OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: virtual_maibox_maps, ldap lookups, and multiple attributes

From: ben thielsen (btbbitrate.net)
Date: Sun Feb 01 2009 - 22:18:14 CST

On Feb 01, 2009, at 23.15, ben thielsen wrote:

> hi-
>
> i'm using an ldap lookup map for virtual_maibox_maps and haven't
> been able to get the lookup to work quite the way i'd like. users
> exist in the ldap tree as
> uid=user,ou=people,ou=users,ou=accounts,dc=example,dc=com, and
> currently i'm using the mailLocalAddress attribute to store
> addresses which should be delivered to the filesystem, by virtual.
> users potentially have multiple addresses in their entry using this
> attribute, each of which should be delivered to a discrete mailbox -
> e.g.:
>
> dn: uid=user,ou=people,ou=users,ou=accounts,dc=example,dc=com
> mailLocalAddress: userfoo.com - delivered to foo.com/user/Maildir/
> mailLocalAddress: userbar.net - delivered to bar.net/user/Maildir/
> mailLocalAddress: ufoobar.org - delivered to foobar.org/u/Maildir/
>
> this works well for entries that contain only a single
> mailLocalAddress attribute, but not so well when multiple attributes
> exist. using %U and %D in the result_format value appeared to be a
> step in the right direction, but still returns more than one result,
> which suggested that there might be a more sensible approach. i
> also experimented with expansion_limit and size_limit, neither of
> which appeared to change the outcome (aside from introducing
> failures).
>
> at first glance, it seems to me that being able to use % expansions
> in the result_attribute might get me what i'm after (e.g.
> result_attribute = mailLocalAddress=%s or such), the idea being that
> only attributes that matched a particular value would be returned.
> since this isn't possible though, according to the ldap_table man
> page, i'm wondering how else i might achieve my goal, without
> requiring independent entries in ldap for each mailbox.
>
> thanks
> -ben

apologies-

i meant to include my lookup map, as it currently stands (horribly
munged, out of unreasonable paranoia):

version = 3
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
server_host = ldaps://ldap.example.com
bind_dn = cn=postfix,ou=under,ou=services,ou=accounts,dc=example,dc=com
bind_pw = xxxxxxxxxxxxxx
search_base = ou=people,ou=users,ou=accounts,dc= example,dc= com
query_filter = (&(objectClass=inetLocalMailRecipient)(mailLocalAddress=
%s)(memberOf=cn=mail_recipients,dc=
%d,ou=domains,ou=mail,dc=example,dc=com))
result_attribute = mailLocalAddress
result_format = %D/%U/Maildir/

-ben