Mailing List Archive: exim: users

openldap + exim, how to make mailing group ?

Index | Next | Previous | View Threaded

usual.man at gmail

Nov 16, 2009, 6:22 AM

Post #1 of 9 (1084 views)
Permalink

openldap + exim, how to make mailing group ?

helo.

I use openldap + samba, and i want to use exim with it.
i want to use posixGroup to make group mail.

If i use this router, i get only memberUid.

postgroup:
driver = redirect
allow_fail
allow_defer
data = ${lookup ldapm{LDAP_AUTH \

ldap:///ou=People,dc=xxx,dc=org?memberUid?sub?(cn=${quote_ldap:$local_part})}}

How i can get mail attribute from memberUid?

Thanks.

--
Bet regards, George.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at spodhuis

Nov 16, 2009, 11:17 AM

Post #2 of 9 (1052 views)
Permalink

Re: openldap + exim, how to make mailing group ? [In reply to]

On 2009-11-16 at 17:22 +0300, George Sitov wrote:
> I use openldap + samba, and i want to use exim with it.
> i want to use posixGroup to make group mail.
>
> If i use this router, i get only memberUid.
>
> postgroup:
> driver = redirect
> allow_fail
> allow_defer
> data = ${lookup ldapm{LDAP_AUTH \
>
> ldap:///ou=People,dc=xxx,dc=org?memberUid?sub?(cn=${quote_ldap:$local_part})}}
>
>
> How i can get mail attribute from memberUid?

Change ?memberUid? to ?memberUid,mail?

You can use ${extract{mail}{the_lookup}} to get the mail part from the
results.

-Phil

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

usual.man at gmail

Nov 16, 2009, 11:30 AM

Post #3 of 9 (1050 views)
Permalink

Re: openldap + exim, how to make mailing group ? [In reply to]

2009/11/16 Phil Pennock <exim-users [at] spodhuis>

> On 2009-11-16 at 17:22 +0300, George Sitov wrote:
> > I use openldap + samba, and i want to use exim with it.
> > i want to use posixGroup to make group mail.
> >
> > If i use this router, i get only memberUid.
> >
> > postgroup:
> > driver = redirect
> > allow_fail
> > allow_defer
> > data = ${lookup ldapm{LDAP_AUTH \
> >
> >
> ldap:///ou=People,dc=xxx,dc=org?memberUid?sub?(cn=${quote_ldap:$local_part})}}
> >
> >
> > How i can get mail attribute from memberUid?
>
> Change ?memberUid? to ?memberUid,mail?
>
> You can use ${extract{mail}{the_lookup}} to get the mail part from the
> results.
>
> -Phil
>

It seems like:

data = ${lookup ldapm{LDAP_AUTH \
${extract{mail}{ldap:///ou=People,dc=xxx,dc=
org?memberUid?sub?(cn=${quote_ldap:$local_part})}}}

?

thanks.

--
best regards, George.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at spodhuis

Nov 16, 2009, 1:32 PM

Post #4 of 9 (1045 views)
Permalink

Re: openldap + exim, how to make mailing group ? [In reply to]

On 2009-11-16 at 22:30 +0300, George Sitov wrote:
> 2009/11/16 Phil Pennock <exim-users [at] spodhuis>
> > Change ?memberUid? to ?memberUid,mail?
> >
> > You can use ${extract{mail}{the_lookup}} to get the mail part from the
> > results.
> >
> > -Phil
> >
>
> It seems like:
>
> data = ${lookup ldapm{LDAP_AUTH \
> ${extract{mail}{ldap:///ou=People,dc=xxx,dc=
> org?memberUid?sub?(cn=${quote_ldap:$local_part})}}}
>
> ?

No. See the bit between the first question-mark ("?") and the second
question-mark? That's where you specify which attributes you want from
LDAP.

You are currently asking for just memberUid, so you're getting just
that. You need to *ask* for the data you want. This is why I wrote:

> Change ?memberUid? to ?memberUid,mail?

After you ask LDAP for different data, if you're asking for more than
one attribute per user, you'll need to figure out how to get just the
data you want. The ${extract{}{}} then goes *around* the entire LDAP
lookup.

I recommend only asking for one attribute per user when using ldapm,
it's *much* easier. So you'd use ?mail? *instead-of* ?memberUid?.

So:
data = ${lookup ldapm{LDAP_AUTH ldap:///ou=People,dc=xxx,dc=org?mail?sub?(cn=${quote_ldap:$local_part})}}

*IF* you need more data, which is what was suggested to me by the fact
that you were asking for memberUid, then it gets more complicated. I
pointed to ${extract}, I should also have pointed to ${map}. It's easy
to construct, but it's apparently not what you want.

