Loading ...
Sorry, an error occurred while loading the content.

use results of one ldap query in a subsequent one

Expand Messages
  • Andreas Hasenack
    I want to send email to all members of a posixGroup. The catch is that this is a rfc2307 group, i.e., members are just names and not DNs:
    Message 1 of 3 , Aug 2, 2007
    • 0 Attachment
      I want to send email to all members of a posixGroup. The catch is that
      this is a rfc2307 group, i.e., members are just names and not DNs:

      cn=foo,ou=group,dc=example,dc=com
      cn: foo
      objectClass: posixGroup
      memberUid: user1
      memberUid: user2
      memberUid: user3
      ...

      uid=user1,ou=people,dc=example,dc=com
      uid: user1
      objectClass: inetOrgPerson
      mail: user1@...
      ...

      There is no DN pointing back to the user entry, nor is there something
      in the user entry hinting to which groups the user is part of, so I
      can't use special_result_attribute.

      With the above, is there a way I could have postfix, after getting the
      member list, to a subsequent query on each user to fetch their mail
      attribute? Or some other solution?
    • Victor Duchovni
      ... The unix user names will get @$myorigin appended to them, these are then subject to further rewriting. It should just work. result_attribute = memberUid --
      Message 2 of 3 , Aug 2, 2007
      • 0 Attachment
        On Thu, Aug 02, 2007 at 04:19:52PM -0300, Andreas Hasenack wrote:

        > I want to send email to all members of a posixGroup. The catch is that
        > this is a rfc2307 group, i.e., members are just names and not DNs:
        >
        > cn=foo,ou=group,dc=example,dc=com
        > cn: foo
        > objectClass: posixGroup
        > memberUid: user1
        > memberUid: user2
        > memberUid: user3
        > ...
        >
        > uid=user1,ou=people,dc=example,dc=com
        > uid: user1
        > objectClass: inetOrgPerson
        > mail: user1@...
        > ...
        >
        > There is no DN pointing back to the user entry, nor is there something
        > in the user entry hinting to which groups the user is part of, so I
        > can't use special_result_attribute.
        >
        > With the above, is there a way I could have postfix, after getting the
        > member list, to a subsequent query on each user to fetch their mail
        > attribute? Or some other solution?

        The unix user names will get @$myorigin appended to them, these are then
        subject to further rewriting. It should just work.

        result_attribute = memberUid

        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      • Andreas Hasenack
        ... Ok, that works if I use another expansion later, something like: alias_maps = hash:/etc/postfix/aliases,ldap:/etc/postfix/group_expand.cf,
        Message 3 of 3 , Aug 2, 2007
        • 0 Attachment
          On Thu, Aug 02, 2007 at 03:50:09PM -0400, Victor Duchovni wrote:
          > On Thu, Aug 02, 2007 at 04:19:52PM -0300, Andreas Hasenack wrote:
          > > cn=foo,ou=group,dc=example,dc=com
          > > cn: foo
          > > objectClass: posixGroup
          > > memberUid: user1
          > > memberUid: user2
          > > memberUid: user3
          > > ...
          > >
          > > uid=user1,ou=people,dc=example,dc=com
          > > uid: user1
          > > objectClass: inetOrgPerson
          > > mail: user1@...
          > > ...
          > >
          > > There is no DN pointing back to the user entry, nor is there something
          > > in the user entry hinting to which groups the user is part of, so I
          > > can't use special_result_attribute.
          > >
          > > With the above, is there a way I could have postfix, after getting the
          > > member list, to a subsequent query on each user to fetch their mail
          > > attribute? Or some other solution?
          >
          > The unix user names will get @$myorigin appended to them, these are then
          > subject to further rewriting. It should just work.

          Ok, that works if I use another expansion later, something like:
          alias_maps = hash:/etc/postfix/aliases,ldap:/etc/postfix/group_expand.cf, ldap:/etc/postfix/ldap_alias.cf

          group_expand.cf:
          query_filter = (&(objectClass=posixGroup)(mail=%u@*))
          result_attribute = memberUid

          ldap_alias.cf:
          query_filter = (&(objectClass=inetOrgPerson)(uid=%u))
          result_attribute = mail

          One problem with this now is that users with no mail attribute in their
          entries will remain in the recipient list. For example, let's say from
          the list above (user1, user2 and user3) only user2 had no mail
          attribute. He would still be in the final recipient list as user2@$myorigin.
        Your message has been successfully submitted and would be delivered to recipients shortly.