OpenLDAP如何确保两个子树内邮件字段的唯一性,同时允许跨子树复制?
问题描述:
我使用OpenLDAP和我我的用户存储下ou=users,ou=developers,o=orga,dc=domain,dc=comOpenLDAP如何确保两个子树内邮件字段的唯一性,同时允许跨子树复制?
每个用户都拥有一个mail属性,是使用的应用程序,使用LDAP进行身份验证。
我也有一个我配置为使用ldap的postfix邮件服务器。我存储我的电子邮件下dc=mailAccount,dc=domain.com,dc=mail,dc=domain,dc=com
我现在无法设置实时电子邮件在我的用户,因为邮件的CN是独一无二的。
Attribute value would not be unique
This update has been or will be cancelled, it would result in an attribute value not being unique. You might like to search the LDAP server for the offending entry.
我存储电子邮件DN代替,但现在我已经装了错误的电子邮件,可见我的大多数应用程序像Gitlab:
Email: [email protected],dc=mailaccount,dc=domain.com,dc=mail,dc=domain,dc=com
我想这是确定存储邮件服务器帐户和用户在我的LDAP的不同部分。
我只能在phpLDAPadmin中导入*.ldif文件来编辑条目和配置,我没有这个合成器。
编辑
这是我的Postfix配置:
ldap-aliases.cf
server_host = ldap://virtual.domain.com
server_port = 389
search_base = dc=mail,dc=domain,dc=com
query_filter = (&(objectClass=CourierMailAlias) (mail=%s))
result_attribute = maildrop
bind = yes
bind_dn = cn=readonly,dc=domain,dc=com
bind_pw = 123
version = 3
tls_ca_cert_file = /etc/postfix/ssl/cacert.pem
tls_cert = /etc/postfix/ssl/mail.domain.com-full.pem
tls_key = /etc/postfix/ssl/mail.domain.com-key.pem
ldap-accounts.cf
server_host = ldap://virtual.domain.com
server_port = 389
search_base = dc=mail,dc=domain,dc=com
query_filter = (&(objectClass=CourierMailAccount)(mail=%s))
result_attribute = mailbox
bind = yes
bind_dn = cn=readonly,dc=domain,dc=com
bind_pw = 123
version = 3
tls_ca_cert_file = /etc/postfix/ssl/cacert.pem
tls_cert = /etc/postfix/ssl/mail.domain.com-full.pem
tls_key = /etc/postfix/ssl/mail.domain.com-key.pem
ldap-domain.cf
server_host = ldap://virtual.domain.com
server_port = 389
search_base = dc=mail,dc=domain,dc=com
query_filter = (&(description=virtualDomain)(dc=%s))
result_attribute = dc
bind = yes
bind_dn = cn=readonly,dc=domain,dc=com
bind_pw = 123
version = 3
tls_ca_cert_file = /etc/postfix/ssl/cacert.pem
tls_cert = /etc/postfix/ssl/mail.domain.com-full.pem
tls_key = /etc/postfix/ssl/mail.domain.com-key.pem
这是整个树
LDIF导出为DC =域,DC = com的
# Server: ldap.service.domain-ovh.consul (ldap.service.domain-ovh.consul)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 74
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on June 14, 2017 9:48 pm
# Version: 1.2.3
version: 1
# Entry 1: dc=domain,dc=com
dn: dc=domain,dc=com
dc: domain
o: vdm Ltd
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 2: cn=admin,dc=domain,dc=com
dn: cn=admin,dc=domain,dc=com
cn: admin
description: LDAP administrator
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword: {SSHA}123456789123456789123456789
# Entry 3: cn=readonly,dc=domain,dc=com
dn: cn=readonly,dc=domain,dc=com
cn: readonly
description: LDAP read only user
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword: {SSHA}123456789123456789123456789
# Entry 4: cn=readonlypw,dc=domain,dc=com
dn: cn=readonlypw,dc=domain,dc=com
cn: readonlypw
description: LDAP read only user with password
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword: {SSHA}123456789123456789123456789
# Entry 5: dc=mail,dc=domain,dc=com
dn: dc=mail,dc=domain,dc=com
dc: mail
o: mail
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 6: dc=domain.com,dc=mail,dc=domain,dc=com
dn: dc=domain.com,dc=mail,dc=domain,dc=com
dc: domain.com
description: virtualDomain
o: domain.com
objectclass: top
objectclass: dcObject
objectclass: organization
userpassword: {SSHA}123456789123456789123456789
# Entry 7: dc=mailAccount,dc=domain.com,dc=mail,dc=domain,dc=com
dn: dc=mailAccount,dc=domain.com,dc=mail,dc=domain,dc=com
dc: mailAccount
o: mailAccount
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 8: [email protected],dc=mailAccount,dc=domain...
