On Friday 08 October 2010 13:39:25 Buchan Milne wrote: > > > > * Groups and aliases must be possible > > > What specifically do you mean by groups? > > By group support I just mean the usual way to group users together, > > as in ou=groups,dc=example,dc=com. Users on different hosted > > domains won't/can't be in the same group, if that matters any. > > But, what would you use the groups for? Authorization to specific > services only available to specific groups?
Exactly. That shouldn't be a problem, should it? > > However, when using [email protected],o=mysitename, how would > > Postfix (or anything else) look up which virtual domains it is > > supposed to serve, i.e. virtual_mailbox_domains? > > > > That's the one think about which I am not yet quite clear. In our > > relational database there's a simple table "virtual_domains" with a > > name and an ID for the hosted domains. Postfix only wants the key > > (the domain name) to exist when doing a lookup so a query is just > > a simple "SELECT 1 FROM virtual_domains WHERE name='%s'", %s being > > the domain name of course. How would a "corresponding" LDAP query > > look like? > > Don't try and one-to-one map an RDBMS table to an LDAP container, > start by mapping the query to an ldap search (basedn, filter, result > attributes) first. Yeah, I am having some difficulties with that :) > You could use something like this: > > dn: domain=domain1.example.com,dc=example,dc=com > objectclass: domain > domain: domain1.example.com > > Then you would use an LDAP map with > search_base = dc=example,dc=com > query_filter = (&(objectclass=domain)(domain=%s)) > result_attribute = domain Thank you, that makes a lot of sense. Based on that it should not be too difficult to map other necessary queries from SQL to LDAP. > You may choose to have more separation, with a separate basedn for > domains, but it isn't necessary. I see now how it is supposed to work. Hopefully I'll have some time this week to build a test setup. Expect more concrete questions about OpenLDAP :) Thanks again for your help and ideas! Andreas
