On 08/13/2010 03:18 PM, Aaron Roberts wrote:
Hi,
I'm looking for a bit of inspiration...
I have a number of linux boxes using winbind to provide UNIX system users from
a Win2008R2 Active Directory domain. I'm using winbind's RID idmap backend
thing to provide consistent UNIX UIDs and GIDs across multiple servers. For
non-windows people, the RID is a 32 bit integer which uniquely identifies an
object in a domain, and forms the right-most part of the Active Directory
forest-wide SID.
A SID looks like:
S-1-5-21-993118751-601841214-1674189692-1134
The RID, in the above case, is 1134.
My UNIX UIDs are always (RID + 1000).
I want my virtual_uid_maps to fetch, from Active Directory using table_ldap,
something like:
((RID derived from the objectSID attribute) + 1000).
I would also like my virtual_mailbox_maps to fetch, from Active Directory using
table_ldap, something like:
(primaryGroupID attribute)/(samaccountname attribute)/inbox
Can the postfix LDAP client do maths and/or concatenate retrieved attributes or
should I be doing that elsewhere and storing the results as new attributes?
You can do anything that is valid in an LDAP query.
The former will probably be difficult if not impossible; the second
should be fairly simple.
If you are storing mailbox information in LDAP, why not store the actual
address -> physical mailbox location ?
You can script that quite easily.
Thanks for your help,
Aaron
