[Mageia-sysadm] Mailling list type
Buchan Milne
bgmilne at multilinks.com
Fri Dec 10 14:43:10 CET 2010
On Friday, 10 December 2010 13:15:31 Michael Scherer wrote:
> So after checking sympa doc ( and code source ), we face a problem
> here .
>
> Here
> ( http://www.sympa.org/manual/authorization-scenarios#named_filters ),
> this is explained that we can do a query to ldap to find if a email can
> post to a list. So far so good.
>
> But just one query.
>
> And so, I am unable to find a query who can give me the list of email of
> people of a ldap group in our ldap ( as we do not use memberOf )
>
> We have 3 solutions :
> - someone add the support for ldap queries with 2 level in sympa ( as
> this is done for others ldap usage )
>
> - we use slapo-memberof
> ( http://www.openldap.org/doc/admin24/overlays.html )
I have mentioned that we may need slapo-memberof.
> - we use slapo-dynlist ( same page )
>
> slapo-memberof seems to be what we want, but this doesn't seems dynamic
> ( ie, we will have to update the 10 existing entries in ldap to make
> them compliant ).
No real issue ...
> slapo-dynlist seems overkill.
>
> Any LDAP guru to give insight ?
slapo-dynlist has some issues when used to provide features like slapo-
memberof. Specifically, you can't filter on the dyanmic values, so e.g. search
for "(&(objectClass=posixAccount)(memberof=cn=mageia-xxx,ou=Group....)
(uid=foo))" is not feasible to try and determine authorization in a single
search.
So, I think we have only two options, and using slapo-memberof may be the best
(as it solves the problem for other clients). There are some caveats, but in
our deployment they should not matter.
Regards,
Buchan
More information about the Mageia-sysadm
mailing list