Am 24.01.15 um 18:04 schrieb Michael Ströder:
Leander Schäfer wrote:
I'm trying to construct a ldap filter for my Dovecot/Postfix setup which acts as the example pseudo code & result below:
|return uidNumber OF objectClass=posixAccount IF they have a ou=mail AND the mailAddress in this ou=mail IS EQUAL to test@Mydomain.TLD || # User-1, people, Mydomain.TLD dn: uid=||User-1,ou=people,dc=MyDomain,dc=TLD uidNumber: 2110
|
More specific like this while %s holds e.g.: test@Mydomain.TLD:
|search_base = dc=Mydomain,dc=TLD query_filter = ( &(objectClass=posixAccount)(ou=mail)(mailAddress=%s) ) result_attribute = uidNumber |
But obviously uidNumber is being hold by the posixAccount container one level above - and therewith it won't display what I want. Unfortunately I couldn't figure out how to get it work. My LDAP structure looks like this:
=> dc=MyDomain,dc=TLD ==> ou=People ===> uid=User-1 ====> uidNumber=4035 ====> ou=mail =====> mailAddress=test@Mydomain.TLD ===> uid=User-2
Any help would be greatly apprecitated
This won't work.
Can you please explain why your data is so complicated? What's the rationale of having even a separate tree if mail address entries?
Ciao, Michael.
Hi Michael
the structure is everything else then complex - the query/filter is the one which is :) The entire idea is, that each user can have several mail addresses. Yes, therefore I could use the mail attribute within the user itself BUT if I would set an alias in the user, then it would also affect ALL related mail=* addresses of the user. This is not good, since the user may only want to have an alias for certain addresses while others not. So in order to control each email address on its own, I decided to create a sub container named ou=mail under each user in where I put email hosting related information.
To prevent my current problem, I could simply provide uidNumber and gidNumber a second time. But since the posixAccount above ou=mail is holding this information, why should I provide it redundant?!
So I have decided that the mail attribute within the user account is used for general contact information about this person. Meanwhile the mailAddress attribute of my own mail.schema is there to represent one or more mailaccounts of this person.
I attached an example of how I would add users and their mail accounts below:
# ========================================================== #
# Adding posix User Account
This is how I would add a regular user to the LDAP DB:
cat << EOF > ./add_user.ldif dn: uid=User-1,ou=people,dc=MyDomain,dc=TLD objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uidNumber: 2001 gidNumber: 2001 homeDirectory: /home/User-1 loginShell: /usr/local/bin/bash uid: User-1 userPassword: TopSecretPassword displayName: User-1 givenName: User-1 mail: SomeMail@SomeDomain.TLD telephoneNumber: 0123456 cn: User-1 sn: Surname o: Some Corporation jpegPhoto:< file://Picture.jpg EOF
# Adding ou=mail
Then I would add the User-1's mail container which holds all mail hosting relevant information.
cat << EOF > ./add_users_mail_container.ldif dn: ou=mail,uid=User-1,ou=people,dc=MyDomain,dc=TLD objectclass: top objectclass: organizationalUnit ou: mail EOF
# Adding Mail Accounts
And now I add mail accounts into the ou=mail container. The idea is, that this could be repeated several times with different mailAddress:
cat << EOF > /add_users_mail_account.ldif dn: mailAddress=test@Mydomain.TLD,ou=mail,uid=User-1,ou=people,dc=MyDomain,dc=TLD objectclass: mailAccount mailAddress: test@Mydomain.TLD MailPassword: {SSHA}TopSecretPasswordHash MailAccountStatus: active mailStorageDirectory: /home/User-1/mail #mailAlias: NONE mailDelivery: dovecot mailSizeMax: 10240 mailReplyText: Nothing to reply here mailQuotaSize: 10240 mailQuotaCount: 0 mailservice: smtp mailservice: pop3 mailservice: imap mailservice: managesieve EOF
# ========================================================== #
Best Regards, Leander