[Date Prev][Date Next]
Re: Mailing list query
I'll go step by step into what I don't understand.
Stelios A. wrote:
My user.ldif is like:
dn: cn=Somename Somelastname, ou=Users,dc=mydomain,dc=edu,dc=com
cn: Somename Somelastname
userPassword: some password encrypted
Stated like that, this is the contents of a file (user.ldif) in your
file system. I'll assume it's also the prototype of user entries in
Same user for example is under cn=IT,ou=Groups,dc=mydomain,dc=edu,dc=com
uniqueMember: cn=Somename Somelastname,ou=Users,dc=mydomain,dc=edu,dc=com
I assume this is the prototype of a group in your DSA (where for some
unknown reason you use groupOfUniqueNames/uniqueMember instead of
groupOfNames/member), and the above user is a member of it.
What I want is somehow to get all uid of the users belonging to each
of my groups in order to build a mailing list with postfix.
In LDAP, the only way to do it is:
- search the group
- take its members
- for each member:
- search for the member entry
- take its uid
There is no other plain LDAP way to do it. OpenLDAP provides some means
to delegate this to the DSA.
One is to use the slapo-dynlist(5) overlay, if your membership relations
can be expressed by a LDAP URL.
Another is the slapo-deref(5) overlay, which will be released shortly
with OpenLDAP 2.4.13. This, however, requires client modification in
order to interpret the deref control response.
I've created a file called ldap-aliases.cf with the following inside:
server_host = ldaps://myhostname
search_base = dc=mydomain,dc=edu,dc=com
scope = sub
version = 3
query_filter = (&(|(objectclass=person)(objectclass=groupofuniquenames)(mail=%s)(ou=Groups)))
result_attribute = uid
bind = yes
bind_dn = cn=admin,dc=mydomain,dc=edu,dc=com
bind_pw = mypasswordwithoutencryption
This is unrelated
The above works ok without errors
How can you state it works ok, if it doesn't do what you mean?
but it just displays all users in my ldap.
I tried several different ways but can't find out how to add to the
query to show me only the cn=IT,ou=Groups,dc=mydomain,dc=edu,dc=com
Here things get really obscure:
- you tried several ways (but you don't say which)
- you say you "can't find how to add to the query to show you only the
In the above postfixish there seems to be quite a strange filter: let's
write it in non reverse polish notation:
() AND (
( objectClass = person )
OR ( objectclass = groupOfUniqueNames )
OR ( mail = %s )
OR ( ou = Groups )
where I assume "%s" is going to be replaced by some user's mail address
(I don't speak postfixish, sorry).
It is clear that your filter will catch everything that's either a
person, or a group of unique names, or has the mail address of your
user, or has ou equal to "groups".
This is where you should definitely clarify what you intend to gather
with that specific query, keeping in mind that the only way to obtain
what you stated before is to perform the sequence of operations I just
and also a second more complicated query, that is to show me all users
uid where not belonging to any Group
- search for all user entries
- for each user entry DN
- search for entries whose class is a group
and has the user entry's DN as member
- only keep those that do not belong to any group
There is no other way to obtain this information.
As a general comment, by trying to formulate operations the way you seem
to be formulating them, you seem to be thinking SQLish. Probably, your
data is not designed the way it should in order to organize postfix
related data in LDAP.
Ing. Pierangelo Masarati
OpenLDAP Core Team
via Dossi, 8 - 27100 Pavia - ITALIA
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497