From: Brent Bice (bbicesgi.com)
Date: Mon Mar 31 2008 - 21:21:10 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Victor Duchovni wrote:
> On Mon, Mar 31, 2008 at 05:45:02PM -0700, Brent Bice wrote:
>> Is this by intent? I'm assuming it's just because the code intends
>> special_result_attribute to return only DNs or URIs that point to a
>> single LDAP record?
>
> Yes, with DNs (but you can make the attribute that lists DNs multi-valued,
> each DN returns a single result, but there can be many such DNs in the
> same entry).

    Right, I saw that. Since each user record contains an attribute
showing the building the user is in already, I'm trying to avoid having
another ldap record (say, one named cn=building10,ou=groups,...) that
contains DNs pointing to every user's LDAP record in building 10.

> No, with URLs, the query should return all matching results. Did you
> read ldap_table(5):
>
> URI processing retrieves only those attributes that are
> included in the URI definition and are *also* listed in
> "result_attribute". If the URI lists any of the map's special
> result attributes, these are also retrieved and used recursively.

    I missed this (the bit about URI processing) but my trying to use a
URI in the special_result_attribute instead of a DN was just a shot in
the dark. :-)

> So, do any of the objects matching the query "building=10" have the
> appropriate result attributes?

    Yes. But I'm trying to avoid having to maintain the building
attributes in each user record and a separate ldap record for each
building containing DNs pointing to the users in that building.

> Show the full ldap.cf table definition, and post output from
> "postmap -vq ..." hiding only the "bind_dn" and "bind_pw" as necessary.

    I'll include a few LDIF record snippets too.

    Here's a few user records in my test environment:
dn: uid=12345,ou=People,dc=base
cn=Brent Bice
...
buldingName=10
mail=bbicesgi.com
maildrop=bbiceserver1.sgi.com

dn: uid=12346,ou=People,dc=base
cn=Fred Flintstone
...
buildingName=10
mail=fredfsgi.com
maildrop=fredfserver2.sgi.com

    Here's a record I was hoping I could use to tell postfix to map
bldg10_allsgi.com (for example) to everyone whose entry contained the
building=10 attribute:

dn: cn=bldg10_all,ou=MailGroups,ou=Groups,dc=base
cn=bldg10_all
...
mailQuery=ldap://ldap-dev:9389/dc=sgi,dc=com??sub?(buildingName=10)

    So, for testing I created a file named mytest2.cf
server_host = ldap://ldap-dev:9389
version = 3
search_base = dc=base
query_filter = cn=%u
terminal_result_attribute = maildrop
special_result_attribute = mailQuery

    And I'm an idiot... (sheepish grin) The reason it wasn't working
was because all of the user records have the mail attribute, but not all
of them had the maildrop attribute (we will need this distinction too as
it's demonstrated in the ldap_table man page but I missed adding the
attribute to ALL of the test records).

    So, the mailQuery attribute above (which doesn't explicitly specify
the attributes but does specify a query for more than one record) does
work fine. I just need to make sure each user's record contains both
their official email address and the maildrop (final destination) address.

Brent

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]