> -----Original Message----- > From: owner-postfix-us...@postfix.org [mailto:owner-postfix- > us...@postfix.org] On Behalf Of Jeroen Geilman > Sent: 15 August 2010 20:54 > To: postfix-users@postfix.org > Subject: Re: Active Directory and virtual delivery agent > > On 08/13/2010 03:18 PM, Aaron Roberts wrote: > > Hi, > > I'm looking for a bit of inspiration... > > > > I have a number of linux boxes using winbind to provide UNIX system > users from a Win2008R2 Active Directory domain. I'm using winbind's > RID idmap backend thing to provide consistent UNIX UIDs and GIDs across > multiple servers. For non-windows people, the RID is a 32 bit integer > which uniquely identifies an object in a domain, and forms the right- > most part of the Active Directory forest-wide SID. > > > > A SID looks like: > > S-1-5-21-993118751-601841214-1674189692-1134 > > > > The RID, in the above case, is 1134. > > > > My UNIX UIDs are always (RID + 1000). > > > > I want my virtual_uid_maps to fetch, from Active Directory using > table_ldap, something like: > > > > ((RID derived from the objectSID attribute) + 1000). > > > > I would also like my virtual_mailbox_maps to fetch, from Active > Directory using table_ldap, something like: > > (primaryGroupID attribute)/(samaccountname attribute)/inbox > > > > Can the postfix LDAP client do maths and/or concatenate retrieved > attributes or should I be doing that elsewhere and storing the results > as new attributes? > > > > You can do anything that is valid in an LDAP query. > The former will probably be difficult if not impossible; the second > should be fairly simple. > > If you are storing mailbox information in LDAP, why not store the > actual > address -> physical mailbox location ? > You can script that quite easily.
Thanks for your input, I was trying to avoid modifying the AD schema but it's beginning to look preferable from a lot of different angles. Thank you, Aaron
