls@??? #Test2 -
nonexistent user
R: user_ad_aliases for kskskssls@???
R: dovecot for kskskssls@???
kskskssls@???
router = dovecot, transport = dovecot_virtual_delivery

I do not expect #Test2 to succeed, but I am also clueless as to how to stop
it. Generally, a test for a nonexistent user should not succeed, no?
What do I need to change in the lookup query to achieve that?




--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)