[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP ldapsearch filter: return uidNumber if person has sub ou=mail

To: openldap-technical@openldap.org, Michael Ströder <michael@stroeder.com>
Subject: Re: LDAP ldapsearch filter: return uidNumber if person has sub ou=mail
From: Leander Schäfer <info@netocean.de>
Date: Sat, 24 Jan 2015 18:45:04 +0100
In-reply-to: <54C3D0AB.4000208@stroeder.com>
References: <54C3B238.5030109@netocean.de> <54C3D0AB.4000208@stroeder.com>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.4.0

Am 24.01.15 um 18:04 schrieb Michael Ströder:

Leander Schäfer wrote:

I'm trying to construct a ldap filter for my Dovecot/Postfix setup which acts
as the example pseudo code & result below:

|return uidNumber OF objectClass=posixAccount IF they have a ou=mail AND the
mailAddress in this ou=mail IS EQUAL to test@Mydomain.TLD
||
# User-1, people, Mydomain.TLD
dn: uid=||User-1,ou=people,dc=MyDomain,dc=TLD
uidNumber: 2110

|

More specific like this while %s holds e.g.: test@Mydomain.TLD:

|search_base = dc=Mydomain,dc=TLD
query_filter = ( &(objectClass=posixAccount)(ou=mail)(mailAddress=%s) )
result_attribute = uidNumber
|

But obviously uidNumber is being hold by the posixAccount container one level
above - and therewith it won't display what I want. Unfortunately I couldn't
figure out how to get it work. My LDAP structure looks like this:

=> dc=MyDomain,dc=TLD
==> ou=People
===> uid=User-1
====> uidNumber=4035
====> ou=mail
=====> mailAddress=test@Mydomain.TLD
===> uid=User-2


Any help would be greatly apprecitated

This won't work.

Can you please explain why your data is so complicated?
What's the rationale of having even a separate tree if mail address entries?

Ciao, Michael.

Hi Michael

the structure is everything else then complex - the query/filter is theone which is :) The entire idea is, that each user can have several mailaddresses. Yes, therefore I could use the mail attribute within the useritself BUT if I would set an alias in the user, then it would alsoaffect ALL related mail=* addresses of the user. This is not good, sincethe user may only want to have an alias for certain addresses whileothers not. So in order to control each email address on its own, Idecided to create a sub container named ou=mail under each user in whereI put email hosting related information.

To prevent my current problem, I could simply provide uidNumber andgidNumber a second time. But since the posixAccount above ou=mail isholding this information, why should I provide it redundant?!

So I have decided that the mail attribute within the user account isused for general contact information about this person. Meanwhile themailAddress attribute of my own mail.schema is there to represent one ormore mailaccounts of this person.

I attached an example of how I would add users and their mail accountsbelow:




# ========================================================== #

# Adding posix User Account

This is how I would add a regular user to the LDAP DB:

cat << EOF > ./add_user.ldif
dn:              uid=User-1,ou=people,dc=MyDomain,dc=TLD
objectClass:     top
objectClass:     person
objectClass:     inetOrgPerson
objectClass:     posixAccount
objectClass:     shadowAccount
uidNumber:       2001
gidNumber:       2001
homeDirectory:   /home/User-1
loginShell:      /usr/local/bin/bash
uid:             User-1
userPassword:    TopSecretPassword
displayName:     User-1
givenName:       User-1
mail:            SomeMail@SomeDomain.TLD
telephoneNumber: 0123456
cn:              User-1
sn:              Surname
o:               Some Corporation
jpegPhoto:<      file://Picture.jpg
EOF



# Adding ou=mail

Then I would add the User-1's mail container which holds all mailhosting relevant information.


cat << EOF > ./add_users_mail_container.ldif
dn: ou=mail,uid=User-1,ou=people,dc=MyDomain,dc=TLD
objectclass: top
objectclass: organizationalUnit
ou: mail
EOF



# Adding Mail Accounts

And now I add mail accounts into the ou=mail container. The idea is,that this could be repeated several times with different mailAddress:


cat << EOF > /add_users_mail_account.ldif

dn:mailAddress=test@Mydomain.TLD,ou=mail,uid=User-1,ou=people,dc=MyDomain,dc=TLD

objectclass: mailAccount
mailAddress: test@Mydomain.TLD
MailPassword: {SSHA}TopSecretPasswordHash
MailAccountStatus: active
mailStorageDirectory: /home/User-1/mail
#mailAlias: NONE
mailDelivery: dovecot
mailSizeMax: 10240
mailReplyText: Nothing to reply here
mailQuotaSize: 10240
mailQuotaCount: 0
mailservice: smtp
mailservice: pop3
mailservice: imap
mailservice: managesieve
EOF

# ========================================================== #


Best Regards,
Leander

Follow-Ups:
- Re: LDAP ldapsearch filter: return uidNumber if person has sub ou=mail
  - From: Michael Ströder <michael@stroeder.com>

References:
- LDAP ldapsearch filter: return uidNumber if person has sub ou=mail
  - From: Leander Schäfer <info@netocean.de>
- Re: LDAP ldapsearch filter: return uidNumber if person has sub ou=mail
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Antw: Re: OpenLDAP Replication Issue
Next by Date: Re: LDAP ldapsearch filter: return uidNumber if person has sub ou=mail
Index(es):
- Chronological
- Thread