Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
LDAP and the localuser router
exim at strangeminds
Jul 4, 2002, 9:25 AM
Post #1 of 5 (989 views)
Permalink
Hi all

I have been administrating a group of Exim servers over the last year
and a half or so. So far so good. Great software. Thank you to those
responsable, keep up the good work. Earlyer this year I upgraded 3 of
the servers to Exim 4.x. All went well. I have now embarked on a quest
to get these servers to use LDAP to obtain user and alias info.

So far all the howtos I have seen are using Exim 3.x. I have managed (I
think) to convert most of the config examples to version 4 but the
localuser router is giving me a headache.

I notice that in the v3 configs you could use a query to verify that the
user is local, but in v4 this does not seem posable.

Am I just not finding the right part of the manual or have we lost a
feature in the transition from 3 to 4?

Thanks

Rodney Arne Karlsen
Re: LDAP and the localuser router [ In reply to ]
ph10 at cus
Jul 4, 2002, 7:54 AM
Post #2 of 5 (967 views)
Permalink
On Thu, 4 Jul 2002, Rodney Arne Karlsen wrote:

> I notice that in the v3 configs you could use a query to verify that the
> user is local, but in v4 this does not seem posable.

An LDAP query? That should be as possible in v4 as it was in v3.

> Am I just not finding the right part of the manual or have we lost a
> feature in the transition from 3 to 4?

I don't think so. If you post your v3 director, I'm sure somebody will
be able to turn it into a v4 router for you.


--
Philip Hazel University of Cambridge Computing Service,
ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.
Re: LDAP and the localuser router [ In reply to ]
dsh8290 at rit
Jul 4, 2002, 8:24 AM
Post #3 of 5 (973 views)
Permalink
--
On Thu, Jul 04, 2002 at 04:25:51PM +0000, Rodney Arne Karlsen wrote:
| Hi all
|
| I have been administrating a group of Exim servers over the last year
| and a half or so. So far so good. Great software. Thank you to those
| responsable, keep up the good work. Earlyer this year I upgraded 3 of
| the servers to Exim 4.x. All went well. I have now embarked on a quest
| to get these servers to use LDAP to obtain user and alias info.

Sounds good. I've worked on a similar thing here, but slightly
different details. If you want the entire config I came up with
(which isn't live yet, btw) I can send it to you.

| So far all the howtos I have seen are using Exim 3.x. I have managed (I
| think) to convert most of the config examples to version 4 but the
| localuser router is giving me a headache.

If you have check_local_user, it will do just that -- via the C
library. This works great at our site because we set up pam to pull
local user info from the LDAP server. Otherwise you could do
something like this (I have tested a nearly identical version) :

ldap_forwards:
driver = redirect
domains = +local_domains
data = ${lookup ldapm {\
ldap://barak.itusa.org/\
ou=People,o=International Teams\
?mailForwardingAddress?one?\
(& (objectClass=mailRecipient) \
(mail=${quote_ldap:$local_part}) ) \
} {$value} fail }
allow_defer
allow_fail
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part

and store the path to their local mailbox in the mailForwardingAddress
attribute.

HTH,
-D

--

If we claim to be without sin, we deceive ourselves and the truth is not
in us.
I John 1:8

http://dman.ddts.net/~dman/

--
[ Content of type application/pgp-signature deleted ]
--
Re: LDAP and the localuser router [ In reply to ]
exim at strangeminds
Jul 5, 2002, 12:21 AM
Post #4 of 5 (969 views)
Permalink
Hi all

Thanks for the responses. Below is the local user director I found at
http://www.bastard.net/~kos/mailrouter/sample-configure Most of the
file I have been able to "translate" though this one is bugging me.

localuser:
driver = aliasfile
transport = bsd_delivery
search_type = ldap
query = "ldap:///uid=$local_part,dc=$domain,o=top?uid"
#user = ${lookup ldap{ldap:///uid=${local_part},dc=${domain},o=top?uidNumber}{$value}fail}
#group = ${lookup ldap{ldap:///uid=${local_part},dc=${domain},o=top?gidNumber}{$value}fail}
user = mail
group = mail

I tryed converting it to

localuser:
driver = accept
transport = maildir_delivery
# search_type = ldap
data = ${lookup ldap{ldap:///uid=$local_part,dc=$domain,o=top?uid}}
#user = ${lookup
ldap{ldap:///uid=${local_part},dc=${domain},o=top?uidNumber}{$value}fail}
#group = ${lookup
ldap{ldap:///uid=${local_part},dc=${domain},o=top?gidNumber}{$value}fail}
user = mail
group = mail

before I read the manual on the accept router.

All my servers have been using the usual /var/spool/mail delivery system
in the past so my atempt to adapt to use maildir may also be broken.

Derrick, if you have time, I would love to take a look at your config. I
am always wiling look at new ways of doing things to improve the
workings of my systems.