dn: [email protected],dc=mailAccount,dc=domain.com,dc=ma
il,dc=domain,dc=com
cn: [email protected]
displayname: Tom Joseph
givenname: Tom
homedirectory: /var/mail
mail: [email protected]
mailbox: domain.com/Tom.Joseph/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Joseph
userpassword: {SSHA}123456789123456789123456789
# Entry 9: [email protected],dc=mailAccount,dc=domain...
dn: [email protected],dc=mailAccount,dc=domain.com,dc=
mail,dc=domain,dc=com
cn: [email protected]
displayname: tom.soyer
givenname: Tom
homedirectory: /var/mail
mail: [email protected]
mailbox: domain.com/tom.soyer/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Soyer
userpassword: {SSHA}123456789123456789123456789
# Entry 10: [email protected],dc=mailAccount,dc=domain...
dn: [email protected],dc=mailAccount,dc=domain.com,dc=
mail,dc=domain,dc=com
cn: [email protected]
displayname: john.woe
givenname: Mat
homedirectory: /var/mail
mail: [email protected]
mailbox: domain.com/john.woe/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Voltaire
userpassword: {SSHA}123456789123456789123456789
# Entry 11: [email protected],dc=mailAccount,dc=domain.com,dc=m...
dn: [email protected],dc=mailAccount,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: [email protected]
displayname: gitlab
givenname: gitlab
homedirectory: /var/mail
mail: [email protected]
mailbox: domain.com/git/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Email
userpassword: {SSHA}123456789123456789123456789+DowTdRhEhkqVAwASugKp
# Entry 12: [email protected],dc=mailAccount,dc=domain.com...
dn: [email protected],dc=mailAccount,dc=domain.com,dc=mail,dc
=domain,dc=com
cn: [email protected]
displayname: no-reply
givenname: no-reply
homedirectory: /var/mail
mail: [email protected]
mailbox: domain.com/no-reply/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: no-reply
userpassword: {SSHA}123456789123456789123456789
# Entry 13: [email protected],dc=mailAccount,dc=domain.com,dc...
dn: [email protected],dc=mailAccount,dc=domain.com,dc=mail,dc=ko
paxgroup,dc=com
cn: [email protected]
displayname: relay
givenname: relay
homedirectory: /var/mail
mail: [email protected]
mailbox: domain.com/relay/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: relay
