-----Original Message-----
From: [email protected] [mailto:owner-postfix-
[email protected]] On Behalf Of Jeroen Geilman
Sent: 15 August 2010 20:54
To: [email protected]
Subject: Re: Active Directory and virtual delivery agent
On 08/13/2010 03:18 PM, Aaron Roberts wrote:
Hi,
I'm looking for a bit of inspiration...
I have a number of linux boxes using winbind to provide UNIX system
users from a Win2008R2 Active Directory domain. I'm using winbind's
RID idmap backend thing to provide consistent UNIX UIDs and GIDs across
multiple servers. For non-windows people, the RID is a 32 bit integer
which uniquely identifies an object in a domain, and forms the right-
most part of the Active Directory forest-wide SID.
A SID looks like:
S-1-5-21-993118751-601841214-1674189692-1134
The RID, in the above case, is 1134.
My UNIX UIDs are always (RID + 1000).
I want my virtual_uid_maps to fetch, from Active Directory using
table_ldap, something like:
((RID derived from the objectSID attribute) + 1000).
I would also like my virtual_mailbox_maps to fetch, from Active
Directory using table_ldap, something like:
(primaryGroupID attribute)/(samaccountname attribute)/inbox
Can the postfix LDAP client do maths and/or concatenate retrieved
attributes or should I be doing that elsewhere and storing the results
as new attributes?
You can do anything that is valid in an LDAP query.
The former will probably be difficult if not impossible; the second
should be fairly simple.
If you are storing mailbox information in LDAP, why not store the
actual
address -> physical mailbox location ?
You can script that quite easily.
