18.06.2012 17:31, Viktor Dukhovni пишет:
On Mon, Jun 18, 2012 at 11:20:52AM +0300, Pavel Bychykhin wrote:
May be someone know a simple way (via LDAP map) to retreive an
objectGUID attribute from AD in TEXT form?
Postfix has no support for encoding binary data retrieved from
tables. You would have to store the ASCII encoding of the GUUID as
a custom attribute that duplicates (in an encoded) form the binary
objectGUUID.
I need objectGUID for naming of user's maildir. objectGUID is
more convenient than sAMAccountName, or a name etc.
Is this really necessary? Users to authenticate to access their
mail, and so the IMAP server maps each user to the correct mailbox,
so the only plausible reason to avoid the sAMAAccountName is if
you allow users to change it.
It is best to never change the account name. You can change a user's
full name (CN) or email address (mail) without changing the account
name.
I agree, but what if the account will be deleted, then, after a while, an
account with the same name will be created?
In addition, I'm not sure that the direct mapping from the AD account name to
the filesystem name always will be safe.
The objectGUID, in other hand, is always unique, always have fixed lenght, and
maps to the filesystem name with no surprises.
So, objectGUID, in my opinion, is much more convenient, than sAMAAccountName.
Thanks for your reply.
Now i will try to find another way to retreive objectGUID.
--
Best regards,
Pavel
