Hello all, I am struggling with integrating Exim (4.93, on Ubuntu) with Samba4 AD. I have gotten to a point where I can see the proverbial "light at the end of the tunnel", but it's still a bit far off.
So, I have a typical user in the AD: *root@adc0:/var/log/dovecot# samba-tool user show odhiambo* ldb_wrap open of secrets.ldb dn: CN=Odhiambo Washington,CN=Users,DC=newideatest,DC=local objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Odhiambo Washington sn: Washington givenName: Odhiambo instanceType: 4 whenCreated: 20201120101420.0Z displayName: Odhiambo Washington uSNCreated: 4086 name: Odhiambo Washington objectGUID: e6969596-8b28-41af-b5d8-cea63cc97f98 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid: S-1-5-21-701866827-3355127779-3787685610-1106 accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: odhiambo sAMAccountType: 805306368 userPrincipalName: [email protected] objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=newideatest,DC=local mail: [email protected] loginShell: /bin/bash userAccountControl: 512 pwdLastSet: 132505181852397220 whenChanged: 20201122112945.0Z uSNChanged: 4104 distinguishedName: CN=Odhiambo Washington,CN=Users,DC=newideatest,DC=local And I have the following configuration in the relevant routers in Exim: LDAP_AD_MAIL_RCPT = \ user=LDAP_AD_BIND_DN \ pass=LDAP_AD_PASS \ ldap:///LDAP_AD_BASE_DN\ ?sAMAccountName?sub?\ (&\ (objectClass=user)\ (!(isCriticalSystemObject=TRUE))\ (mail=${quote_ldap:$local_part@$domain})\ ) user_ad_aliases: debug_print = "R: user_ad_aliases for $local_part@$domain" driver = redirect domains = +local_domains data = ${lookup ldapm{LDAP_AD_MAIL_RCPT}} # dovecot: debug_print = "R: dovecot for $local_part@$domain" driver = accept domains = +local_domains transport = dovecot_virtual_delivery cannot_route_message = Unknown user The problem I am experiencing is that a test against _any_ address, existent or not, passes! root@adc0:/home/wash# exim -bt [email protected] #Test1 existent user R: user_ad_aliases for [email protected] R: dovecot for [email protected] [email protected] router = dovecot, transport = dovecot_virtual_delivery root@adc0:/home/wash# exim -bt [email protected] #Test2 - nonexistent user R: user_ad_aliases for [email protected] R: dovecot for [email protected] [email protected] router = dovecot, transport = dovecot_virtual_delivery I do not expect #Test2 to succeed, but I am also clueless as to how to stop it. Generally, a test for a nonexistent user should not succeed, no? What do I need to change in the lookup query to achieve that? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
