OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [Fwd: ldap users & aliases config]

From: Victor Duchovni (Victor.Duchovnimorganstanley.com)
Date: Thu May 08 2008 - 13:52:29 CDT

On Thu, May 08, 2008 at 07:24:10PM +0100, Wojtek Bogusz wrote:

> ok. i thought that i can have cn returned as an attribute. so i had
> wrong ldap structure.

It will be returned as an attribute if it is actually populated as an
attribute. RDN components are not attributes.

> i do not understand ldap :-(

Why are you using LDAP?

> fields: cn (which is rdn and required)

ldapsearch does not return this field. Do you populate it?

> it is a bit crazy, why cn and sn cannot be attributes?...

Of course they can.

    $ ldapsearch ...
    dn: ...
    uid: viktor
    cn: Victor Duchovni
    sn: Duchovni

If you need help with LDAP, join an LDAP help forum.

> can you please advice how to make rewriting rules apply only to address
> in my domain?

    http://www.postfix.org/ldap_table.5.html

Frankly, the whole idea of basing mail routin people's Common Name
is a bad one. Give users a multi-valued email-address attribute, and
match addresses explicitly against addresses. DO NOT match on the SN,
what happens when you have 2 people named "Nowak"?

We use (for people).

    mail := single-valued primary address
    mailalternateaddress := mult-valued list of all valid addresses
    maildrop :+ single-valued mailbox location

The virtual table is:

        ...
        # domain=... For efficiency only, all lookup keys are full addresses
        domain = /etc/postfix/our-domains
        query_filter = mailalternateaddress = %s
        result_attribute = maildrop

Actually the virtual table also supports groups and is more complex:

        ...
        # domain=... For efficiency only, all lookup keys are full addresses
        domain = /etc/postfix/our-domains
        query_filter = mailalternateaddress = %s
        terminal_result_attribute = maildrop
        special_result_attribute = uniquemember

but the key idea is to avoid basing routing on attributes that are not
RFC822 address valued.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.