userpassword: {SSHA}123456789123456789123456789
# Entry 14: [email protected],dc=mailAccount,dc=domain.com,dc=...
dn: [email protected],dc=mailAccount,dc=domain.com,dc=mail,dc=kop
axgroup,dc=com
cn: [email protected]
displayname: Dev Email
givenname: Dev
homedirectory: /var/mail
mail: [email protected]
mailbox: domain.com/test/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Email
userpassword: {SSHA}123456789123456789123456789
# Entry 15: dc=mailAlias,dc=domain.com,dc=mail,dc=domain,dc=com
dn: dc=mailAlias,dc=domain.com,dc=mail,dc=domain,dc=com
dc: mailAlias
o: mailAlias
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 16: [email protected],dc=mailAlias,dc=domain.com...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc
=domain,dc=com
cn: [email protected]
displayname: Everybody
mail: [email protected]
maildrop: [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: accounting
# Entry 17: [email protected],dc=mailAlias,dc=domain.com,dc=mai...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: [email protected]
displayname: Tom Joseph
givenname: Tom
mail: [email protected]
maildrop: [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Joseph
# Entry 18: [email protected],dc=mailAlias,dc=domain.com,dc=mai...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: [email protected]
displayname: tom.soyer
givenname: Sofiane
mail: [email protected]
maildrop: [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Soyer
# Entry 19: [email protected],dc=mailAlias,dc=domain.com,dc=mai...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: [email protected]
displayname: Everybody
mail: [email protected]
maildrop: [email protected] [email protected] [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Everybody
# Entry 20: [email protected],dc=mailAlias,dc=domain.com,dc=m...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: [email protected]
displayname: Board
mail: [email protected]
maildrop: [email protected] [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Board
# Entry 21: [email protected],dc=mailAlias,dc=domain.com,dc=mai...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: [email protected]
displayname: Developers
mail: [email protected]
maildrop: [email protected] [email protected] [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Developers
# Entry 22: [email protected],dc=mailAlias,dc=domain.com,dc=mai...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: [email protected]
displayname: john.woe
givenname: Mat
mail: [email protected]
maildrop: [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Voltaire
# Entry 23: [email protected],dc=mailAlias,dc=domain.com,d...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc=k
opaxgroup,dc=com
cn: [email protected]
displayname: Hong-Kong Offices
mail: [email protected]
maildrop: [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Hong-Kong Offices
# Entry 24: [email protected],dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=j[email protected],dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: [email protected]
displayname: Jobs
mail: [email protected]
maildrop: [email protected] [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Jobs
# Entry 25: [email protected],dc=mailAlias,dc=domain.com,dc=m...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: [email protected]
displayname: Jobs
mail: [email protected]
maildrop: [email protected] [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Jobs
# Entry 26: [email protected],dc=mailAlias,dc=domain.com...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc
=domain,dc=com
cn: [email protected]
displayname: postmaster
mail: [email protected]
maildrop: [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: postmaster
# Entry 27: [email protected],dc=mailAlias,dc=domain.com,dc=...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc=kop
axgroup,dc=com
cn: [email protected]
displayname: Social
mail: [email protected]
maildrop: [email protected] [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Social
# Entry 28: [email protected],dc=mailAlias,dc=domain.com,dc=m...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: [email protected]
displayname: Test Email
mail: [email protected]
maildrop: [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Test Email
# Entry 29: [email protected],dc=mailAlias,dc=domain.com,dc=m...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: [email protected]
displayname: Test Email
mail: [email protected]
maildrop: [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Test Email
# Entry 30: [email protected],dc=mailAlias,dc=domain.com,dc=m...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: [email protected]
displayname: Test Email
mail: [email protected]
maildrop: [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Test Email
# Entry 31: [email protected],dc=mailAlias,dc=domain.com...
dn: [email protected],dc=mailAlias,dc=domain.com,dc=mail,dc
=domain,dc=com
cn: [email protected]
displayname: Social
mail: [email protected]
maildrop: [email protected] [email protected] [email protected] debbiemcl
[email protected] [email protected]
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Social
# Entry 32: o=vdm,dc=domain,dc=com
dn: o=vdm,dc=domain,dc=com
o: vdm Ltd
o: vdm
objectclass: top
objectclass: organization
# Entry 33: ou=administrations,o=vdm,dc=domain,dc=com
dn: ou=administrations,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: administrations
# Entry 34: ou=groups,ou=administrations,o=vdm,dc=domain,dc=com
dn: ou=groups,ou=administrations,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
