OpenLDAP如何确保两个子树内的邮件字段的唯一性,同时允许跨子树的重复?

时间:2017-06-13 09:36:09

标签: email ldap openldap postfix

我正在使用OpenLDAP,我将用户存储在ou=users,ou=developers,o=orga,dc=domain,dc=com

每个用户都有一个mail属性,供使用LDAP进行身份验证的应用程序使用。

我还有一个我配置为使用ldap的postfix邮件服务器。我将电子邮件存储在dc=mailAccount,dc=domain.com,dc=mail,dc=domain,dc=com

image

我现在无法在用户中设置真实的电子邮件,因为电子邮件的cn是唯一的。

Attribute value would not be unique
This update has been or will be cancelled, it would result in an attribute value not being unique. You might like to search the LDAP server for the offending entry.

我正在存储电子邮件dn,但现在我在我的大多数应用程序中加载了错误的电子邮件,如Gitlab:

Email: mail=me@domain.com,dc=mailaccount,dc=domain.com,dc=mail,dc=domain,dc=com

我认为将邮件服务器帐户和用户存储在我的ldap的不同部分是可以的。

我只能在phpLDAPadmin中导入*.ldif文件来编辑条目和配置,我不需要这个合成器。

修改

这是我的后缀配置:

ldap-aliases.cf

server_host = ldap://virtual.domain.com
server_port = 389
search_base = dc=mail,dc=domain,dc=com
query_filter = (&(objectClass=CourierMailAlias) (mail=%s))
result_attribute = maildrop
bind = yes
bind_dn = cn=readonly,dc=domain,dc=com
bind_pw = 123
version = 3

tls_ca_cert_file = /etc/postfix/ssl/cacert.pem
tls_cert = /etc/postfix/ssl/mail.domain.com-full.pem
tls_key = /etc/postfix/ssl/mail.domain.com-key.pem

ldap-accounts.cf

server_host = ldap://virtual.domain.com
server_port = 389
search_base = dc=mail,dc=domain,dc=com
query_filter = (&(objectClass=CourierMailAccount)(mail=%s))
result_attribute = mailbox
bind = yes
bind_dn = cn=readonly,dc=domain,dc=com
bind_pw = 123
version = 3

tls_ca_cert_file = /etc/postfix/ssl/cacert.pem
tls_cert = /etc/postfix/ssl/mail.domain.com-full.pem
tls_key = /etc/postfix/ssl/mail.domain.com-key.pem

ldap-domain.cf

server_host = ldap://virtual.domain.com
server_port = 389
search_base = dc=mail,dc=domain,dc=com
query_filter = (&(description=virtualDomain)(dc=%s))
result_attribute = dc
bind = yes
bind_dn = cn=readonly,dc=domain,dc=com
bind_pw = 123
version = 3

tls_ca_cert_file = /etc/postfix/ssl/cacert.pem
tls_cert = /etc/postfix/ssl/mail.domain.com-full.pem
tls_key = /etc/postfix/ssl/mail.domain.com-key.pem

这是整棵树的导出

dc = domain,dc = com

的LDIF导出
# Server: ldap.service.domain-ovh.consul (ldap.service.domain-ovh.consul)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 74
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on June 14, 2017 9:48 pm
# Version: 1.2.3

version: 1

# Entry 1: dc=domain,dc=com
dn: dc=domain,dc=com
dc: domain
o: vdm Ltd
objectclass: top
objectclass: dcObject
objectclass: organization

# Entry 2: cn=admin,dc=domain,dc=com
dn: cn=admin,dc=domain,dc=com
cn: admin
description: LDAP administrator
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword: {SSHA}123456789123456789123456789

# Entry 3: cn=readonly,dc=domain,dc=com
dn: cn=readonly,dc=domain,dc=com
cn: readonly
description: LDAP read only user
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword: {SSHA}123456789123456789123456789

