[Date Prev][Date Next]
Re: Mailing list query
I figure out how to accommodate the mailing list but that needs to
update my ldap schema to use groupOfNames/member as suggested along
with a change to the dn.
Is there a way to change automatically all the dn to the new format in
order to avoid editing the whole entries (1000+ users)?
This is going from:
dn: cn=Firstname Lastname,ou=Users,dc=mydomain,dc=edu,dc=com
Thanks a lot
2008/11/15 Stelios A. <email@example.com>:
> Thanks a lot for the explanation, I will make a few changes to my
> schema and see how it goes.
> I've used groupOfUniqueNames/uniqueMember instead of
> groupOfNames/member as I was following the instructions from a book
> related to Openldap.
> I will come back as soon as I have any update on this.
> 2008/11/15 Pierangelo Masarati <firstname.lastname@example.org>:
>> I'll go step by step into what I don't understand.
>> Stelios A. wrote:
>>> Hello all,
>>> My user.ldif is like:
>>> dn: cn=Somename Somelastname, ou=Users,dc=mydomain,dc=edu,dc=com
>>> objectClass: inetOrgPerson
>>> objectClass: posixAccount
>>> objectClass: person
>>> objectClass: organizationalPerson
>>> objectClass: top
>>> givenName: Somename
>>> sn: Somelastname
>>> cn: Somename Somelastname
>>> uid: ssomelastname
>>> uidNumber: 1002
>>> gidNumber: 100
>>> homeDirectory: /home/ssomelastname
>>> loginShell: /bin/bash
>>> mail: email@example.com
>>> userPassword: some password encrypted
>> Stated like that, this is the contents of a file (user.ldif) in your file
>> system. I'll assume it's also the prototype of user entries in your DSA.
>>> Same user for example is under cn=IT,ou=Groups,dc=mydomain,dc=edu,dc=com
>>> Example ldif:
>>> dn: cn=IT,ou=Groups,dc=bca,dc=edu,dc=gr
>>> cn: IT
>>> objectClass: groupOfUniqueNames
>>> uniqueMember: cn=Somename Somelastname,ou=Users,dc=mydomain,dc=edu,dc=com
>> I assume this is the prototype of a group in your DSA (where for some
>> unknown reason you use groupOfUniqueNames/uniqueMember instead of
>> groupOfNames/member), and the above user is a member of it.
>>> What I want is somehow to get all uid of the users belonging to each
>>> of my groups in order to build a mailing list with postfix.
>> In LDAP, the only way to do it is:
>> - search the group
>> - take its members
>> - for each member:
>> - search for the member entry
>> - take its uid
>> There is no other plain LDAP way to do it. OpenLDAP provides some means to
>> delegate this to the DSA.
>> One is to use the slapo-dynlist(5) overlay, if your membership relations can
>> be expressed by a LDAP URL.
>> Another is the slapo-deref(5) overlay, which will be released shortly with
>> OpenLDAP 2.4.13. This, however, requires client modification in order to
>> interpret the deref control response.
>>> I've created a file called ldap-aliases.cf with the following inside:
>>> server_host = ldaps://myhostname
>>> search_base = dc=mydomain,dc=edu,dc=com
>>> scope = sub
>>> version = 3
>>> query_filter =
>>> result_attribute = uid
>>> bind = yes
>>> bind_dn = cn=admin,dc=mydomain,dc=edu,dc=com
>>> bind_pw = mypasswordwithoutencryption
>> This is unrelated
>>> The above works ok without errors
>> How can you state it works ok, if it doesn't do what you mean?
>>> but it just displays all users in my ldap.
>>> I tried several different ways but can't find out how to add to the
>>> query to show me only the cn=IT,ou=Groups,dc=mydomain,dc=edu,dc=com
>> Here things get really obscure:
>> - you tried several ways (but you don't say which)
>> - you say you "can't find how to add to the query to show you only the
>> In the above postfixish there seems to be quite a strange filter: let's
>> write it in non reverse polish notation:
>> () AND (
>> ( objectClass = person )
>> OR ( objectclass = groupOfUniqueNames )
>> OR ( mail = %s )
>> OR ( ou = Groups )
>> where I assume "%s" is going to be replaced by some user's mail address (I
>> don't speak postfixish, sorry).
>> It is clear that your filter will catch everything that's either a person,
>> or a group of unique names, or has the mail address of your user, or has ou
>> equal to "groups".
>> This is where you should definitely clarify what you intend to gather with
>> that specific query, keeping in mind that the only way to obtain what you
>> stated before is to perform the sequence of operations I just described
>>> and also a second more complicated query, that is to show me all users
>>> uid where not belonging to any Group
>> - search for all user entries
>> - for each user entry DN
>> - search for entries whose class is a group
>> and has the user entry's DN as member
>> - only keep those that do not belong to any group
>> There is no other way to obtain this information.
>> As a general comment, by trying to formulate operations the way you seem to
>> be formulating them, you seem to be thinking SQLish. Probably, your data is
>> not designed the way it should in order to organize postfix related data in
>> Ing. Pierangelo Masarati
>> OpenLDAP Core Team
>> SysNet s.r.l.
>> via Dossi, 8 - 27100 Pavia - ITALIA
>> Office: +39 02 23998309
>> Mobile: +39 333 4963172
>> Fax: +39 0382 476497
>> Email: firstname.lastname@example.org
> Stelios A