Hello Phillip, Thanks for your reply, I did put some information from memory and intend to give you a glimpse of the fuller configs on Monday.
If I run an ldap search against port 389 to AD I get the values back inclusive of the mail attribute, correctly. I haven’t tried port that pumps the GC out 3286 iirc. I expect that it give you lesser info. When I say it’s a mystery I mean in relation to using posixAccount as AD doesn’t have this. It has person and I did try this and to no avail I will read the man page as per your suggestion as well and see if I am doing something wrong. To be sure I will run smtpd -d -v again. The debugs do for sure say I have a connection to the ldap server. Can I specify more than on ldap server? I’ll check the man page on this as well. Thanks and Cheers, ASD. --- [image: Edmonton-signature-RGB.jpg] Aly Dharshi B.Sc., RHCE Communications Design Specialist ETS Technical Services CITY OPERATIONS | TRANSIT Meeting Booking Link https://calendar.app.google/eTj5cU9rJFYUTqNM6 780-619-1585 MOBILE City of Edmonton DL MacDonald Transit Yards ROW Building 13304 50A Street Edmonton AB T5A 4P6 All information contained in this email post is proprietary to the City of Edmonton, confidential and intended only for the addressed recipient. If you have received this post in error, please disregard the contents, inform the sender of the misdirection, and remove it from your system. The copying, dissemination or distribution of this email, if misdirected, is strictly prohibited. On Sat, Sep 14, 2024 at 5:25 PM Philipp <phil...@bureaucracy.de> wrote: > Hello Aly > > [2024-09-13 18:58] Aly Dharshi <aly.dhar...@edmonton.ca> > > Hello Philipp, > > > > I built the bits and have the table running. I notice that %s is being > > used. Is this just a variable to slot in a value eg email address? > > The %s is a format specifier for the requested key. How the key looks > depends on the context (usernames, email addresses, ...). Before a > specific search is performed the '%s' is replaced with the key. > > There is also a man page in the table-ldap repo, most of it also fits for > the old table out of extras. Only the format specifier '%u' and '%h' > aren't available. > > > I ran a test email and say the email address is m...@awesome.com, then the > > key is m...@awesome.com and when a ldap query is fired to ActiveDirectory > it > > fails. Snippets are: > > > > table mailaddr ldap:/etc/opensmtpd/table-ldap.conf > > > > match from any for rcpt-to <mailaddr> action some_action > > What exactly do you mean when you say "it fails"? It makes it a lot > simpler understand your problem when it's clear what is expected and > what happen. Also without the config for table-ldap it's hard to > say what's wrong. > > > I have no posixAccount ObjectClass iirc in AD, just top, person,user and > > organizationalUser if memory serves. Where the mail attribute is stuffed > is > > a mystery. Thanks. > > I would guess the email address is stored in the 'mail' attribute. But > you should be able to check this with ldapsearch(1) or shelldap. > > In the rcpt-to context the key is the recipient email address. So your > filter should check for the email address. In this context the table > only checks if the key exists. So when the search request returns at > least one result it passes. > > Btw: I have written an article[0] about how I use OpenSMTPD with > FreeIPA. It might be interesting for you. > > Philipp > > [0] https://satanist.bureaucracy.de/smtpd/complex.md (unfinished) > > > > > Cheers, > > > > ASD. > > > > > > > > --- > > > > [image: Edmonton-signature-RGB.jpg] > > > > Aly Dharshi B.Sc., RHCE > > > > Communications Design Specialist > > > > ETS Technical Services > > > > CITY OPERATIONS | TRANSIT > > > > > > > > All information contained in this email post is proprietary to the City > of > > Edmonton, confidential and intended only for the addressed recipient. If > > you have received this post in error, please disregard the contents, > inform > > the sender of the misdirection, and remove it from your system. The > > copying, dissemination or distribution of this email, if misdirected, is > > strictly prohibited. > > > > > > > > On Fri, Sep 13, 2024 at 9:43 AM Philipp <phil...@bureaucracy.de> wrote: > > > > > [2024-09-13 07:49] Aly Dharshi <aly.dhar...@edmonton.ca> > > > > Thanks Philipp! Is this module prebuilt on OpenBSD/OpenSMTPD? > > > > > > There are several packages/ports for table-ldap, including one for > > > OpenBSD. The problem is: the last releases of table-ldap in both > > > repos are kind of buggy and missing some featers (i.e. tls support). > > > Thats why I would recommend using the current HEAD of the repo[0]. > > > > > > Also what I forgot in my last mail: table-ldap was in a buggy state > > > and I currently work on fixing all the bugs. This fixes are not well > > > tested[1]. So I would recommend to set up some test mailserver and > > > carefully test it. I don't think[2] there are unknown bugs, but I also > > > make mistakes. > > > > > > When you have some problems: just write to the Mailinglist. > > > > > > > If so I can > > > > swap my external MX to using OpenBSD. > > > > > > In theory: yes. in practice: I don't know, because I don't know your > > > requirements. > > > > > > > I’d rather not install a compiler and build it on the MX servers > > > > themselves. Or try to get a spec file together to build it as a RPM > :) > > > > > > You also can build table-ldap on an other host and copy the binary to > > > your MX host. Just don't forget to install the runtime dependencies > > > on your MX. > > > > > > Philipp > > > > > > [0] For the version out of extras: also backport the commit > > > c64f1d3493325a231037f42f53b1d655f6dcb967 > > > [1] I would guess only by me > > > [2] I run table-ldap (from extras with the fix[0]) for some time and > > > haven't seen problems. > > > > > > > --- > > > > > > > > [image: Edmonton-signature-RGB.jpg] > > > > > > > > Aly Dharshi B.Sc., RHCE > > > > > > > > Communications Design Specialist > > > > > > > > ETS Technical Services > > > > > > > > CITY OPERATIONS | TRANSIT > > > > > > > > > > > > All information contained in this email post is proprietary to the > City > > > of > > > > Edmonton, confidential and intended only for the addressed > recipient. If > > > > you have received this post in error, please disregard the contents, > > > inform > > > > the sender of the misdirection, and remove it from your system. The > > > > copying, dissemination or distribution of this email, if > misdirected, is > > > > strictly prohibited. > > > > > > > > > > > > > > > > > > > > On Fri, Sep 13, 2024 at 4:00 AM Philipp <phil...@bureaucracy.de> > wrote: > > > > > > > > > Hi > > > > > > > > > > [2024-09-12 19:39] Aly Dharshi <aly.dhar...@edmonton.ca> > > > > > > I wanted to find out whether table-ldap is Linux compatible. If > so > > > what > > > > > is > > > > > > the correct way to install and use it. Is it a patch or is it > > > something > > > > > > that can be compiled as a standalone item. > > > > > > > > > > Yes Linux is suported. I asume you need this for the same system as > > > > > in your other mail. So you need the table implementation from the > > > extras > > > > > repo[0]. Also you need to port the commit > > > > > c64f1d3493325a231037f42f53b1d655f6dcb967 > > > > > from the table-ldap repo[1]. To build and install run: > > > > > > > > > > $ ./bootstrap > > > > > $ ./configure --prefix $prefix --with-table-ldap > > > > > $ make > > > > > # make install > > > > > > > > > > The prefix must be the same as the prefix used to install > opensmtpd. > > > > > This builds the table-ldap binary and installes it in > > > > > $prefix/libexec/smtpd/. > > > > > > > > > > > Details seem slightly scarce on this even on the GitHub repo. If > > > there > > > > > docs > > > > > > somewhere that I should be reading kindly point me there and I > can > > > start > > > > > > reading that. > > > > > > > > > > Sadly there is currently no doku for this, but it's quite easy: > For an > > > > > external table (i.e. "table name ldap:/path/to/config/file") smtpd > > > looks > > > > > in $prefix/libexec/smtpd for a binary table-$backendname (i.e > > > table-ldap). > > > > > This binary is executed with the config file as first argument. > > > > > > > > > > Philipp > > > > > > > > > > [0] https://github.com/OpenSMTPD/OpenSMTPD-extras > > > > > [1] https://github.com/OpenSMTPD/table-ldap > > > > > > > > > > > > > > > > > Thanks and Cheers, > > > > > > > > > > > > ASD. > > > > > > > > > > > > --- > > > > > > > > > > > > [image: Edmonton-signature-RGB.jpg] > > > > > > > > > > > > Aly Dharshi B.Sc., RHCE > > > > > > > > > > > > Communications Design Specialist > > > > > > > > > > > > ETS Technical Services > > > > > > > > > > > > CITY OPERATIONS | TRANSIT > > > > > > > > > > > > > > > > > > Meeting Booking Link > https://calendar.app.google/eTj5cU9rJFYUTqNM6 > > > > > > > > > > > > > > > > > > 780-619-1585 MOBILE > > > > > > > > > > > > > > > > > > > > > > > > City of Edmonton > > > > > > > > > > > > DL MacDonald Transit Yards > > > > > > > > > > > > ROW Building > > > > > > > > > > > > 13304 50A Street > > > > > > > > > > > > Edmonton AB T5A 4P6 > > > > > > > > > > > > All information contained in this email post is proprietary to > the > > > City > > > > > of > > > > > > Edmonton, confidential and intended only for the addressed > > > recipient. If > > > > > > you have received this post in error, please disregard the > contents, > > > > > inform > > > > > > the sender of the misdirection, and remove it from your system. > The > > > > > > copying, dissemination or distribution of this email, if > > > misdirected, is > > > > > > strictly prohibited. > > > > > > > > > > > > -- > > > > > > *The contents of this message and any attachment(s) are > confidential, > > > > > > proprietary to the City of Edmonton, and are intended only for > the > > > > > > addressed recipient. If you have received this in error, please > > > > > disregard > > > > > > the contents, inform the sender of the misdirection, and remove > it > > > from > > > > > > your system. The copying, dissemination, or distribution of this > > > > > message, > > > > > > if misdirected, is strictly prohibited.* > > > > > > > > > > > > > -- > > > > *The contents of this message and any attachment(s) are confidential, > > > > proprietary to the City of Edmonton, and are intended only for the > > > > addressed recipient. If you have received this in error, please > > > disregard > > > > the contents, inform the sender of the misdirection, and remove it > from > > > > your system. The copying, dissemination, or distribution of this > > > message, > > > > if misdirected, is strictly prohibited.* > > > > > > > -- > > *The contents of this message and any attachment(s) are confidential, > > proprietary to the City of Edmonton, and are intended only for the > > addressed recipient. If you have received this in error, please > disregard > > the contents, inform the sender of the misdirection, and remove it from > > your system. The copying, dissemination, or distribution of this > message, > > if misdirected, is strictly prohibited.* > -- *The contents of this message and any attachment(s) are confidential, proprietary to the City of Edmonton, and are intended only for the addressed recipient. If you have received this in error, please disregard the contents, inform the sender of the misdirection, and remove it from your system. The copying, dissemination, or distribution of this message, if misdirected, is strictly prohibited.*
