Re: Digging into using LDAP

Fri, 28 Jun 2013 02:45:00 -0700 

On Fri, Jun 28, 2013 at 11:38:29AM +0200, Joel Carnat wrote:
> Hi,
> 
> (Now that SSL "issue" is clear, let's digg a bit more :)
> 
> So, using smtpd 5.3.3 on openbsd 5.3.
> I used 
> https://poolp.org/0x765d/OpenSMTPD:-LDAP-support-selectable-source--DKIM-and-Goodies
>  as a source of inspiration.
> 
> Here's my configuration bits:
> /etc/mail/smtpd.conf
>  listen on lo0
>  include "/etc/mail/smtpd.conf.local"
> 
> /etc/mail/smtpd.conf.local
>   lan_addr = "192.168.0.218"
>   listen on $lan_addr
>   table ldap ldap:/etc/mail/ldapd.conf
>   accept for domain "tumfatig.net" alias <ldap> deliver to maildir 
> "/home/vmail/%{rcpt.domain}/%{rcpt.user}/"
>   accept for any relay
> 
> /etc/mail/ldapd.conf
>   url             ldap://ldap.tumfatig.net
>   username        cn=user,...
>   password        mypass
>   basedn          dc=tumfatig,dc=net
>   # Aliases
>   alias_filter            (&(mail=%s)(objectClass=CourierMailAlias))
>   alias_attributes        maildrop
> 
> One of my test LDAP alias (which works in my actual postfix configuration) 
> looks like:
>   dn: [email protected],ou=alias,dc=tumfatig,dc=net
>   objectClass: top
>   objectClass: CourierMailAlias
>   objectClass: person
>   objectClass: organizationalPerson
>   objectClass: inetOrgPerson
>   (...)
>   mail: [email protected]
>   mail: [email protected]
>   mail: [email protected]
>   mail: [email protected]
>   (...)
>   maildrop: [email protected]
> 
> The thing is, when I issue the "RCPT TO: <[email protected]>", I get 
> "550 Invalid recipient".
> Running smtpd in debug mode reports:
>   debug: smtp: new client on listener: 0x88fe9170
>   smtp-in: New session 00000001573f798d from host localhost [127.0.0.1]
>   debug: table_ldap_internal_query: 
> filter=(&(mail=postmaster)(objectClass=CourierMailAlias)), ret=0
>   debug: table_ldap_alias: ret=0
>   smtp-in: Failed command on session 00000001573f798d: "RCPT TO: 
> <[email protected]>" => 550 Invalid recipient
>   smtp-in: Closing session 00000001573f798d
>   debug: smtp: 0x7d217000: deleting session: done
> 
> The error is that my alias_filter looks badly formed.
> What would be the correct filter syntax to look for the whole email address 
> in the LDAP tree ?
>

either use a virtual mapping, since that will use the full email address
as the key, or extend the backend to support expansion so that you can
use %{rcpt} instead of %s


-- 
Gilles Chehade

https://www.poolp.org                                          @poolpOrg

-- 
You received this email because you are subscribed to mailing list: 
[email protected]
To unsubscribe, send mail with subject:
        [[email protected]] unregister

Reply via email to