# Entry 4: cn=readonlypw,dc=domain,dc=com
dn: cn=readonlypw,dc=domain,dc=com
cn: readonlypw
description: LDAP read only user with password
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword: {SSHA}123456789123456789123456789

# Entry 5: dc=mail,dc=domain,dc=com
dn: dc=mail,dc=domain,dc=com
dc: mail
o: mail
objectclass: top
objectclass: dcObject
objectclass: organization

# Entry 6: dc=domain.com,dc=mail,dc=domain,dc=com
dn: dc=domain.com,dc=mail,dc=domain,dc=com
dc: domain.com
description: virtualDomain
o: domain.com
objectclass: top
objectclass: dcObject
objectclass: organization
userpassword: {SSHA}123456789123456789123456789

# Entry 7: dc=mailAccount,dc=domain.com,dc=mail,dc=domain,dc=com
dn: dc=mailAccount,dc=domain.com,dc=mail,dc=domain,dc=com
dc: mailAccount
o: mailAccount
objectclass: top
objectclass: dcObject
objectclass: organization

# Entry 8: mail=Tom.Joseph@domain.com,dc=mailAccount,dc=domain...
dn: mail=Tom.Joseph@domain.com,dc=mailAccount,dc=domain.com,dc=ma
 il,dc=domain,dc=com
cn: Tom.Joseph@domain.com
displayname: Tom Joseph
givenname: Tom
homedirectory: /var/mail
mail: Tom.Joseph@domain.com
mailbox: domain.com/Tom.Joseph/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Joseph
userpassword: {SSHA}123456789123456789123456789

# Entry 9: mail=tom.soyer@domain.com,dc=mailAccount,dc=domain...
dn: mail=tom.soyer@domain.com,dc=mailAccount,dc=domain.com,dc=
 mail,dc=domain,dc=com
cn: tom.soyer@domain.com
displayname: tom.soyer
givenname: Tom
homedirectory: /var/mail
mail: tom.soyer@domain.com
mailbox: domain.com/tom.soyer/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Soyer
userpassword: {SSHA}123456789123456789123456789

# Entry 10: mail=john.woe@domain.com,dc=mailAccount,dc=domain...
dn: mail=john.woe@domain.com,dc=mailAccount,dc=domain.com,dc=
 mail,dc=domain,dc=com
cn: john.woe@domain.com
displayname: john.woe
givenname: Mat
homedirectory: /var/mail
mail: john.woe@domain.com
mailbox: domain.com/john.woe/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Voltaire
userpassword: {SSHA}123456789123456789123456789

# Entry 11: mail=git@domain.com,dc=mailAccount,dc=domain.com,dc=m...
dn: mail=git@domain.com,dc=mailAccount,dc=domain.com,dc=mail,dc=kopa
 xgroup,dc=com
cn: git@domain.com
displayname: gitlab
givenname: gitlab
homedirectory: /var/mail
mail: git@domain.com
mailbox: domain.com/git/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Email
userpassword: {SSHA}123456789123456789123456789+DowTdRhEhkqVAwASugKp

# Entry 12: mail=no-reply@domain.com,dc=mailAccount,dc=domain.com...
dn: mail=no-reply@domain.com,dc=mailAccount,dc=domain.com,dc=mail,dc
 =domain,dc=com
cn: no-reply@domain.com
displayname: no-reply
givenname: no-reply
homedirectory: /var/mail
mail: no-reply@domain.com
mailbox: domain.com/no-reply/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: no-reply
userpassword: {SSHA}123456789123456789123456789

# Entry 13: mail=relay@domain.com,dc=mailAccount,dc=domain.com,dc...
dn: mail=relay@domain.com,dc=mailAccount,dc=domain.com,dc=mail,dc=ko
 paxgroup,dc=com
cn: relay@domain.com
displayname: relay
givenname: relay
homedirectory: /var/mail
mail: relay@domain.com
mailbox: domain.com/relay/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: relay
userpassword: {SSHA}123456789123456789123456789

