Re: qmailgroup - memberUid

Daniel Wedewardt Thu, 12 Jun 2008 02:09:50 -0700

Hello @all,

Thanks for your replies, but the problem still exist.


In short: We want to make use of the field memberUid, 
which is not part of the qmail schema.  Apparently, we 
only can use a full DN as value in this field. 
But for other purposes, the field only works with a "uid". 

Wen don't want to use the field rfc822member in the groups, 
because this contains the email addresses themselves (which 
is harder to maintain). 

Is it possible to solve this isse? 

Details: 

We are using qmail-ldap-1.03-20060201 in a productive 
environment. 
The group entry testgroup is also member of posixGroup: 

$ ldapsearch -xW -b .... uid=testgroup 

dn: cn=testgroup,ou=Groups,dc=.... 
objectClass: top 
objectClass: qmailUser 
objectClass: qmailGroup 
objectClass: posixGroup 
cn: testgroup 
uid: testgroup 
qmailGID: 999 
qmailUID: 999 
gidNumber: 1111 
mailMessageStore: /var/spool/mail/testgroup 
mail: [EMAIL PROTECTED] 
mailAlternateAddress: [EMAIL PROTECTED] 
memberUid: uid=mein.name,ou=systemuser,ou=People,dc=.... 


that is, memberUid is not in the qmail schema.  Interestingly
qmail-group 
can resolve this anyway, if the field contains a full DN. 
Here the slapd log when a mail is delivered: 

testgroup is searched: 

Jun 11 17:20:12 maildir01 slapd[28907]: conn=31944 op=1 SRCH
base="dc=native-instruments,dc=de" scope=2 deref=0 

filter="(|([EMAIL PROTECTED])([EMAIL PROTECTED]))" 
Jun 11 17:20:12 maildir01 slapd[28907]: conn=31944 op=1 SRCH attr=uid
qmailUID qmailGID accountStatus mailHost 
                mailMessageStore nohomeDirectory mailQuotaSize
mailQuotaCount mailForwardingAddress deliveryProgramPath 
                deliveryMode mailReplyText qmailDotMode mailSizeMax
objectClass 
Jun 11 17:20:12 maildir01 slapd[28907]: conn=31944 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text= 

Jun 11 17:20:12 maildir01 slapd[28907]: conn=31945 op=1 SRCH
base="cn=testgroup,ou=Groups,dc=native-instruments,dc=de" 
                scope=0 deref=0 filter="(objectClass=*)" 
Jun 11 17:20:12 maildir01 slapd[28907]: conn=31945 op=1 SRCH
attr=senderconfirm membersonly confirmtext moderatortext 
                dnmoderator rfc822moderator memberUid rfc822member
filtermember dnsender rfc822sender filtersender bounceadmin 
Jun 11 17:20:12 maildir01 slapd[28907]: conn=31945 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text= 

it currently contains one entry, mein.name: 

Jun 11 17:20:12 maildir01 slapd[28907]: conn=31947 op=1 SRCH
base="uid=mein.name,ou=systemuser,ou=People,dc=native-instruments,dc=de" 
                scope=0 deref=0 filter="(objectClass=*)" 
Jun 11 17:20:12 maildir01 slapd[28907]: conn=31947 op=1 SRCH attr=mail 
Jun 11 17:20:12 maildir01 slapd[28907]: conn=31947 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text= 

Jun 11 17:20:12 maildir01 slapd[28907]: conn=31948 op=1 SRCH
base="dc=native-instruments,dc=de" scope=2 deref=0 

filter="(|([EMAIL PROTECTED])([EMAIL PROTECTED]))" 
Jun 11 17:20:12 maildir01 slapd[28907]: conn=31948 op=1 SRCH attr=uid
qmailUID qmailGID accountStatus mailHost mailMessageStore 
                nohomeDirectory mailQuotaSize mailQuotaCount
mailForwardingAddress deliveryProgramPath deliveryMode mailReplyText 
                qmailDotMode mailSizeMax objectClass 
Jun 11 17:20:12 maildir01 slapd[28907]: conn=31948 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text= 


It might be working by coincidence, because the memberUid is used as
base? 
qmail-ldaplookup doesn't help when debugging, because it seems to
ignore 
memberUid completely. 

Now - if memberUid is changed from
uid=mein.name,ou=systemuser,ou=People,dc=.... 
to uid=mein.name, the result is emtpy (because this uid was not used as
filter?) 


Jun 11 17:24:45 maildir01 slapd[28907]: conn=32152 op=1 SRCH
base="uid=mein.name" scope=0 deref=0 filter="(objectClass=*)" 
Jun 11 17:24:45 maildir01 slapd[28907]: conn=32152 op=1 SRCH attr=mail 
Jun 11 17:24:45 maildir01 slapd[28907]: conn=32152 op=1 SEARCH RESULT
tag=101 err=32 nentries=0 text= 
Jun 11 17:24:45 maildir01 slapd[28907]: conn=32152 op=2 UNBIND 

If filtermember is set, this is used in a separate search and not
combined 
in an appropriate way.  (and this yields all qmailUsers) 

slapd log: 

Jun 11 17:46:12 maildir01 slapd[28907]: conn=33181 op=1 SRCH
base="uid=mein.name" scope=0 deref=0 filter="(objectClass=*)" 
Jun 11 17:46:12 maildir01 slapd[28907]: conn=33181 op=1 SRCH attr=mail 
Jun 11 17:46:12 maildir01 slapd[28907]: conn=33181 op=1 SEARCH RESULT
tag=101 err=32 nentries=0 text= 

Jun 11 17:46:12 maildir01 slapd[28907]: conn=33181 op=2 SRCH
base="dc=native-instruments,dc=de" scope=2 deref=0
filter="(&(objectClass=qmailUser)(uid=*))" 
Jun 11 17:46:12 maildir01 slapd[28907]: conn=33181 op=2 SRCH attr=mail 
Jun 11 17:46:12 maildir01 slapd[28907]: conn=33181 op=2 SEARCH RESULT
tag=101 err=0 nentries=1415 text= 

for the sake of completeness: no more lookups occur, 
that is, qmail doesn't deliver to mein.name: 

2008-06-11 17:46:12.189839500 starting delivery 462611: msg 234883259 to
local [EMAIL PROTECTED] 
2008-06-11 17:46:12.189846500 status: local 1/100 remote 0/100 
2008-06-11 17:46:12.284352500 delivery 462611: deferral:
qmail-group:_fatal:_expand_group_attr:_filtermember:_too_many_objects/ 
2008-06-11 17:46:12.284360500 status: local 0/100 remote 0/100 

Best 


Daniel

Re: qmailgroup - memberUid

Reply via email to