Re: [exim] LDAP router section

Wed, 15 Sep 2010 14:28:28 -0700 

Hello,

Stanczak Slawomir <[email protected]> (Mi 15 Sep 2010 19:36:18 CEST):
> Hi,
(…)
> ara:~# ldapsearch -x -b dc=ams,dc=szn,dc=pl '(uid=test)'
> # extended LDIF
> #
> # LDAPv3
> # base <dc=ams,dc=szn,dc=pl> with scope subtree
> # filter: (uid=test)
> # requesting: ALL
> #
> 
> # test, people, ams.szn.pl
> dn: uid=test,ou=people,dc=ams,dc=szn,dc=pl
> uid: test
> cn: test
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> loginShell: /bin/bash
> uidNumber: 2205
> gidNumber: 1001
> homeDirectory: /home/prac/Adm/test
> gecos: Test, BPE Rek/AMS
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 2
> # numEntries: 1
> 
> -----------
> 
> My example LDAP router section:
> 
> ldap_user:
>    debug_print = "R: ldap_user for $local_p...@$domain"
>    driver = accept
>    domains = +local_domains
>    local_parts = ${extract{uid}{${lookup 
> ldap{ldap://212.14.2.145:389/ou=People,dc=ams,dc=szn,dc=pl}fail}}}
>    transport = local_delivery
>    cannot_route_message = Unknown user

All you want to do, is to check, if the uid=$local_part exists in your
LDAP.

To make the long line short, I'd set some macros and I'd emply the
ldap_servers config option.

    # global
    UBASE = ou=People,dc=ams,dc=szn,dc=pl
    ldap_default_servers = 212.14.2.145

    …

     local_parts = ${lookup 
ldap{ldap:///UBASE?uid?sub?(uid=${quote_ldap:$local_part})}{$value}}

or
     local_parts = ${lookup 
ldapdn{ldap:///UBASE??sub?(uid=${quote_ldap:$local_part})}{$local_part}}


Alternative I think you could use the ldap query in a precondition, but
I'm not sure about the order of the preconditions (domains = … is one
precondition, condidtion = … woul'd be a second). If the domains = … is
checked first (to avoid uneccesary LDAP queries):

    driver = accept
    domains = …
    condition = ${lookup 
ldap{ldapdn:///UBASE??sub?(uid=${quote_ldap:$local_part})}{true}fail}
    …

But do not believe me anything, nothing of the above is tested!

-- 
Heiko

Attachment: signature.asc
Description: Digital signature

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to