# Entry 35: cn=odoo_users,ou=groups,ou=administrations,o=vdm,dc=domain...
dn: cn=odoo_users,ou=groups,ou=administrations,o=vdm,dc=domain,dc=com
cn: odoo_users
description: Users allowed to login to odoo.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 36: ou=users,ou=administrations,o=vdm,dc=domain,dc=com
dn: ou=users,ou=administrations,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users
# Entry 37: ou=developers,o=vdm,dc=domain,dc=com
dn: ou=developers,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: developers
# Entry 38: ou=groups,ou=developers,o=vdm,dc=domain,dc=com
dn: ou=groups,ou=developers,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
# Entry 39: cn=git_users,ou=groups,ou=developers,o=vdm,dc=domain,dc...
dn: cn=git_users,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Git Users
cn: git_users
description: Users allowed to login to git.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 40: cn=jenkins_admins,ou=groups,ou=developers,o=vdm,dc=domaino...
dn: cn=jenkins_admins,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Jenkins Administrators
cn: jenkins_admins
description: Staff members allowed to administrate to jenkins build system
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 41: cn=jenkins_users,ou=groups,ou=developers,o=vdm,dc=domainou...
dn: cn=jenkins_users,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Jenkins Users
cn: jenkins_users
description: Staff members allowed to login to jenkins build system
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 42: cn=private_users,ou=groups,ou=developers,o=vdm,dc=domainou...
dn: cn=private_users,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Private git users
cn: private_users
description: Users allowed to login to the private git
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 43: ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain,dc=com...
dn: ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
objectclass: organizationalUnit
objectclass: top
ou: sonar
# Entry 44: cn=api-administrators,ou=sonar,ou=groups,ou=developers,o=kopa...
dn: cn=api-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=vdmg
roup,dc=com
cn: api-administrators
description: administrators of domain/api
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 45: cn=api-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc...
dn: cn=api-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain
,dc=com
cn: api-developers
description: developers of domain/api
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 46: cn=backoffice-administrators,ou=sonar,ou=groups,ou=developers...
dn: cn=backoffice-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc
=domain,dc=com
cn: backoffice-administrators
description: administrators of domain/backoffice
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 47: cn=backoffice-developers,ou=sonar,ou=groups,ou=developers,o=k...
dn: cn=backoffice-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=kop
axgroup,dc=com
cn: backoffice-developers
description: developers of domain/backoffice
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 48: cn=bootstrap-styled-administrators,ou=sonar,ou=groups,ou=deve...
dn: cn=bootstrap-styled-administrators,ou=sonar,ou=groups,ou=developers,o=ko
pax,dc=domain,dc=com
cn: bootstrap-styled-administrators
description: administrators of bootstrap-styled
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 49: cn=bootstrap-styled-developers,ou=sonar,ou=groups,ou=develope...
dn: cn=bootstrap-styled-developers,ou=sonar,ou=groups,ou=developers,o=vdm,
dc=domain,dc=com
cn: bootstrap-styled-developers
description: developers of bootstrap-styled
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 50: cn=dev-tools-administrators,ou=sonar,ou=groups,ou=developers,...
dn: cn=dev-tools-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=
domain,dc=com
cn: dev-tools-administrators
description: administrators of module/devtools/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 51: cn=dev-tools-developers,ou=sonar,ou=groups,ou=developers,o=ko...
dn: cn=dev-tools-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=kopa
xgroup,dc=com
cn: dev-tools-developers
description: developers of module/devtools/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 52: cn=java-api-administrators,ou=sonar,ou=groups,ou=developers,o...
dn: cn=java-api-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=k
opaxgroup,dc=com
cn: java-api-administrators
description: administrators of git/java-api/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 53: cn=java-api-developers,ou=sonar,ou=groups,ou=developers,o=kop...
dn: cn=java-api-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=vdm
group,dc=com
cn: java-api-developers
description: developers of git/java-api/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 54: cn=quality-gates-administrators,ou=sonar,ou=groups,ou=develop...
dn: cn=quality-gates-administrators,ou=sonar,ou=groups,ou=developers,o=vdm
,dc=domain,dc=com
cn: quality-gates-administrators
description: quality-gates administrators
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 55: cn=quality-profiles-administrators,ou=sonar,ou=groups,ou=deve...
dn: cn=quality-profiles-administrators,ou=sonar,ou=groups,ou=developers,o=ko
pax,dc=domain,dc=com
cn: quality-profiles-administrators
description: quality-profiles administrators
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 56: cn=redstar-administrators,ou=sonar,ou=groups,ou=developers,o=...
dn: cn=redstar-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=ko
paxgroup,dc=com
cn: redstar-administrators
description: administrators of redstar/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 57: cn=redstar-developers,ou=sonar,ou=groups,ou=developers,o=kopa...
dn: cn=redstar-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=vdmg
roup,dc=com
cn: redstar-developers
description: developers of redstar/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 58: cn=sonar-administrators,ou=sonar,ou=groups,ou=developers,o=ko...
dn: cn=sonar-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=kopa
xgroup,dc=com
cn: sonar-administrators
description: Administrators of https://sonarqube.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 59: cn=sonar-users,ou=sonar,ou=groups,ou=developers,o=vdm,dc=ko...
dn: cn=sonar-users,ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain,dc
=com
cn: sonar-users
description: Users of https://sonarqube.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 60: ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: ou=users,ou=developers,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users
# Entry 61: c=FR,ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: c=FR,ou=users,ou=developers,o=vdm,dc=domain,dc=com
c: FR
description: France officies
objectclass: country
objectclass: top
# Entry 62: c=HK,ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: c=HK,ou=users,ou=developers,o=vdm,dc=domain,dc=com
c: HK
description: Hong-Kong officies
objectclass: country
objectclass: top
# Entry 63: c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=com
c: VN
description: Vietnam officies
objectclass: country
objectclass: top
# Entry 64: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=...
dn: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=com
cn: john.woe
employeetype: developer
gecos: john.woe
gidnumber: 14564101
givenname: Mat
homedirectory: /home/sbg
loginshell: /bin/bash
mail: [email protected],dc=mailAccount,dc=domain.com,d
c=mail,dc=domain,dc=com
objectclass: top
objectclass: posixAccount
objectclass: inetOrgPerson
sn: Voltaire
uid: sbg
uidnumber: 14583102
userpassword: {SSHA}123456789123456789123456789
# Entry 65: ou=school,o=vdm,dc=domain,dc=com
dn: ou=school,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: school
# Entry 66: ou=groups,ou=school,o=vdm,dc=domain,dc=com
dn: ou=groups,ou=school,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
# Entry 67: cn=module_users,ou=groups,ou=school,o=vdm,dc=domain,dc=...
dn: cn=module_users,ou=groups,ou=school,o=vdm,dc=domain,dc=com
cn: School git users
cn: module_users
description: Users allowed to login to module.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 68: cn=school_users,ou=groups,ou=school,o=vdm,dc=domain,dc=...
