On Mon, Jul 02, 2012 at 12:24:09PM +0200, Jan Beerden wrote:
dn: olcOverlay=constraint,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcConstraintConfig
olcOverlay: constraint
olcConstraintAttribute: mail,mailAliases set "this/mail & this/mailAliases"
restrict="ldap:///dc=company,dc=be??sub?(objectClass=mail-user)"
I created the following users:
userA with mail userA(a)company.be
userB with mail userB(a)company.be
When I try to create an alias for userA, it wil refuse everything
accept the value of it's mail address.
s/accept/except/ perhaps?
So for userA I can only create an alias userA(a)company.be.
The same applies for userB.
Ah - I think I understand now. The constraint that I suggested applies to both
mail and mailAliases attributes, so it effectively says they must be identical.
You could try something like this:
olcConstraintAttribute: mail set "this/mail & this/mailAliases"
restrict="ldap:///dc=company,dc=be??sub?(objectClass=mail-user)"
That would require the mail attribute to have a value that is also found in the
mailAliases attribute, but should not prevent other values in mailAliases.
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
|
http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------