global::ldap

fn connect 

fn connect(parameters: Map) -> Ldap
Construct a ldap connection pool pointing to the given ldap server.
  • parameters - A map with following parameters:
    • url - A string url to connect to the database.
    • timeout - Time allowed between each query to the database. (default: 30s)
    • connections - Number of connections to open to the database. (default: 4)
    • bind - A map of parameters to execute a simple bind operation: (optional, default: no bind)
      • dn - The DN used to bind.
      • pw - The password used to bind.
    • tls - A map with the following parameters: (optional, default: no tls)
      • starttls - true to use starttls when connecting to the server. (optional, default: false)
      • cafile - Root certificate path to use when connecting. (optional) If this parameter is not used, the client will load root certificates found in the platform’s native certificate store instead. Be careful since loading native certificates, on some platforms, involves loading and parsing a ~300KB disk file.

A service used to query the server pointed by the url parameter.

  • The service failed to connect to the server.
  • The service failed to load root certificates.

It is recommended to create a ldap service in it’s own module.

// Import the plugin stored in the `plugins` directory.
import "plugins/libvsmtp_plugin_ldap" as ldap;

export const directory = ldap::connect(#{
    url: "ldap://ds.example.com:1389 ",
});

fn search 

fn search(database: Ldap, base: String, scope: String, filter: String, attrs: Array) -> Map
Search the ldap server for entries.
  • base - The search base, which is the starting point in the DIT for the operation.
  • scope - The scope, which bounds the number of entries which the operation will consider Can either be base, one or sub.
  • filter - An expression computed for all candidate entries, selecting those for which it evaluates to true.
  • attrs - The list of attributes to retrieve from the matching entries.

A list of entries (as maps) containing the queried attributes for each entry.

  • result - Can be “ok” or “error”.
  • entries - If result is set to “ok”, contains an array of the following map:
    • dn - The entry DN.
    • attrs - The entry attributes that were searched.
  • error - If result is set to “error”, contains a string with the error.
  • The connection timed out.
  • The scope string is invalid.

Build a service in services/ds.vsl;

// Import the plugin stored in the `plugins` directory.
import "plugins/libvsmtp_plugin_ldap" as ldap;

export const directory = ldap::connect(#{
    url: "ldap://ds.example.com:389 ",
    timeout: "1m",
    connections: 10,
});

Search the DS during filtering.

import "services/ds" as srv;

#{
    rcpt: [
        rule "check recipient in DS" || {
            let address = rcpt();
            let user = recipient.local_part();

            const results = srv::directory.search(
                "ou=People,dc=example,dc=com",

                // Search the whole tree.
                "sub",

                // Match on the user id and address.
                `(|(uid=${user})(mail=${address}))`

                // Get all attributes from the entries.
                ["*"]
            );

            // ...
        }
    ],
}
</div>

</div>
</br>

<div markdown="span" style='box-shadow: 0 4px 8px 0 rgba(0,0,0,0.2); padding: 15px; border-radius: 5px;'>

<h2 class="func-name"> <code>fn</code> compare </h2>

```rust,ignore
fn compare(database: Ldap, dn: String, attr: String, val: String) -> bool
Compare the value(s) of the attribute attr within an entry named by dn with the value val.
  • dn - name of the entry.
  • attr - The attribute use to compare the value.
  • val - expected value of the attribute.

True, if the attribute matches, false otherwise.

Build a service in services/ds.vsl;

// Import the plugin stored in the `plugins` directory.
import "plugins/libvsmtp_plugin_ldap" as ldap;

export const directory = ldap::connect(#{
    url: "ldap://ds.example.com:389 ",
    timeout: "1m",
    connections: 10,
});

Compare an entry attribute during filtering.

import "services/ds" as srv;

#{
    rcpt: [
        rule "check recipient in DS" || {
            let address = rcpt();
            let user = recipient.local_part();

            if srv::directory.compare(
                // Find the user in our directory.
                `uid=${user},ou=People,dc=example,dc=org`,
                // Compare the "address" attribute.
                "address",
                // Check if the given recipient address is the same as
                // the one registered in the directory.
                address.to_string(),
            ) {
                log("info", `${user} email address is registered in the directory.`);
            } else {
                log("warn", `${user}'s email address does not match the one registered in the directory.`);
            }
        }
    ],
}
</div>

</div>
</br>