[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Mailing list query

To: "Pierangelo Masarati" <ando@sys-net.it>
Subject: Re: Mailing list query
From: "Stelios A." <stelios.a@gmail.com>
Date: Sat, 15 Nov 2008 12:26:48 +0200
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <491EA1CB.2080808@sys-net.it>
References: <e7019ce90811150022m7de63ce9h43e2b53ab5d8ff07@mail.gmail.com> <491EA1CB.2080808@sys-net.it>

Thanks a lot for the explanation, I will make a few changes to my
schema and see how it goes.
I've used groupOfUniqueNames/uniqueMember instead of
groupOfNames/member as I was following the instructions from a book
related to Openldap.
I will come back as soon as I have any update on this.

Thanks

2008/11/15 Pierangelo Masarati <ando@sys-net.it>:
> I'll go step by step into what I don't understand.
>
> Stelios A. wrote:
>>
>> Hello all,
>>
>> My user.ldif is like:
>>
>> dn: cn=Somename Somelastname, ou=Users,dc=mydomain,dc=edu,dc=com
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: top
>> givenName: Somename
>> sn: Somelastname
>> cn: Somename Somelastname
>> uid: ssomelastname
>> uidNumber: 1002
>> gidNumber: 100
>> homeDirectory: /home/ssomelastname
>> loginShell: /bin/bash
>> mail: ssomelastname@mydomain.edu.com
>> userPassword: some password encrypted
>
> Stated like that, this is the contents of a file (user.ldif) in your file
> system.  I'll assume it's also the prototype of user entries in your DSA.
>
>>
>> Same user for example is under cn=IT,ou=Groups,dc=mydomain,dc=edu,dc=com
>> Example ldif:
>>
>> dn: cn=IT,ou=Groups,dc=bca,dc=edu,dc=gr
>> cn: IT
>> objectClass: groupOfUniqueNames
>> uniqueMember: cn=Somename Somelastname,ou=Users,dc=mydomain,dc=edu,dc=com
>
> I assume this is the prototype of a group in your DSA (where for some
> unknown reason you use groupOfUniqueNames/uniqueMember instead of
> groupOfNames/member), and the above user is a member of it.
>
>> What I want is somehow to get all uid of the users belonging to each
>> of my groups in order to build a mailing list with postfix.
>
> In LDAP, the only way to do it is:
>
> - search the group
> - take its members
> - for each member:
>        - search for the member entry
>        - take its uid
>
> There is no other plain LDAP way to do it.  OpenLDAP provides some means to
> delegate this to the DSA.
>
> One is to use the slapo-dynlist(5) overlay, if your membership relations can
> be expressed by a LDAP URL.
>
> Another is the slapo-deref(5) overlay, which will be released shortly with
> OpenLDAP 2.4.13.  This, however, requires client modification in order to
> interpret the deref control response.
>
>> I've created a file called ldap-aliases.cf with the following inside:
>>
>> server_host = ldaps://myhostname
>> search_base = dc=mydomain,dc=edu,dc=com
>> scope = sub
>> version = 3
>> query_filter =
>> (&(|(objectclass=person)(objectclass=groupofuniquenames)(mail=%s)(ou=Groups)))
>> result_attribute = uid
>> bind = yes
>> bind_dn = cn=admin,dc=mydomain,dc=edu,dc=com
>> bind_pw = mypasswordwithoutencryption
>
> This is unrelated
>
>>
>> The above works ok without errors
>
> How can you state it works ok, if it doesn't do what you mean?
>
>> but it just displays all users in my ldap.
>> I tried several different ways but can't find out how to add to the
>> query to show me only the cn=IT,ou=Groups,dc=mydomain,dc=edu,dc=com
>
> Here things get really obscure:
>
> - you tried several ways (but you don't say which)
>
> - you say you "can't find how to add to the query to show you only the
> cn=blah...".
>
> In the above postfixish there seems to be quite a strange filter: let's
> write it in non reverse polish notation:
>
> () AND (
>    ( objectClass = person )
>    OR ( objectclass = groupOfUniqueNames )
>    OR ( mail = %s )
>    OR ( ou = Groups )
> )
>
> where I assume "%s" is going to be replaced by some user's mail address (I
> don't speak postfixish, sorry).
>
> It is clear that your filter will catch everything that's either a person,
> or a group of unique names, or has the mail address of your user, or has ou
> equal to "groups".
>
> This is where you should definitely clarify what you intend to gather with
> that specific query, keeping in mind that the only way to obtain what you
> stated before is to perform the sequence of operations I just described
> above.
>
>> and also a second more complicated query, that is to show me all users
>> uid where not belonging to any Group
>> (ou=Groups,dc=mydomain,dc=edu,dc=com)
>
> - search for all user entries
> - for each user entry DN
>        - search for entries whose class is a group
>          and has the user entry's DN as member
>        - only keep those that do not belong to any group
>
> There is no other way to obtain this information.
>
> As a general comment, by trying to formulate operations the way you seem to
> be formulating them, you seem to be thinking SQLish.  Probably, your data is
> not designed the way it should in order to organize postfix related data in
> LDAP.
>
> p.
>
>
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
>
> SysNet s.r.l.
> via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> -----------------------------------
> Office:  +39 02 23998309
> Mobile:  +39 333 4963172
> Fax:     +39 0382 476497
> Email:   ando@sys-net.it
> -----------------------------------
>
>



-- 
Stelios A

Follow-Ups:
- Re: Mailing list query
  - From: "Stelios A." <stelios.a@gmail.com>

References:
- Mailing list query
  - From: "Stelios A." <stelios.a@gmail.com>
- Re: Mailing list query
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: Mailing list query
Next by Date: Re: Mailing list query
Index(es):
- Chronological
- Thread