Thanks

Rodney Arne Karlsen


Philip Hazel wrote:

>On Thu, 4 Jul 2002, Rodney Arne Karlsen wrote:
>
>
>
>>I notice that in the v3 configs you could use a query to verify that the
>>user is local, but in v4 this does not seem posable.
>>
>>
>
>An LDAP query? That should be as possible in v4 as it was in v3.
>
>
>
>>Am I just not finding the right part of the manual or have we lost a
>>feature in the transition from 3 to 4?
>>
>>
>
>I don't think so. If you post your v3 director, I'm sure somebody will
>be able to turn it into a v4 router for you.
>
>
>
>






----------------------------------
EMAIL DISCLAIMER:
WARNING:
Any unauthorised use or interception of this email is illegal. If this email
is not intended for you, you may not copy, distribute nor disclose the contents
to anyone. Save for bona fide company matters, Rigel Services cc t/a Compu-Doc
and Compu-Doc On-Line does not accept any responsibility for the opinions
expressed in this email.

For further details please see:
http://www.compudoc.co.za/emaildisclaimer.php
----------------------------------
Re: LDAP and the localuser router [ In reply to ]
DGrayStephens at slb
Jul 5, 2002, 6:29 AM
Post #5 of 5 (1002 views)
Permalink
Rodney,

At 09:21 (GMT+0200) on 5-July-2002, Rodney Arne Karlsen wrote:
> Hi all
>
> Thanks for the responses. Below is the local user director I found at
> http://www.bastard.net/~kos/mailrouter/sample-configure Most of the
> file I have been able to "translate" though this one is bugging me.
>
> localuser:
> driver = aliasfile
> transport = bsd_delivery
> search_type = ldap
> query = "ldap:///uid=$local_part,dc=$domain,o=top?uid"
> #user = ${lookup ldap{ldap:///uid=${local_part},dc=${domain},o=top?uidNumber}{$value}fail}
> #group = ${lookup ldap{ldap:///uid=${local_part},dc=${domain},o=top?gidNumber}{$value}fail}
> user = mail
> group = mail
>
> I tryed converting it to
>
> localuser:
> driver = accept
> transport = maildir_delivery
> # search_type = ldap
> data = ${lookup ldap{ldap:///uid=$local_part,dc=$domain,o=top?uid}}
> #user = ${lookup
> ldap{ldap:///uid=${local_part},dc=${domain},o=top?uidNumber}{$value}fail}
> #group = ${lookup
> ldap{ldap:///uid=${local_part},dc=${domain},o=top?gidNumber}{$value}fail}
> user = mail
> group = mail

I'm slightly confused by both examples. You are trying to search LDAP
specifying the distinguished name
uid=${local_part},dc=${domain},o=top
and asking to return the UID. Given with LDAP that the relative
distinguished name must be one of the values, the UID is either known
(when a single valued attributed ast $local_part), or is multivalued,
so you may wish to use extract to get to the correct value (and in
LDAP the order of data in an attribute is not guaranteed, although in
practice it is maintained in the order in which it was saved).

I would run
exim -d+lookup -bt some-local-user@domain
to see what exim was doing for the LDAP lookups.

Also I'm not certain that you are setting the correct search root.
You may want to set a search root, and LDAP filter, e.g.

data = ${lookup ldap{ldap:///o=myorg,c=us?uid?sub?cn=${local_part}}}
could return the UID attribute for the ONE record under a search base
of o=myorg,c=us matching the LDAP filter cn=${local_part}.


Douglas.


>
> before I read the manual on the accept router.
>
> All my servers have been using the usual /var/spool/mail delivery system
> in the past so my atempt to adapt to use maildir may also be broken.
>
> Derrick, if you have time, I would love to take a look at your config. I
> am always wiling look at new ways of doing things to improve the
> workings of my systems.
>
> Thanks
>
> Rodney Arne Karlsen
>
>
> Philip Hazel wrote:
>
> >On Thu, 4 Jul 2002, Rodney Arne Karlsen wrote:
> >
> >
> >
> >>I notice that in the v3 configs you could use a query to verify that the
> >>user is local, but in v4 this does not seem posable.
> >>
> >>
> >
> >An LDAP query? That should be as possible in v4 as it was in v3.
> >
> >
> >
> >>Am I just not finding the right part of the manual or have we lost a
> >>feature in the transition from 3 to 4?
> >>
> >>
> >
> >I don't think so. If you post your v3 director, I'm sure somebody will
> >be able to turn it into a v4 router for you.
> >
> >
> >
> >
>
>
>
>
>
>
> ----------------------------------
> EMAIL DISCLAIMER:
> WARNING:
> Any unauthorised use or interception of this email is illegal. If this email
> is not intended for you, you may not copy, distribute nor disclose the contents
> to anyone. Save for bona fide company matters, Rigel Services cc t/a Compu-Doc
> and Compu-Doc On-Line does not accept any responsibility for the opinions
> expressed in this email.
>
> For further details please see:
> http://www.compudoc.co.za/emaildisclaimer.php
> ----------------------------------
>

--

================================
Douglas GRAY STEPHENS
Technical Architect (Directories)
Schlumberger Cambridge Research
High Cross,
Madingley Road,
Cambridge.
CB3 0EL
ENGLAND

Phone +44 1223 325295
Mobile +44 773 0051628
Fax +44 1223 311830
Email DGrayStephens@slb.com
================================

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal