On 2020-08-19 18:00, Viktor Dukhovni wrote:
On Wed, Aug 19, 2020 at 01:16:25PM +0300, Sergey Urushkin wrote:
So, this would be great if we had a way to specify additional filter
for
special_result_attribute query. Something like this in our case:
special_query_filter=(!(useraccountcontrol:1.2.840.113556.1.4.803:=2))
and the resulting query would be:
(&(dn={dn from special_result_attribute}){special_query_filter})
I guess it's not so hard to implement.
Sounds potentially reasonable, are you in a position to contribute a
patch along those lines?
Unfortunately no.
Should the special_result_query_filter support
any expansions (%1, %2, %d, ...)?
Basically, should the optional query component be static or not?
Static will be sufficient for us, but someone may find expansions
useful. E.g. mapping single group (static localpart/mail) to different
users for different domains:
query_filter = (&(mail=group1@any)(objectClass=group))
special_query_filter = (&(mail=*@%d)(objectClass=user))
cn=group1:
objectClass: group
mail: group@any
member: cn=user1
member: cn=user2
member: cn=user3
cn=user1:
objectClass: user
mail: user1@domain1
cn=user2:
objectClass: user
mail: user2@domain1
cn=user3:
objectClass: user
mail: user3@domain2
gro...@domain1.com will go to us...@domain1.com, us...@domain1.com
gro...@domain2.com will go to us...@domain2.com
---
Best regards,
Sergey Urushkin
