Mike Cardwell wrote:
* on the Sat, Jan 28, 2006 at 03:12:17PM -0500, Chris Knadle wrote:
On Saturday 28 January 2006 11:13, Mike Cardwell wrote:
That would probably work yes. Sounds like more of a nasty hack than I
was wanting to go with though.
Another way of doing this would be to run OpenLDAP locally on the mail
server and replicate the necessary entries from AD. This way the only thing
that needs altering would be where the lookups would occur, and the only time
the link to AD has to be there is for the periodic sync of the two
directories.
I did find a solution to this problem in the end by the way. There is a feature
in exim designed exactly for issue I was trying to resolve. I ended up adding
this to my config:
unknown_login = ${run{/path/to/exe $caller_uid}}
Where exe is a setuid script that takes a uid, and returns a username. Now,
sending mail causes lookups against the AD, but the AD doesn't get hammered
due to web requests on the same box. Problem solved.
Running exim in an environment where it can't lookup it's own username can't
be all that bad if there's an option for it...
Best wishes,
Mike
Mike,
I understand the solution, but I was puzzled by your OP as to
why you wanted to do this at all (w/r Exim's EUID) - and am
still puzzled.
Just as background, in my own installations Exim, SA, ClamAV,
Dovecot IMAP/POP, and the Webmail daemon each run at all times
as their own UID.
The end user's ID is not only not used - they don't even *have*
one. Even 'postmaster' has to have an entry in the SQL DB.
Which is perhaps as diametrically opposite to your approach as
it gets - where you run the daemon with no default UID, I handle
the users with no UID.
Neither criticizing nor advocating either method, as mine is as
non-standard as yours is.
But hope you can see why I am (still) curious...
Care to enlighten?
Bill
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
