Phil Pennock wrote:
> On 2009-11-16 at 22:30 +0300, George Sitov wrote:
>> 2009/11/16 Phil Pennock <exim-users@???>
>>> Change ?memberUid? to ?memberUid,mail?
>>>
>>> You can use ${extract{mail}{the_lookup}} to get the mail part from the
>>> results.
>>>
>>> -Phil
>>>
>> It seems like:
>>
>> data = ${lookup ldapm{LDAP_AUTH \
>> ${extract{mail}{ldap:///ou=People,dc=xxx,dc=
>> org?memberUid?sub?(cn=${quote_ldap:$local_part})}}}
>>
>> ?
>
> No. See the bit between the first question-mark ("?") and the second
> question-mark? That's where you specify which attributes you want from
> LDAP.
>
> You are currently asking for just memberUid, so you're getting just
> that. You need to *ask* for the data you want. This is why I wrote:
>
>> Change ?memberUid? to ?memberUid,mail?
>
>
> After you ask LDAP for different data, if you're asking for more than
> one attribute per user, you'll need to figure out how to get just the
> data you want. The ${extract{}{}} then goes *around* the entire LDAP
> lookup.
>
> I recommend only asking for one attribute per user when using ldapm,
> it's *much* easier. So you'd use ?mail? *instead-of* ?memberUid?.
>
> So:
> data = ${lookup ldapm{LDAP_AUTH ldap:///ou=People,dc=xxx,dc=org?mail?sub?(cn=${quote_ldap:$local_part})}}
>
>
> *IF* you need more data, which is what was suggested to me by the fact
> that you were asking for memberUid, then it gets more complicated. I
> pointed to ${extract}, I should also have pointed to ${map}. It's easy
> to construct, but it's apparently not what you want.
>
> -Phil
>
This would work for a single user entry, which probably has an
associated mail address. However, it looks as though the OP is
requesting a posixGroup, which generally only contains a multi-valued
attribute memberUid for each member of the group. The search will
return a list of memberUids for the posixGroup in question. This will
require an additional search for each uid, to return the mail address
associated with that uid. I can't think of any shortcut.
An alternative is to create a mail group, rather than use posixGroups
for mail, and store the mail address (rfc822MailMember is what I use) as
the mail group attribute. This does disassociate the mail group entry
from the user entry and therefore incurs more admin overhead (to prevent
the mail group entry not being updated when a user entry is), but does
mean that the mail addresses for the mail group can be returned with a
single lookup.
Another option might be to store the mail group information as an
attribute in each user entry. Then you can search for all users which
contain a particular mail group attribute and return their mail attribute.
Swings and roundabouts.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@???
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555