v2.1 supports now multiple LDAP fields in a template e.g.:
user_attrs = \
homeDirectory=home, \
uidNumber=uid, \
gidNumber=gid, \
=mail=%{ldap:mailboxFormat}:%{ldap:homeDirectory}
which is the same as:
user_attrs = \
=home=%{ldap:homeDirectory}, \
=uid=%{ldap:uidNumber}, \
=gid=%{ldap:gidNumber}, \
=mail=%{ldap:mailboxFormat}:%{ldap:homeDirectory}
I was also thinking about adding an alternative simplified syntax for
this:
user_attrs {
home = %{ldap:homeDirectory}
uid = %{ldap:uidNumber}
gid = %{ldap:gidNumber}
mail = %{ldap:mailboxFormat}:%{ldap:homeDirectory}
}
Any ideas for further improvements before I do this change?
One thing I'm still wondering about is what I should do when LDAP
returns multiple values. Like perhaps:
acl_groups = %{ldap:aclGroups:,}
Which would mean that all the aclGroups values would be joined together
separated by "," characters. And a bit more complex with multiple
gidNumbers:
gid = %{ldap:gidNumber[0]}
mail_access_groups = %{ldap:gidNumber[1:]:,}
On 02.02.2012 14:54, Timo Sirainen wrote:> user_attrs { > home = %{ldap:homeDirectory} > uid = %{ldap:uidNumber} > gid = %{ldap:gidNumber} > mail = %{ldap:mailboxFormat}:%{ldap:homeDirectory} > } > > Any ideas for further improvements before I do this change?One thing I was recently missing was something like this: If the user is in LDAP group "group1", then use host = imap1 otherwise use host = imap2 However this would require a separate LDAP query since most LDAP servers do not list any group information in the user table. Another nice feature: Use some sort of script to compute the lookup result, e.g. an external shell script: #!/bin/bash if [[ $ldap_uid == fred ]]; then echo "quota_rule = storage=3G" else echo "quota_rule = storage=100M" fi Stuff like this is possible for SQL user databases, however LDAP does not have such flexible queries. Cheers, Christoph -- Christoph Bu?enius Rechnerbetriebsgruppe der Fakult?ten Informatik und Mathematik TU M?nchen +49 89-289-18519 <> Raum 00.05.055 <> Boltzmannstr. 3 <> Garching