# Entry 14: mail=test@domain.com,dc=mailAccount,dc=domain.com,dc=...
dn: mail=test@domain.com,dc=mailAccount,dc=domain.com,dc=mail,dc=kop
 axgroup,dc=com
cn: test@domain.com
displayname: Dev Email
givenname: Dev
homedirectory: /var/mail
mail: test@domain.com
mailbox: domain.com/test/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Email
userpassword: {SSHA}123456789123456789123456789

# Entry 15: dc=mailAlias,dc=domain.com,dc=mail,dc=domain,dc=com
dn: dc=mailAlias,dc=domain.com,dc=mail,dc=domain,dc=com
dc: mailAlias
o: mailAlias
objectclass: top
objectclass: dcObject
objectclass: organization

# Entry 16: mail=accounting@domain.com,dc=mailAlias,dc=domain.com...
dn: mail=accounting@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc
 =domain,dc=com
cn: accounting@domain.com
displayname: Everybody
mail: accounting@domain.com
maildrop: sbg@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: accounting

# Entry 17: mail=vdm@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=vdm@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
 roup,dc=com
cn: vdm@domain.com
displayname: Tom Joseph
givenname: Tom
mail: vdm@domain.com
maildrop: Tom.Joseph@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Joseph

# Entry 18: mail=tsr@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=tsr@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
 roup,dc=com
cn: tsr@domain.com
displayname: tom.soyer
givenname: Sofiane
mail: tsr@domain.com
maildrop: tom.soyer@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Soyer

# Entry 19: mail=all@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=all@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
 roup,dc=com
cn: all@domain.com
displayname: Everybody
mail: all@domain.com
maildrop: sbg@domain.com tsr@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Everybody

# Entry 20: mail=board@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=board@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
 xgroup,dc=com
cn: board@domain.com
displayname: Board
mail: board@domain.com
maildrop: sbg@domain.com tsr@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Board

# Entry 21: mail=dev@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=dev@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
 roup,dc=com
cn: dev@domain.com
displayname: Developers
mail: dev@domain.com
maildrop: sbg@domain.com tsr@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Developers

# Entry 22: mail=sbg@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=sbg@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
 roup,dc=com
cn: sbg@domain.com
displayname: john.woe
givenname: Mat
mail: sbg@domain.com
maildrop: john.woe@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Voltaire

# Entry 23: mail=hongkong@domain.com,dc=mailAlias,dc=domain.com,d...
dn: mail=hongkong@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=k
 opaxgroup,dc=com
cn: hongkong@domain.com
displayname: Hong-Kong Offices
mail: hongkong@domain.com
maildrop: sbg@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Hong-Kong Offices

# Entry 24: mail=job@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=job@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
 roup,dc=com
cn: job@domain.com
displayname: Jobs
mail: job@domain.com
maildrop: sbg@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Jobs

# Entry 25: mail=media@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=media@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
 xgroup,dc=com
cn: media@domain.com
displayname: Jobs
mail: media@domain.com
maildrop: sbg@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Jobs

# Entry 26: mail=postmaster@domain.com,dc=mailAlias,dc=domain.com...
dn: mail=postmaster@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc
 =domain,dc=com
cn: postmaster@domain.com
displayname: postmaster
mail: postmaster@domain.com
maildrop: sbg@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: postmaster

# Entry 27: mail=social@domain.com,dc=mailAlias,dc=domain.com,dc=...
dn: mail=social@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kop
 axgroup,dc=com
cn: social@domain.com
displayname: Social
mail: social@domain.com
maildrop: sbg@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Social

# Entry 28: mail=test1@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=test1@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
 xgroup,dc=com
cn: test1@domain.com
displayname: Test Email
mail: test1@domain.com
maildrop: test@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Test Email

# Entry 29: mail=test2@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=test2@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
 xgroup,dc=com
cn: test2@domain.com
displayname: Test Email
mail: test2@domain.com
maildrop: test@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Test Email

# Entry 30: mail=test3@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=test3@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
 xgroup,dc=com
cn: test3@domain.com
displayname: Test Email
mail: test3@domain.com
maildrop: test@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Test Email

