Exim expands LDAP posixGroup

November 17th, 2009 | Categories: Exim, LDAP, Mail | Tags: ,

EximA request on the Exim mailing list tickled my interest: the poster wanted to have Exim expand a posixGroup to a list of the member's e-mail addresses.

As a reminder, an RFC 2307 posixGroup has a multi-valued LDAP attribute type called memberUid which is the user identifier (uid) of the member. A sample groups looks like this:

dn: cn=tgroup,ou=Groups,dc=fupps,dc=com
gidNumber: 6009
objectClass: top
objectClass: posixGroup
cn: tgroup
description: Testgroup for jP
memberUid: jpm
memberUid: janej

So, what we need is a method by which Exim finds that group (easy with a ${lookup ) and then performs another LDAP search to retrieve the mail attribute type of each of the group's members.

What I came up was was this:

ldap_posixgroups:
 driver = redirect
 data = ${map{<, ${lookup ldapm{ldap:///GROUPBASE\
          ?memberUid?sub?(cn=${quote_ldap:$local_part})}}}{\
          ${lookup ldapm{ldap:///PEOPLEB?mail?sub?uid=${quote_ldap:$item}}}\
          }}

The first ${lookup retrieves the values of the memberUid attribute type. For the group above, these are

jpm, janej

${map iterates through the comma-separated list, invoking a new (i.e. the second) ${lookup for each value which it places in $item. This second ${lookup performs a search for the mail attribute type of each of the users. For example, user janej has multiple mail addresses:

j.jolie@fupps.com, jane.jolie@fupps.com, jj@fupps.com

Putting all that together, the result will be

jp@example.de,j.jolie@fupps.com,, jane.jolie@fupps.com,, jj@fupps.com

and Exim's redirect router happily eats that (ignoring superflous commas), and it routes the message to the two users (and their four e-mail addresses).

Leave a comment | Trackback
No comments yet.