-Phil

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

usual.man at gmail

Nov 17, 2009, 12:12 AM

Post #5 of 9 (1039 views)
Permalink

Re: openldap + exim, how to make mailing group ? [In reply to]

2009/11/17 Phil Pennock <exim-users [at] spodhuis>

> On 2009-11-16 at 22:30 +0300, George Sitov wrote:
> > 2009/11/16 Phil Pennock <exim-users [at] spodhuis>
> > > Change ?memberUid? to ?memberUid,mail?
> > >
> > > You can use ${extract{mail}{the_lookup}} to get the mail part from the
> > > results.
> > >
> > > -Phil
> > >
> >
> > It seems like:
> >
> > data = ${lookup ldapm{LDAP_AUTH \
> > ${extract{mail}{ldap:///ou=People,dc=xxx,dc=
> > org?memberUid?sub?(cn=${quote_ldap:$local_part})}}}
> >
> > ?
>
> No. See the bit between the first question-mark ("?") and the second
> question-mark? That's where you specify which attributes you want from
> LDAP.
>
> You are currently asking for just memberUid, so you're getting just
> that. You need to *ask* for the data you want. This is why I wrote:
>
> > Change ?memberUid? to ?memberUid,mail?
>
>
> After you ask LDAP for different data, if you're asking for more than
> one attribute per user, you'll need to figure out how to get just the
> data you want. The ${extract{}{}} then goes *around* the entire LDAP
> lookup.
>
> I recommend only asking for one attribute per user when using ldapm,
> it's *much* easier. So you'd use ?mail? *instead-of* ?memberUid?.
>
> So:
> data = ${lookup ldapm{LDAP_AUTH
> ldap:///ou=People,dc=xxx,dc=org?mail?sub?(cn=${quote_ldap:$local_part})}}
>

How i can get "mail" attribute, if my group has no it ?

This is a query to get all attributes of group:

ldapsearch -H ldap://127.0.0.1 -D
"uid=addressbook,ou=People,dc=xxx,dc=org" -b
ou=PostGroup,ou=People,dc=xxx,dc=org '(cn=all)' -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=PostGroup,ou=People,dc=xxx,dc=org> with scope subtree
# filter: (cn=all)
# requesting: ALL
#

# all, PostGroup, People, xxx.org
dn: cn=all,ou=PostGroup,ou=People,dc=xxx,dc=org
cn: all
gidNumber: 500
memberUid: george
memberUid: testuser
objectClass: posixGroup
objectClass: top

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

If i make this query:
ldapsearch -H ldap://127.0.0.1 -D
"uid=addressbook,ou=People,dc=xxx,dc=org" -b
ou=PostGroup,ou=People,dc=xx,dc=org '(cn=all)' memberUid gidNumber mail
-W

i get:
# extended LDIF
#
# LDAPv3
# base <ou=PostGroup,ou=People,dc=xxx,dc=org> with scope subtree
# filter: (cn=all)
# requesting: memberUid mail
#

# all, PostGroup, People, xxx.org
dn: cn=all,ou=PostGroup,ou=People,dc=xxx,dc=org
memberUid: georgiy.a.sitov
memberUid: testuser

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

But i can not get "mail" attribute directly.

May be i can use "extract", but in "google" i can not find explain.

Please, can you help me make query
?

>
> *IF* you need more data, which is what was suggested to me by the fact
> that you were asking for memberUid, then it gets more complicated. I
> pointed to ${extract}, I should also have pointed to ${map}. It's easy
> to construct, but it's apparently not what you want.
>
> -Phil
>

--
Best regards, George.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

nmw at ion

Nov 17, 2009, 1:39 AM

Post #6 of 9 (1025 views)
Permalink

Re: openldap + exim, how to make mailing group ? [In reply to]

Phil Pennock wrote:
> On 2009-11-16 at 22:30 +0300, George Sitov wrote:
>> 2009/11/16 Phil Pennock <exim-users [at] spodhuis>
>>> Change ?memberUid? to ?memberUid,mail?
>>>
>>> You can use ${extract{mail}{the_lookup}} to get the mail part from the
>>> results.
>>>
>>> -Phil
>>>
>> It seems like:
>>
>> data = ${lookup ldapm{LDAP_AUTH \
>> ${extract{mail}{ldap:///ou=People,dc=xxx,dc=
>> org?memberUid?sub?(cn=${quote_ldap:$local_part})}}}
>>
>> ?
>
> No. See the bit between the first question-mark ("?") and the second
> question-mark? That's where you specify which attributes you want from
> LDAP.
>
> You are currently asking for just memberUid, so you're getting just
> that. You need to *ask* for the data you want. This is why I wrote:
>
>> Change ?memberUid? to ?memberUid,mail?
>
>
> After you ask LDAP for different data, if you're asking for more than
> one attribute per user, you'll need to figure out how to get just the
> data you want. The ${extract{}{}} then goes *around* the entire LDAP
> lookup.
>
> I recommend only asking for one attribute per user when using ldapm,
> it's *much* easier. So you'd use ?mail? *instead-of* ?memberUid?.
>
> So:
> data = ${lookup ldapm{LDAP_AUTH ldap:///ou=People,dc=xxx,dc=org?mail?sub?(cn=${quote_ldap:$local_part})}}
>
>
> *IF* you need more data, which is what was suggested to me by the fact
> that you were asking for memberUid, then it gets more complicated. I
> pointed to ${extract}, I should also have pointed to ${map}. It's easy
> to construct, but it's apparently not what you want.
>
> -Phil
>

This would work for a single user entry, which probably has an
associated mail address. However, it looks as though the OP is
requesting a posixGroup, which generally only contains a multi-valued
attribute memberUid for each member of the group. The search will
return a list of memberUids for the posixGroup in question. This will
require an additional search for each uid, to return the mail address
associated with that uid. I can't think of any shortcut.

