[Dovecot] Perfect LDAP tree
Hello everybody and Timo.
I have the next problem.
With LDAP tree like
ou=mail |
- dc=example1.com,ou=Mail
|
- mail=box1@example1.com,dc=example1.com,ou=Mail |
- mail=box2@example1.com,dc=example1.com,ou=Mail … |
- dc=example2.com,ou=Mail
|
- mail=box1@example2.com,dc=example2.com,ou=Mail |
- mail=box2@example2.com,dc=example2.com,ou=Mail …
and settings in dovecot configuration files
auth_bind = yes
auth_bind_userdn = mail=%u,dc=%d,ou=mail
base = ou=mail
user_attrs =
=home=/var/vmail/%Ld/%Ln,
=quota_rule=*:storage=%{ldap:mailQuota}M
user_filter = (&(objectClass=mailUser)(accountStatus=active)(mail=%u))
pass_attrs =
=user=%{ldap:mail},
=proxy_maybe=yes,
=host=%{ldap:mailHost},
=userdb_home=/var/vmail/%Ld/%Ln,
=userdb_quota_rule=*:storage=%{ldap:mailQuota}M
pass_filter = (&(objectClass=mailUser)(accountStatus=active)(mail=%u))
iterate_attrs = mail=user
iterate_filter = (&(objectClass=mailUser)(accountStatus=active))
all works fine.
But my soul of perfectionist do not like this configuration because in every mailbox record duplicated information about domain:
mail=box1@example2.com and dc=example2.com
I want to set next LDAP tree
ou=mail |
- dc=example1.com,ou=Mail
|
- mail=box1,dc=example1.com,ou=Mail |
- mail=box2,dc=example1.com,ou=Mail … |
- dc=example2.com,ou=Mail
|
- mail=box1,dc=example2.com,ou=Mail |
- mail=box2,dc=example2.com,ou=Mail …
but I don't understand how to limit query to box1@example1.com in dc=example1.com,ou=mail without using base=dc=%d,ou=Clients,o=m and how to get working iterate query for all boxes to get list
box1@example1.com box2@example1.com box1@example2.com box2@example2.com
in some command like doveadm quota recalc -A.
Is it possible? How to take it?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 28 May 2013, Evgeny Basov wrote:
With LDAP tree like
ou=mail |
- dc=example1.com,ou=Mail |
- mail=box1@example1.com,dc=example1.com,ou=Mail |
- mail=box2@example1.com,dc=example1.com,ou=Mail … |
- dc=example2.com,ou=Mail |
- mail=box1@example2.com,dc=example2.com,ou=Mail |
- mail=box2@example2.com,dc=example2.com,ou=Mail
Hmm, IMHO, the recommended use of dc= (by OpenLDAP) would be:
mail=box2@example2.com,dc=example2,dc=com
maybe,
mail=box2@example2.com,ou=mail,dc=example2,dc=com
But my soul of perfectionist do not like this configuration because in every mailbox record duplicated information about domain:
mail=box1@example2.com and dc=example2.com
I want to set next LDAP tree
|
- dc=example2.com,ou=Mail |
- mail=box1,dc=example2.com,ou=Mail |
- mail=box2,dc=example2.com,ou=Mail
the LDAP mail attribute is to contain a mail address, not just a part of it. Actually, your LDAP server should reject mail=box2. You could use another attribute though.
but I don't understand how to limit query to box1@example1.com in dc=example1.com,ou=mail without using base=dc=%d,ou=Clients,o=m and how to get working iterate query for all boxes to get list
box1@example1.com box2@example1.com box1@example2.com box2@example2.com
in some command like doveadm quota recalc -A.
Is it possible? How to take it?
In my opinion, you try make LDAP more complicate is it is designed as.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUaS5513r2wJMiz2NAQL41Af+PMFN0YiLJCsAnDVpGYPkBbnVWsG6YH7N KdcYDWqd5o67xy1u3dhOAfPtlmJWkAog3icN0/lUC/GD+5go5lnK1ZA1kAKyMgQ+ a4SpRnUdOWxoB2820KxHZB7WPHFLvTu/Kgmup8qPleAX/JuO90Xt1w2+dMDEJA6G a697Zo/tHGnraAf4Nn8YESHcHCBPI/Uf6D8AphBaevCb6gfT8kQSBXNI6vQc62Hp thQlsLnB/L0JsGveGTxX4a8E16rgo3MHmo+gKjcsbImM00tOK1nv4pXulco6KzRf W1itCjbDFON8JDrQAUCDi/y99pfOks5CIzc1lMmDFU152B4nODuDqQ== =rn/V -----END PGP SIGNATURE-----
Good morning.
28.05.2013 18:06, Steffen Kaiser пишет:
mail=box2@example2.com,ou=mail,dc=example2,dc=com
Thank you, I lost sight of that.
In my opinion, you try make LDAP more complicate is it is designed as.
I'm tried to create error-robust structure. For example when schema for mail test@example.com presents as
dn: dc=com dn: dc=example,dc=com dn: mail=test,dc=example,dc=com
it looks much better than
dn: dc=example.com dn: mail=test@example.com,dc=example.com
because we are don't make a mistake and never get
dn: dc=example.com dn: mail=test@example.org,dc=example.com
With best regards, Evgeny Basov.
participants (2)
-
Evgeny Basov
-
Steffen Kaiser