[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Mailing list query



I figure out how to accommodate the mailing list but that needs to
update my ldap schema to use groupOfNames/member as suggested along
with a change to the dn.
Is there a way to change automatically all the dn to the new format in
order to avoid editing the whole entries (1000+ users)?
This is going from:
dn: cn=Firstname Lastname,ou=Users,dc=mydomain,dc=edu,dc=com
to
dn: uid=flastname,ou=Users,dc=mydomain,dc=edu,dc=com

Thanks a lot

2008/11/15 Stelios A. <stelios.a@gmail.com>:
> Thanks a lot for the explanation, I will make a few changes to my
> schema and see how it goes.
> I've used groupOfUniqueNames/uniqueMember instead of
> groupOfNames/member as I was following the instructions from a book
> related to Openldap.
> I will come back as soon as I have any update on this.
>
> Thanks
>
> 2008/11/15 Pierangelo Masarati <ando@sys-net.it>:
>> I'll go step by step into what I don't understand.
>>
>> Stelios A. wrote:
>>>
>>> Hello all,
>>>
>>> My user.ldif is like:
>>>
>>> dn: cn=Somename Somelastname, ou=Users,dc=mydomain,dc=edu,dc=com
>>> objectClass: inetOrgPerson
>>> objectClass: posixAccount
>>> objectClass: person
>>> objectClass: organizationalPerson
>>> objectClass: top
>>> givenName: Somename
>>> sn: Somelastname
>>> cn: Somename Somelastname
>>> uid: ssomelastname
>>> uidNumber: 1002
>>> gidNumber: 100
>>> homeDirectory: /home/ssomelastname
>>> loginShell: /bin/bash
>>> mail: ssomelastname@mydomain.edu.com
>>> userPassword: some password encrypted
>>
>> Stated like that, this is the contents of a file (user.ldif) in your file
>> system.  I'll assume it's also the prototype of user entries in your DSA.
>>
>>>
>>> Same user for example is under cn=IT,ou=Groups,dc=mydomain,dc=edu,dc=com
>>> Example ldif:
>>>
>>> dn: cn=IT,ou=Groups,dc=bca,dc=edu,dc=gr
>>> cn: IT
>>> objectClass: groupOfUniqueNames
>>> uniqueMember: cn=Somename Somelastname,ou=Users,dc=mydomain,dc=edu,dc=com
>>
>> I assume this is the prototype of a group in your DSA (where for some
>> unknown reason you use groupOfUniqueNames/uniqueMember instead of
>> groupOfNames/member), and the above user is a member of it.
>>
>>> What I want is somehow to get all uid of the users belonging to each
>>> of my groups in order to build a mailing list with postfix.
>>
>> In LDAP, the only way to do it is:
>>
>> - search the group
>> - take its members
>> - for each member:
>>        - search for the member entry
>>        - take its uid
>>
>> There is no other plain LDAP way to do it.  OpenLDAP provides some means to
>> delegate this to the DSA.
>>
>> One is to use the slapo-dynlist(5) overlay, if your membership relations can
>> be expressed by a LDAP URL.
>>
>> Another is the slapo-deref(5) overlay, which will be released shortly with
>> OpenLDAP 2.4.13.  This, however, requires client modification in order to
>> interpret the deref control response.
>>
>>> I've created a file called ldap-aliases.cf with the following inside:
>>>
>>> server_host = ldaps://myhostname
>>> search_base = dc=mydomain,dc=edu,dc=com
>>> scope = sub
>>> version = 3
>>> query_filter =
>>> (&(|(objectclass=person)(objectclass=groupofuniquenames)(mail=%s)(ou=Groups)))
>>> result_attribute = uid
>>> bind = yes
>>> bind_dn = cn=admin,dc=mydomain,dc=edu,dc=com
>>> bind_pw = mypasswordwithoutencryption
>>
>> This is unrelated
>>
>>>
>>> The above works ok without errors
>>
>> How can you state it works ok, if it doesn't do what you mean?
>>
>>> but it just displays all users in my ldap.
>>> I tried several different ways but can't find out how to add to the
>>> query to show me only the cn=IT,ou=Groups,dc=mydomain,dc=edu,dc=com
>>
>> Here things get really obscure:
>>
>> - you tried several ways (but you don't say which)
>>
>> - you say you "can't find how to add to the query to show you only the
>> cn=blah...".
>>
>> In the above postfixish there seems to be quite a strange filter: let's
>> write it in non reverse polish notation:
>>
>> () AND (
>>    ( objectClass = person )
>>    OR ( objectclass = groupOfUniqueNames )
>>    OR ( mail = %s )
>>    OR ( ou = Groups )
>> )
>>
>> where I assume "%s" is going to be replaced by some user's mail address (I
>> don't speak postfixish, sorry).
>>
>> It is clear that your filter will catch everything that's either a person,
>> or a group of unique names, or has the mail address of your user, or has ou
>> equal to "groups".
>>
>> This is where you should definitely clarify what you intend to gather with
>> that specific query, keeping in mind that the only way to obtain what you
>> stated before is to perform the sequence of operations I just described
>> above.
>>
>>> and also a second more complicated query, that is to show me all users
>>> uid where not belonging to any Group
>>> (ou=Groups,dc=mydomain,dc=edu,dc=com)
>>
>> - search for all user entries
>> - for each user entry DN
>>        - search for entries whose class is a group
>>          and has the user entry's DN as member
>>        - only keep those that do not belong to any group
>>
>> There is no other way to obtain this information.
>>
>> As a general comment, by trying to formulate operations the way you seem to
>> be formulating them, you seem to be thinking SQLish.  Probably, your data is
>> not designed the way it should in order to organize postfix related data in
>> LDAP.
>>
>> p.
>>
>>
>> Ing. Pierangelo Masarati
>> OpenLDAP Core Team
>>
>> SysNet s.r.l.
>> via Dossi, 8 - 27100 Pavia - ITALIA
>> http://www.sys-net.it
>> -----------------------------------
>> Office:  +39 02 23998309
>> Mobile:  +39 333 4963172
>> Fax:     +39 0382 476497
>> Email:   ando@sys-net.it
>> -----------------------------------
>>
>>
>
>
>
> --
> Stelios A
>



-- 
Stelios A