Hello Phil,
it took me more then 4 weeks to return to the system and thus to the
question I asked.
Phil Pennock <exim-users@???> (Do 09 Apr 2009 13:03:34 CEST):
> On 2009-04-09 at 10:45 +0200, Heiko Schlittermann wrote:
> > yesterday I configured an Exim server to do LDAP queries, but somehow
> > I'm not satisfied. May be I was blind or too stupid ...
> >
> > In some LDAP directory (here: ADS) there are "mail groups"
>
> Does ADS have the concept of overlays, which OpenLDAP has?
>
> I have a local globnixGroup auxiliary group which is pretty much
> identical (by design) to groupOfNames but for being auxiliary and for
> making 'member' be MAY instead of MUST, so that I can have empty groups.
> This is because I mostly use posixGroup -- my LDAP usage is light and
> mostly experimental.
>
> I configure the backend with:
> overlay memberof
> memberof-group-oc globnixGroup
>
> After this, any update to the 'member' attribute of any object with
> objectClass globnixGroup will automatically update the 'memberOf'
> attributes of the corresponding objects.
>
> So by updating the equivalent to your mailgroups:
>
> > dn: cn=edv,ou=mailgroups,o=org
> > mail: edv@???
> > member: cn=hans,ou=users,o=org <- CN here, no mailbox
> > member: cn=paul,ou=users,o=org ... or mail address
>
> the cn=hans,ou=users,o=org andcn=paul,ou=users,o=org entries would
> automatically gain:
> memberOf cn=edv,ou=mailgroups,o=org
> as operational attributes (so you have to explicitly request them
> (either by name or by requesting all operational attributes with +).
>
> With this, I don't need to chain queries, I can just query by attribute.
> And yes, I index on memberOf.
>
> I suggest looking to see if ADS has something equivalent.
The ugly query is not so ugly anymore, the delimiter issue disappered
with the following (nested) LDAP query:
data = ${lookup ldapm{LDAP_CRED \
ldap:///UBASE\
?mail?sub?(memberOf=${lookup ldapdn{LDAP_CRED \
ldap:///ou=e-mail-verteilergruppen,GBASE\
??sub?(mail=${quote_ldap:$local_part@$domain})}})\
}}
The inner search looks for the DN of the group associated with the mail
address and the outer search then finds the mail attributes of the
members of this group, using the "memberOf" filter (the LDAP is an AD).
Thanks a lot for the "memberOf" hint.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann HS12-RIPE -----------------------------------------
gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -
