On Mon, Jul 02, 2012 at 12:24:09PM +0200, Jan Beerden wrote:
dn: olcOverlay=constraint,olcDatabase={1}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcConstraintConfig olcOverlay: constraint olcConstraintAttribute: mail,mailAliases set "this/mail & this/mailAliases" restrict="ldap:///dc=company,dc=be??sub?(objectClass=mail-user)"
I created the following users: userA with mail userA@company.be userB with mail userB@company.be
When I try to create an alias for userA, it wil refuse everything accept the value of it's mail address.
s/accept/except/ perhaps?
So for userA I can only create an alias userA@company.be. The same applies for userB.
Ah - I think I understand now. The constraint that I suggested applies to both mail and mailAliases attributes, so it effectively says they must be identical. You could try something like this:
olcConstraintAttribute: mail set "this/mail & this/mailAliases" restrict="ldap:///dc=company,dc=be??sub?(objectClass=mail-user)"
That would require the mail attribute to have a value that is also found in the mailAliases attribute, but should not prevent other values in mailAliases.
Andrew