# Entry 31: mail=vietnamese@domain.com,dc=mailAlias,dc=domain.com...
dn: mail=vietnamese@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc
 =domain,dc=com
cn: vietnamese@domain.com
displayname: Social
mail: vietnamese@domain.com
maildrop: sbg@domain.com vdm@domain.com tsr@domain.com debbiemcl
 ean86@gmail.com d.Voltaire@gmail.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Social

# Entry 32: o=vdm,dc=domain,dc=com
dn: o=vdm,dc=domain,dc=com
o: vdm Ltd
o: vdm
objectclass: top
objectclass: organization

# Entry 33: ou=administrations,o=vdm,dc=domain,dc=com
dn: ou=administrations,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: administrations

# Entry 34: ou=groups,ou=administrations,o=vdm,dc=domain,dc=com
dn: ou=groups,ou=administrations,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups

# Entry 35: cn=odoo_users,ou=groups,ou=administrations,o=vdm,dc=domain...
dn: cn=odoo_users,ou=groups,ou=administrations,o=vdm,dc=domain,dc=com
cn: odoo_users
description: Users allowed to login to odoo.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om

# Entry 36: ou=users,ou=administrations,o=vdm,dc=domain,dc=com
dn: ou=users,ou=administrations,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users

# Entry 37: ou=developers,o=vdm,dc=domain,dc=com
dn: ou=developers,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: developers

# Entry 38: ou=groups,ou=developers,o=vdm,dc=domain,dc=com
dn: ou=groups,ou=developers,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups

# Entry 39: cn=git_users,ou=groups,ou=developers,o=vdm,dc=domain,dc...
dn: cn=git_users,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Git Users
cn: git_users
description: Users allowed to login to git.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 40: cn=jenkins_admins,ou=groups,ou=developers,o=vdm,dc=domaino...
dn: cn=jenkins_admins,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Jenkins Administrators
cn: jenkins_admins
description: Staff members allowed to administrate to jenkins build system
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om

# Entry 41: cn=jenkins_users,ou=groups,ou=developers,o=vdm,dc=domainou...
dn: cn=jenkins_users,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Jenkins Users
cn: jenkins_users
description: Staff members allowed to login to jenkins build system
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om

# Entry 42: cn=private_users,ou=groups,ou=developers,o=vdm,dc=domainou...
dn: cn=private_users,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Private git users
cn: private_users
description: Users allowed to login to the private git
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om

# Entry 43: ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain,dc=com...
dn: ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
objectclass: organizationalUnit
objectclass: top
ou: sonar

# Entry 44: cn=api-administrators,ou=sonar,ou=groups,ou=developers,o=kopa...
dn: cn=api-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=vdmg
 roup,dc=com
cn: api-administrators
description: administrators of domain/api
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om

# Entry 45: cn=api-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc...
dn: cn=api-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain
 ,dc=com
cn: api-developers
description: developers of domain/api
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 46: cn=backoffice-administrators,ou=sonar,ou=groups,ou=developers...
dn: cn=backoffice-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc
 =domain,dc=com
cn: backoffice-administrators
description: administrators of domain/backoffice
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om

# Entry 47: cn=backoffice-developers,ou=sonar,ou=groups,ou=developers,o=k...
dn: cn=backoffice-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=kop
 axgroup,dc=com
cn: backoffice-developers
description: developers of domain/backoffice
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 48: cn=bootstrap-styled-administrators,ou=sonar,ou=groups,ou=deve...
dn: cn=bootstrap-styled-administrators,ou=sonar,ou=groups,ou=developers,o=ko
 pax,dc=domain,dc=com
cn: bootstrap-styled-administrators
description: administrators of bootstrap-styled
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 49: cn=bootstrap-styled-developers,ou=sonar,ou=groups,ou=develope...
dn: cn=bootstrap-styled-developers,ou=sonar,ou=groups,ou=developers,o=vdm,
 dc=domain,dc=com
cn: bootstrap-styled-developers
description: developers of bootstrap-styled
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 50: cn=dev-tools-administrators,ou=sonar,ou=groups,ou=developers,...
dn: cn=dev-tools-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=
 domain,dc=com
cn: dev-tools-administrators
description: administrators of module/devtools/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om

# Entry 51: cn=dev-tools-developers,ou=sonar,ou=groups,ou=developers,o=ko...
dn: cn=dev-tools-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=kopa
 xgroup,dc=com
cn: dev-tools-developers
description: developers of module/devtools/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 52: cn=java-api-administrators,ou=sonar,ou=groups,ou=developers,o...
dn: cn=java-api-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=k
 opaxgroup,dc=com
cn: java-api-administrators
description: administrators of git/java-api/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om

# Entry 53: cn=java-api-developers,ou=sonar,ou=groups,ou=developers,o=kop...
dn: cn=java-api-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=vdm
 group,dc=com
cn: java-api-developers
description: developers of git/java-api/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 54: cn=quality-gates-administrators,ou=sonar,ou=groups,ou=develop...
dn: cn=quality-gates-administrators,ou=sonar,ou=groups,ou=developers,o=vdm
 ,dc=domain,dc=com
cn: quality-gates-administrators
description: quality-gates administrators
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 55: cn=quality-profiles-administrators,ou=sonar,ou=groups,ou=deve...
dn: cn=quality-profiles-administrators,ou=sonar,ou=groups,ou=developers,o=ko
 pax,dc=domain,dc=com
cn: quality-profiles-administrators
description: quality-profiles administrators
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 56: cn=redstar-administrators,ou=sonar,ou=groups,ou=developers,o=...
dn: cn=redstar-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=ko
 paxgroup,dc=com
cn: redstar-administrators
description: administrators of redstar/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 57: cn=redstar-developers,ou=sonar,ou=groups,ou=developers,o=kopa...
dn: cn=redstar-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=vdmg
 roup,dc=com
cn: redstar-developers
description: developers of redstar/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 58: cn=sonar-administrators,ou=sonar,ou=groups,ou=developers,o=ko...
dn: cn=sonar-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=kopa
 xgroup,dc=com
cn: sonar-administrators
description: Administrators of https://sonarqube.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om

# Entry 59: cn=sonar-users,ou=sonar,ou=groups,ou=developers,o=vdm,dc=ko...
dn: cn=sonar-users,ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain,dc
 =com
cn: sonar-users
description: Users of https://sonarqube.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 60: ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: ou=users,ou=developers,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users

# Entry 61: c=FR,ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: c=FR,ou=users,ou=developers,o=vdm,dc=domain,dc=com
c: FR
description: France officies
objectclass: country
objectclass: top

# Entry 62: c=HK,ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: c=HK,ou=users,ou=developers,o=vdm,dc=domain,dc=com
c: HK
description: Hong-Kong officies
objectclass: country
objectclass: top

# Entry 63: c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=com
c: VN
description: Vietnam officies
objectclass: country
objectclass: top

# Entry 64: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=...
dn: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=com
cn: john.woe
employeetype: developer
gecos: john.woe
gidnumber: 14564101
givenname: Mat
homedirectory: /home/sbg
loginshell: /bin/bash
mail: mail=john.woe@domain.com,dc=mailAccount,dc=domain.com,d
 c=mail,dc=domain,dc=com
objectclass: top
objectclass: posixAccount
objectclass: inetOrgPerson
sn: Voltaire
uid: sbg
uidnumber: 14583102
userpassword: {SSHA}123456789123456789123456789

# Entry 65: ou=school,o=vdm,dc=domain,dc=com
dn: ou=school,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: school

# Entry 66: ou=groups,ou=school,o=vdm,dc=domain,dc=com
dn: ou=groups,ou=school,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups

# Entry 67: cn=module_users,ou=groups,ou=school,o=vdm,dc=domain,dc=...
dn: cn=module_users,ou=groups,ou=school,o=vdm,dc=domain,dc=com
cn: School git users
cn: module_users
description: Users allowed to login to module.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 68: cn=school_users,ou=groups,ou=school,o=vdm,dc=domain,dc=...
dn: cn=school_users,ou=groups,ou=school,o=vdm,dc=domain,dc=com
cn: School git users
cn: school_users
description: Users allowed to login to school.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
 om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com

# Entry 69: ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: ou=users,ou=school,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users

# Entry 70: c=FR,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: c=FR,ou=users,ou=school,o=vdm,dc=domain,dc=com
c: FR
description: France officies
objectclass: country
objectclass: top

# Entry 71: c=HK,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: c=HK,ou=users,ou=school,o=vdm,dc=domain,dc=com
c: HK
description: Hong-Kong officies
objectclass: country
objectclass: top

# Entry 72: c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
c: VN
description: Vietnam officies
objectclass: country
objectclass: top

# Entry 73: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
cn: Tom Joseph
employeetype: developer
gecos: Tom Joseph
gidnumber: 14564103
givenname: Tom
homedirectory: /home/vdm
loginshell: /bin/bash
mail: mail=Tom.Joseph@domain.com,dc=mailAccount,dc=domain.com,dc=
 mail,dc=domain,dc=com
objectclass: top
objectclass: posixAccount
objectclass: inetOrgPerson
sn: Joseph
uid: vdm
uidnumber: 14583104
userpassword: {SSHA}123456789123456789123456789+eiWwf9KTr4A+79CjyqY5/okZsL2Ke1

# Entry 74: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
cn: tom.soyer
employeetype: developer
gecos: tom.soyer
gidnumber: 14564103
homedirectory: /home/tsr
loginshell: /bin/bash
mail: mail=tom.soyer@domain.com,dc=mailAccount,dc=domain.com,d
 c=mail,dc=domain,dc=com
objectclass: top
objectclass: posixAccount
objectclass: inetOrgPerson
sn: Soyer
uid: tsr
uidnumber: 14583104
userpassword: {SSHA}123456789123456789123456789

2 个答案:

答案 0 :(得分:1)

这与cn无关。

这是因为您的unique重叠错误配置,或者配置不当。您可能正在使用旧版unique_attributes条目,或者您可能只有一个unique_uri条目。

您应该使用多个 unique_uri条目来定义mail属性在dc=mailAccount,dc=domain.com,dc=mail,dc=com下必须是唯一的,并再次单独在ou=users,ou=school,o=vdm,dc=domain,dc=com下,无论你需要什么,都可以在dc=mailAlias,...之下。

编辑类似于:

unique_uri=ldap:///dc=mailAccount,dc=domain.com,dc=mail,dc=com?mail?sub ldap:///ou=users,ou=school,o=vdm,dc=domain,dc=com?mail?sub

也许

ldap:///dc=mailAlias,dc=domain.com,dc=mail,dc=domain,dc=com?mail?sub
如果你正在使用在线配置,那么

当然是olcUniqueURI:而不是unique_uri=

不要忘记删除旧的unique_attributesolcUniqueAttributes条目。请注意,如果有其他属性是唯一的,那么在这种情况下,您还必须在olcUniqueURI中配置它们。例如,我也uiddisplayName是唯一的。因为我不想限制那些,这意味着:

olcUniqueURI: ldap:///?mail,uid,displayName?sub

答案 1 :(得分:0)

您可以使用以下内容配置/etc/postfix/ldap-aliases.cf之类的地图:

server_host = ldap.example.com
search_base = ou=users,ou=developers,o=orga,dc=domain,dc=com

# look for entries with this
query_filter = (|(uid=%s)(mailacceptinggeneralid=%s)(mail=%s@domain.com))

# what attribute from the search result is returned
result_attribute = mail

# the format in which the result is returned
result_format = %s

使用这种配置,您不需要特定的分支来配置电子邮件帐户。