Loading ...
Sorry, an error occurred while loading the content.

Re: LDAP group members filter

Expand Messages
  • Victor Duchovni
    ... No, there is no support for filtering group members, beyond presense or absense of the result_attribute (or leaf_result_attribute, ...). Group members that
    Message 1 of 2 , Aug 31 6:15 AM
    • 0 Attachment
      On Tue, Aug 31, 2010 at 04:49:41PM +0400, Nikolay Shopik wrote:

      > Hello,
      >
      > Is there way to set ldap filter after recursion? By default postfix will
      > set filter to (objectclass=*) to query every member of group. Basically I
      > would like not include some members of group (account disabled for
      > example).

      No, there is no support for filtering group members, beyond presense or
      absense of the result_attribute (or leaf_result_attribute, ...). Group
      members that lack any result_attributes are ignored. Perhaps you can
      arrange to use a (mail-address-valued) result attribute that is only
      present in the desired group members. Otherwise,

      Postfix also has support for "dynamic groups" (groups whose member objects
      are LDAP URIs that represent queries to retrieve the real member objects).
      You may be able to make use of those.

      See LDAP_README and ldap_table(5). Anything not described there is not
      implemented.

      --
      Viktor.
    Your message has been successfully submitted and would be delivered to recipients shortly.