Hi Victoriano, are those searches in LDAP slower? For example, is it much slower when you start search at dc=acmecorp instead of ou=people,o=somedomain.com,dc=acmecorp ?
On Sat, Jul 24, 2010 at 11:15 AM, Victoriano Giralt <victori...@uma.es> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > On 24/7/10 9:27, Pavel Dimow wrote: > >> someone here can help me. I have a postfix with one "primary" domain and >> dozen virtual domains. The problem is that users from primary domain use only >> their username (without domain part) for SASL authentication and all >> other users >> (from virtual domains) are using usern...@somedomain as username. >> Now my DIT is organized something like >> >> ou=people,o=somedomain.com,dc=acmecorp >> ou=people,o=virtualdomain.com,dc=acmecorp >> >> >> The question is how can I perform a search for a "primary" domain when I >> don't >> have a domain part? Is there anyway that I can "append" a default domain when >> %d is empty or I can make some sophisticated filter_search? > > If you have an attribute in your schema like mailAlternateAddress (from > NS schema in the 389 server) for every entry in your DIT and uid at > least for your "primary" domain users, then you can base the search at > dc=acmecorp and use a subtree scope, the filter could look like this: > > (|(uid=%u)(mailAlternateAddress=%u)) > > Assuming %u represent the whole user identification, as per Dovecot SASL > implementation that I'm familiar with. > > - -- > Victoriano Giralt > Systems Manager > Central ICT Services > University of Malaga > SPAIN > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iD8DBQFMSq87V6+mDjj1PTgRA4ddAJ9bhxmCUiDrrPQzwN2m600o8l2SKQCfakhk > eWb/LX5/6bq18jtq0F+BjHo= > =8OGx > -----END PGP SIGNATURE----- >
