Hi,
I followed and read LDAP_README about groups. Everything works well
_EXCEPT_ for the simplest case of a group made only of memberaddr (email
only). The group's email is part of the result which obviously becomes a
loop back. The configuration only works correctly if a memberdn is
present in the group.
Is there a simple way to resolve this by tuning the LDAP query ? Like if
there is nothing to expand do _not_ use leaf_result_attribute ?
Otherwise I guess I must use a different attribute for group's email or
move all these "groups of emails" in a different ou= :(ugly)
*Examples*:
dn: uid=grouploop, ou=groups, ou=mail, dc=domain, dc=com
objectClass: qmailGroup
mail: groupl...@domain.com
rfc822member: t...@first.com
rfc822member: t...@second.com
# cat /etc/postfix/groups.cf
server_host = ldap.domain.com
version = 3
search_base = ou=groups,ou=mail,dc=domain,dc=com
query_filter =
(&(objectClass=qmailGroup)(|(mail=%s)(mailAlternateAddress=%s)))
result_attribute = rfc822member
special_result_attribute = dnmember
leaf_result_attribute = mail
# postmap -q groupl...@domain.com ldap:/etc/postfix/groups.cf
groupl...@domain.com,t...@first.com,t...@second.com
^ ^ ^ ^ ^ ^ ^ ^ ^
Not good, not good :)
But if I have a mixed situation with memberdn (DN only) and memberaddrr
(email only). It's OK...
dn: uid=tom.mixed, ou=groups, ou=mail, dc=domain, dc=com
objectClass: qmailGroup
mail: tom.mi...@domain.com
rfc822member: t...@first.com
dnmember: uid=tom,ou=people,dc=domain,dc=com
# postmap -q tom.mi...@domain.com ldap:/etc/postfix/groups.cf
t...@first.com, tom-peo...@domain.com
Notice: that tom.mi...@domain.com is not part of the result
So, if it's normal to not manage groups of emails it might be a good
idea to explain how to handle this case in LDAP_README (which is a very
good doc by the way) because the example doesn't include this particular
case. Or is it my damn cataract ?
Cheers,
Thomas
--
rfc822member = memberaddr in LDAP_README
dnmember = memberdm in LDAP_README
