mlapd integration

15 views
Skip to first unread message

Zhang Huangbin

unread,
Apr 3, 2009, 5:24:39 AM4/3/09
to ml...@googlegroups.com, giulivo....@gmail.com
Hi, Giulivo.

I'm redesigning LDAP schema for my iRedMail solution, and i found it
maybe can't integrate mlapd now. I need your help.

In mlapd, it assumes mail group object contains member list, like this:

dn: mail=i...@a.cn,ou=Groups,LDAP_BASEDN
objectClass: mailGroup
groupOwner: postm...@a.cn
groupMember: us...@a.cn
groupMember: us...@a.cn
groupMember: us...@a.cn

But not all schemas make group object contains member list, so i suggest
use another ldap search to confirm member relationship. Patch attached
below.

My new schema structure will be:

LDAP_BASEDN
|- ou=Groups # Mail list container.
|- mail=i...@a.cn # This is a mail list.
|- ou=Users # Virtual user container.
|- mail=w...@a.cn # This is a normal mail user.

LDIF of mail list and normal user objects (list only attributes related
to mail list access policy):

*) mail list: mail=i...@a.cn

dn: mail=i...@a.cn,ou=Groups,LDAP_BASEDN
objectClass: mailList
mail: i...@a.cn
hasMember: yes
accessPolicy: domain # Used to store mail list access policy
listOwner: postm...@a.cn

*) normal user: mail=w...@a.cn

dn: mail=w...@a.cn,ou=Users,LDAP_BASEDN
objectClass: mailUser
mail: w...@a.cn
memberOfGroup: i...@a.cn # It's a member of i...@a.cn group.

That's all.

In mlapd, i found it's confused to configure LISTFILTER in
ldapmodel.conf.

In my redesign, mail list filter should be:

base: ou=Groups,LDAP_BASEDN
filter: (&(objectClass=mailList)(mail=i...@a.cn))

And filter to check whether sender is a member of the group:

base: ou=Users,LDAP_BASEDN
filter: (&(objectClass=mailUser)(mail=w...@a.cn)(memberOfGroup=i...@a.cn))

I think this structure is more clear than the old one (contains member
list in group object).

I created a patch to make mlapd use another ldap search to confirm
member relationship, maybe you can refer to it.

Note: I havn't test this patch yet, but i will test it ASAP and report
the result here.

mlapd.patch

Zhang Huangbin

unread,
Apr 3, 2009, 9:10:25 AM4/3/09
to mlapd


On Apr 3, 5:24 pm, Zhang Huangbin <michaelbi...@gmail.com> wrote:
> But not all schemas make group object contains member list, so i suggest
> use another ldap search to confirm member relationship. Patch attached
> below.

Oops, it seems my new schema doesn't work in postfix as a alias map. :(
Reply all
Reply to author
Forward
0 new messages