A request on the Exim mailing list tickled my interest: the poster wanted to have Exim expand a posixGroup to a list of the member’s e-mail addresses.

As a reminder, an RFC 2307 posixGroup has a multi-valued LDAP attribute type called memberUid which is the user identifier (uid) of the member. A sample groups looks like this:

    dn: cn=tgroup,ou=Groups,dc=fupps,dc=com
    gidNumber: 6009
    objectClass: top
    objectClass: posixGroup
    cn: tgroup
    description: Testgroup for jP
    memberUid: jpm
    memberUid: janej
    

So, what we need is a method by which Exim finds that group (easy with a ${lookup ) and then performs another LDAP search to retrieve the mail attribute type of each of the group’s members.

What I came up was was this:

    ldap_posixgroups:
     driver = redirect
     data = ${map{<, ${lookup ldapm{ldap:///GROUPBASE\
              ?memberUid?sub?(cn=${quote_ldap:$local_part})}}}{\
              ${lookup ldapm{ldap:///PEOPLEB?mail?sub?uid=${quote_ldap:$item}}}\
              }}
    

The first ${lookup retrieves the values of the memberUid attribute type. For the group above, these are

jpm, janej

${map iterates through the comma-separated list, invoking a new (i.e. the second) ${lookup for each value which it places in $item. This second ${lookup performs a search for the mail attribute type of each of the users. For example, user janej has multiple mail addresses:

j.jolie@fupps.com, jane.jolie@fupps.com, jj@fupps.com

Putting all that together, the result will be

jp@example.de,j.jolie@fupps.com,, jane.jolie@fupps.com,, jj@fupps.com

and Exim’s redirect router happily eats that (ignoring superflous commas), and it routes the message to the two users (and their four e-mail addresses).