Hi,
I have a question about refint overlay.
Situation:
I have a ldap server maintaining a ldap tree of users, groups and email aliases like this:
--------------------------------------------------- dn: uid=user_a,ou=users,dc=example,dc=com mail:user_a@example.com
dn: uid=user_b,ou=users,dc=example,dc=com mail:user_b@example.com
dn: cn=group_a,ou=groups,dc=example,dc=com member: uid=user_a,ou=users,dc=example,dc=com
dn: cn=group_b,ou=groups,dc=example,dc=com member: uid=user_b,ou=users,dc=example,dc=com
dn: cn=alias_a,ou=emailAliases,dc=example,dc=com member: uid=user_a,ou=users,dc=example,dc=com member: uid=group_b,ou=users,dc=example,dc=com
dn: cn=alias_b,ou=emailAliases,dc=example,dc=com member: uid=user_b,ou=users,dc=example,dc=com member: uid=group_a,ou=users,dc=example,dc=com ---------------------------------------------------
Now, I have configured my SMTP server (specifically, postfix) to read email aliases from LDAP, and let postfix to recursively expand email aliases from ou=emailAliases,dc=example,dc=com until actual email address is resolved. (no problem here).
But, when I need to rename the user/group, I have to manually update the corresponding alias, and I figured refint overlay would be useful for me. I tried, but seems that it just do nothing. Below is my configuration. Did I missed something? Thank you very much.
------------------------- slapd.conf
allow bind_v2 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema #include /etc/ldap/schema/nis.schema include /etc/ldap/schema/rfc2307bis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/mozillaabpersonalpha.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/hdb.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel none modulepath /usr/lib/ldap moduleload back_hdb moduleload refint sizelimit 500 tool-threads 1 sasl-secprops minssf=0 sasl-realm EXAMPLE.COM sasl-host foo.example.com sasl-regexp "gidNumber=.*\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=heimdal,dc=example,dc=com" authz-regexp "uid=root,cn=gssapi,cn=auth" "cn=admin,dc=example,dc=com" authz-regexp "uid=(.*),cn=example.com,cn=gssapi,cn=auth" "uid=$1,ou=users,dc=example,dc=com"
backend hdb
database config rootpw secret
database hdb suffix "dc=example,dc=com" directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500
index objectClass eq index ou eq index uidNumber eq index gidNumber eq index cn,sn,givenName eq,sub index mail eq,sub index uid eq,sub index memberUid,member eq index uniqueMember eq index displayName eq,sub index labeledURI eq index entryUUID eq index createTimestamp,modifyTimestamp eq index mozillaNickname sub index mozillaSecondEmail sub index nsAIMid sub index mozillaHomeLocalityName sub index mozillaHomeState sub index mozillaHomePostalCode sub index mozillaHomeCountryName sub index mailLocalAddress eq index krb5PrincipalName eq
lastmod on checkpoint 512 30
(ACL omitted)
overlay refint refint_attributes member refint_nothing "cn=admin"
openldap-software@openldap.org
-
lee_yiu_chung@yahoo.com