dn: cn=school_users,ou=groups,ou=school,o=vdm,dc=domain,dc=com
cn: School git users
cn: school_users
description: Users allowed to login to school.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 69: ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: ou=users,ou=school,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users
# Entry 70: c=FR,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: c=FR,ou=users,ou=school,o=vdm,dc=domain,dc=com
c: FR
description: France officies
objectclass: country
objectclass: top
# Entry 71: c=HK,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: c=HK,ou=users,ou=school,o=vdm,dc=domain,dc=com
c: HK
description: Hong-Kong officies
objectclass: country
objectclass: top
# Entry 72: c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
c: VN
description: Vietnam officies
objectclass: country
objectclass: top
# Entry 73: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
cn: Tom Joseph
employeetype: developer
gecos: Tom Joseph
gidnumber: 14564103
givenname: Tom
homedirectory: /home/vdm
loginshell: /bin/bash
mail: [email protected],dc=mailAccount,dc=domain.com,dc=
mail,dc=domain,dc=com
objectclass: top
objectclass: posixAccount
objectclass: inetOrgPerson
sn: Joseph
uid: vdm
uidnumber: 14583104
userpassword: {SSHA}123456789123456789123456789+eiWwf9KTr4A+79CjyqY5/okZsL2Ke1
# Entry 74: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
cn: tom.soyer
employeetype: developer
gecos: tom.soyer
gidnumber: 14564103
homedirectory: /home/tsr
loginshell: /bin/bash
mail: [email protected],dc=mailAccount,dc=domain.com,d
c=mail,dc=domain,dc=com
objectclass: top
objectclass: posixAccount
objectclass: inetOrgPerson
sn: Soyer
uid: tsr
uidnumber: 14583104
userpassword: {SSHA}123456789123456789123456789
答
这与cn什么都没有关系。
这是因为您的unique叠加层配置错误或配置不够好。您可能正在使用旧版unique_attributes条目,或者您可能只有一个unique_uri条目。
您应该使用多个unique_uri条目定义的mail属性必须dc=mailAccount,dc=domain.com,dc=mail,dc=com下是唯一的一次,单独,ou=users,ou=school,o=vdm,dc=domain,dc=com下,也许再次dc=mailAlias,...下,你需要什么。
编辑喜欢的东西:
unique_uri=ldap:///dc=mailAccount,dc=domain.com,dc=mail,dc=com?mail?sub ldap:///ou=users,ou=school,o=vdm,dc=domain,dc=com?mail?sub
,也许
ldap:///dc=mailAlias,dc=domain.com,dc=mail,dc=domain,dc=com?mail?sub
或课程olcUniqueURI:代替unique_uri=,如果你使用在线配置,你应该。
并且不要忘记删除旧的unique_attributes或olcUniqueAttributes条目。请注意,如果有其他属性被设置为唯一的,则在这种情况下,您还必须在olcUniqueURI中配置它们。例如,我也有uid和displayName作为唯一。由于我不想限制这些范围,这意味着:
olcUniqueURI: ldap:///?mail,uid,displayName?sub
+0
非常感谢您的链接,并指引我朝着正确的方向发展。文档很短,您是否有更具体的例子开始使用? – BigDong
+0
@BigDong查看编辑 – EJP
+0
我添加了我的树的截图。我使用openldap的[image](https://github.com/osixia/docker-openldap#edit-your-server-configuration),我想我正在使用在线配置。我有一组ldif文件启动我的服务器。 (见[示例1](https://github.com/osixia/docker-openldap/blob/stable/example/extend-osixia-openldap/bootstrap/ldif/billy.ldif))我不确定在哪个dn我应该附加'olcUniqueURI'。它是'olcSchemaConfig'吗? – BigDong
答
你可以使用像这样配置的地图就像/etc/postfix/ldap-aliases.cf出口:
server_host = ldap.example.com
search_base = ou=users,ou=developers,o=orga,dc=domain,dc=com
# look for entries with this
query_filter = (|(uid=%s)(mailacceptinggeneralid=%s)(mail=%[email protected]))
# what attribute from the search result is returned
result_attribute = mail
# the format in which the result is returned
result_format = %s
通过这种配置,您不需要特定的分支来配置电子邮件帐户。
邮件条目的cn是否是唯一的,防止您将邮件地址存储在用户的邮件条目中?不同属性之间没有唯一性*。你可以使'cn'具有唯一性,这是非常不寻常的,你应该使'mail'独一无二,但是它们之间没有任何联系。不清楚你在问什么。 – EJP
@EJP当我尝试给用户设置一封电子邮件时,我有这样一条信息:'属性值不会是唯一的 此更新已经或将被取消,它会导致属性值不唯一。您可能希望在LDAP服务器中搜索有问题的条目。' – BigDong
当您设置'mail'属性时?这只能意味着另一个条目在它的'mail'属性中已经具有相同的值。无论用什么方法,都不需要做任何事情。你可以发布你的'独特'覆盖的配置吗? – EJP