On Tue, Aug 31, 2010 at 04:49:41PM +0400, Nikolay Shopik wrote:
> Hello,
>
> Is there way to set ldap filter after recursion? By default postfix will
> set filter to (objectclass=*) to query every member of group. Basically I
> would like not include some members of group (account disabled for
> example).
No, there is no support for filtering group members, beyond presense or
absense of the result_attribute (or leaf_result_attribute, ...). Group
members that lack any result_attributes are ignored. Perhaps you can
arrange to use a (mail-address-valued) result attribute that is only
present in the desired group members. Otherwise,
Postfix also has support for "dynamic groups" (groups whose member objects
are LDAP URIs that represent queries to retrieve the real member objects).
You may be able to make use of those.
See LDAP_README and ldap_table(5). Anything not described there is not
implemented.
--
Viktor.
