[Date Prev][Date Next] [Chronological] [Thread] [Top]

refint overlay not working


I have a question about refint overlay.


I have a ldap server maintaining a ldap tree of users, groups and email aliases like this:

dn: uid=user_a,ou=users,dc=example,dc=com

dn: uid=user_b,ou=users,dc=example,dc=com

dn: cn=group_a,ou=groups,dc=example,dc=com
member: uid=user_a,ou=users,dc=example,dc=com

dn: cn=group_b,ou=groups,dc=example,dc=com
member: uid=user_b,ou=users,dc=example,dc=com

dn: cn=alias_a,ou=emailAliases,dc=example,dc=com
member: uid=user_a,ou=users,dc=example,dc=com
member: uid=group_b,ou=users,dc=example,dc=com

dn: cn=alias_b,ou=emailAliases,dc=example,dc=com
member: uid=user_b,ou=users,dc=example,dc=com
member: uid=group_a,ou=users,dc=example,dc=com

Now, I have configured my SMTP server (specifically, postfix) to read email aliases from LDAP, and let postfix to recursively expand email aliases from ou=emailAliases,dc=example,dc=com until actual email address is resolved. (no problem here).

But, when I need to rename the user/group, I have to manually update the corresponding alias, and I figured refint overlay would be useful for me. I tried, but seems that it just do nothing. Below is my configuration. Did I missed something? Thank you very much.


allow bind_v2
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
#include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/rfc2307bis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/mozillaabpersonalpha.schema
include         /etc/ldap/schema/misc.schema
include         /etc/ldap/schema/hdb.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        none
modulepath      /usr/lib/ldap
moduleload      back_hdb
moduleload      refint
sizelimit 500
tool-threads 1
sasl-secprops minssf=0
sasl-realm EXAMPLE.COM
sasl-host foo.example.com
sasl-regexp "gidNumber=.*\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
authz-regexp "uid=root,cn=gssapi,cn=auth"
authz-regexp "uid=(.*),cn=example.com,cn=gssapi,cn=auth"

backend         hdb

database config
rootpw secret

database        hdb
suffix          "dc=example,dc=com"
directory       "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500

index           objectClass eq
index           ou eq
index           uidNumber eq
index           gidNumber eq
index           cn,sn,givenName eq,sub
index           mail eq,sub
index           uid eq,sub
index           memberUid,member eq
index           uniqueMember eq
index           displayName eq,sub
index           labeledURI eq
index           entryUUID eq
index           createTimestamp,modifyTimestamp eq
index           mozillaNickname sub
index           mozillaSecondEmail sub
index           nsAIMid sub
index           mozillaHomeLocalityName sub
index           mozillaHomeState sub
index           mozillaHomePostalCode sub
index           mozillaHomeCountryName sub
index           mailLocalAddress eq
index           krb5PrincipalName eq

lastmod         on
checkpoint      512 30

(ACL omitted)

overlay refint
refint_attributes member
refint_nothing "cn=admin"