On 2009-04-09 at 10:45 +0200, Heiko Schlittermann wrote:
> yesterday I configured an Exim server to do LDAP queries, but somehow
> I'm not satisfied. May be I was blind or too stupid ...
>
> In some LDAP directory (here: ADS) there are "mail groups"
Does ADS have the concept of overlays, which OpenLDAP has?
I have a local globnixGroup auxiliary group which is pretty much
identical (by design) to groupOfNames but for being auxiliary and for
making 'member' be MAY instead of MUST, so that I can have empty groups.
This is because I mostly use posixGroup -- my LDAP usage is light and
mostly experimental.
I configure the backend with:
overlay memberof
memberof-group-oc globnixGroup
After this, any update to the 'member' attribute of any object with
objectClass globnixGroup will automatically update the 'memberOf'
attributes of the corresponding objects.
So by updating the equivalent to your mailgroups:
> dn: cn=edv,ou=mailgroups,o=org
> mail: edv@???
> member: cn=hans,ou=users,o=org <- CN here, no mailbox
> member: cn=paul,ou=users,o=org ... or mail address
the cn=hans,ou=users,o=org andcn=paul,ou=users,o=org entries would
automatically gain:
memberOf cn=edv,ou=mailgroups,o=org
as operational attributes (so you have to explicitly request them
(either by name or by requesting all operational attributes with +).
With this, I don't need to chain queries, I can just query by attribute.
And yes, I index on memberOf.
I suggest looking to see if ADS has something equivalent.
-Phil