An alternative is to create a mail group, rather than use posixGroups
for mail, and store the mail address (rfc822MailMember is what I use) as
the mail group attribute. This does disassociate the mail group entry
from the user entry and therefore incurs more admin overhead (to prevent
the mail group entry not being updated when a user entry is), but does
mean that the mail addresses for the mail group can be returned with a
single lookup.

Another option might be to store the mail group information as an
attribute in each user entry. Then you can search for all users which
contain a particular mail group attribute and return their mail attribute.

Swings and roundabouts.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw [at] ion
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

jpm at retail-sc

Nov 17, 2009, 3:41 AM

Post #7 of 9 (1035 views)
Permalink

Re: openldap + exim, how to make mailing group ? [In reply to]

> . However, it looks as though the OP is
> requesting a posixGroup, which generally only contains a multi-valued
> attribute memberUid for each member of the group. The search will
> return a list of memberUids for the posixGroup in question. This will
> require an additional search for each uid, to return the mail address
> associated with that uid. I can't think of any shortcut.

Correct.

I believe the following is suitable:

ldap_posixgroups:
driver = redirect
data = ${map{<, ${lookup ldapm{ldap:///GROUPBASE\
?memberUid?sub?(cn=${quote_ldap:$local_part})}}}{\
${lookup ldapm{ldap:///PEOPLEB?mail?sub?uid=${quote_ldap:$item}}}\
}}

The first ${map takes the multiple `memberUid` results from the search
in GROUPBASE, using a comma (,) as the separator, and applies each found
$item to a subsequent search to find the `mail' attribute type of the
person.

Haven't tried for groups > 100 members, so this might blow up your
percolator. :-)

-JP

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

hswong3i at edin

Nov 18, 2009, 4:48 AM

Post #8 of 9 (996 views)
Permalink

Re: openldap + exim, how to make mailing group ? [In reply to]

Maybe you can try my work? It is target to integrate Exim4 + OpenLDAP +
Samba3 together :D

http://sourceforge.net/projects/exim4-ldap/

Regards,
Edison Wong

George Sitov wrote:
> helo.
>
> I use openldap + samba, and i want to use exim with it.
> i want to use posixGroup to make group mail.
>
> If i use this router, i get only memberUid.
>
> postgroup:
> driver = redirect
> allow_fail
> allow_defer
> data = ${lookup ldapm{LDAP_AUTH \
>
> ldap:///ou=People,dc=xxx,dc=org?memberUid?sub?(cn=${quote_ldap:$local_part})}}
>
>
> How i can get mail attribute from memberUid?
>
>
>
> Thanks.
>
>

--
Edison Wong
hswong3i [at] gmail
http://edin.no-ip.com/

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

hswong3i at edin

Nov 19, 2009, 6:05 AM

Post #9 of 9 (999 views)
Permalink

Re: openldap + exim, how to make mailing group ? [In reply to]

||Why do you need to add attributes to samba.schema? You only need to add:

objectClass: qmailUser

to your user account. Therefore you can use qmail.schema attributes
TOGETHER with samba.schema's, too.

Please check my demo user ldif as reference:
http://edin.no-ip.com/content/exim4-ldap-0-0-5-initial-released

Regards,
Edison Wong
||
George Sitov wrote:
> I see you config for ldap, it`s great.
> But i user ntlm authorization with dovecot, and al people has same
> password in samba and domain.
> I use same attributes from qmail shema, and i add it into samba.shema,
> without it i can not add additional attributes to samba account. (i
> use phpldapadmin)
> Is easy way to split part of qmail shema in to samba account ?
>
>
> 2009/11/18 Edison Wong <hswong3i [at] edin
> <mailto:hswong3i [at] edin>>
>
> Maybe you can try my work? It is target to integrate Exim4 +
> OpenLDAP +
> Samba3 together :D
>
> http://sourceforge.net/projects/exim4-ldap/
>
> Regards,
> Edison Wong
>
> George Sitov wrote:
> > helo.
> >
> > I use openldap + samba, and i want to use exim with it.
> > i want to use posixGroup to make group mail.
> >
> > If i use this router, i get only memberUid.
> >
> > postgroup:
> > driver = redirect
> > allow_fail
> > allow_defer
> > data = ${lookup ldapm{LDAP_AUTH \
> >
> >
> ldap:///ou=People,dc=xxx,dc=org?memberUid?sub?(cn=${quote_ldap:$local_part})}}
> >
> >
> > How i can get mail attribute from memberUid?
> >
> >
> >
> > Thanks.
> >
> >
>
>
> --
> Edison Wong
> hswong3i [at] gmail <mailto:hswong3i [at] gmail>
> http://edin.no-ip.com/
>
>
>
>
>
> --
> C уважением, Георгий Сытов.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads