[Date Prev][Date Next]
Re: Mailing list query
Thanks a lot for the explanation, I will make a few changes to my
schema and see how it goes.
I've used groupOfUniqueNames/uniqueMember instead of
groupOfNames/member as I was following the instructions from a book
related to Openldap.
I will come back as soon as I have any update on this.
2008/11/15 Pierangelo Masarati <firstname.lastname@example.org>:
> I'll go step by step into what I don't understand.
> Stelios A. wrote:
>> Hello all,
>> My user.ldif is like:
>> dn: cn=Somename Somelastname, ou=Users,dc=mydomain,dc=edu,dc=com
>> objectClass: inetOrgPerson
>> objectClass: posixAccount
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: top
>> givenName: Somename
>> sn: Somelastname
>> cn: Somename Somelastname
>> uid: ssomelastname
>> uidNumber: 1002
>> gidNumber: 100
>> homeDirectory: /home/ssomelastname
>> loginShell: /bin/bash
>> mail: email@example.com
>> userPassword: some password encrypted
> Stated like that, this is the contents of a file (user.ldif) in your file
> system. I'll assume it's also the prototype of user entries in your DSA.
>> Same user for example is under cn=IT,ou=Groups,dc=mydomain,dc=edu,dc=com
>> Example ldif:
>> dn: cn=IT,ou=Groups,dc=bca,dc=edu,dc=gr
>> cn: IT
>> objectClass: groupOfUniqueNames
>> uniqueMember: cn=Somename Somelastname,ou=Users,dc=mydomain,dc=edu,dc=com
> I assume this is the prototype of a group in your DSA (where for some
> unknown reason you use groupOfUniqueNames/uniqueMember instead of
> groupOfNames/member), and the above user is a member of it.
>> What I want is somehow to get all uid of the users belonging to each
>> of my groups in order to build a mailing list with postfix.
> In LDAP, the only way to do it is:
> - search the group
> - take its members
> - for each member:
> - search for the member entry
> - take its uid
> There is no other plain LDAP way to do it. OpenLDAP provides some means to
> delegate this to the DSA.
> One is to use the slapo-dynlist(5) overlay, if your membership relations can
> be expressed by a LDAP URL.
> Another is the slapo-deref(5) overlay, which will be released shortly with
> OpenLDAP 2.4.13. This, however, requires client modification in order to
> interpret the deref control response.
>> I've created a file called ldap-aliases.cf with the following inside:
>> server_host = ldaps://myhostname
>> search_base = dc=mydomain,dc=edu,dc=com
>> scope = sub
>> version = 3
>> query_filter =
>> result_attribute = uid
>> bind = yes
>> bind_dn = cn=admin,dc=mydomain,dc=edu,dc=com
>> bind_pw = mypasswordwithoutencryption
> This is unrelated
>> The above works ok without errors
> How can you state it works ok, if it doesn't do what you mean?
>> but it just displays all users in my ldap.
>> I tried several different ways but can't find out how to add to the
>> query to show me only the cn=IT,ou=Groups,dc=mydomain,dc=edu,dc=com
> Here things get really obscure:
> - you tried several ways (but you don't say which)
> - you say you "can't find how to add to the query to show you only the
> In the above postfixish there seems to be quite a strange filter: let's
> write it in non reverse polish notation:
> () AND (
> ( objectClass = person )
> OR ( objectclass = groupOfUniqueNames )
> OR ( mail = %s )
> OR ( ou = Groups )
> where I assume "%s" is going to be replaced by some user's mail address (I
> don't speak postfixish, sorry).
> It is clear that your filter will catch everything that's either a person,
> or a group of unique names, or has the mail address of your user, or has ou
> equal to "groups".
> This is where you should definitely clarify what you intend to gather with
> that specific query, keeping in mind that the only way to obtain what you
> stated before is to perform the sequence of operations I just described
>> and also a second more complicated query, that is to show me all users
>> uid where not belonging to any Group
> - search for all user entries
> - for each user entry DN
> - search for entries whose class is a group
> and has the user entry's DN as member
> - only keep those that do not belong to any group
> There is no other way to obtain this information.
> As a general comment, by trying to formulate operations the way you seem to
> be formulating them, you seem to be thinking SQLish. Probably, your data is
> not designed the way it should in order to organize postfix related data in
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
> SysNet s.r.l.
> via Dossi, 8 - 27100 Pavia - ITALIA
> Office: +39 02 23998309
> Mobile: +39 333 4963172
> Fax: +39 0382 476497
> Email: firstname.lastname@example.org