OpenLDAP 如何确保两个子树中邮件字段的唯一性,同时允许跨子树重复?
OpenLDAP how to ensure uniqueness of the mail field within two subtrees while allowing duplicates across the subtrees?
我正在使用 OpenLDAP 并将我的用户存储在 ou=users,ou=developers,o=orga,dc=domain,dc=com
下
每个用户都有一个 mail 属性,供使用 LDAP 进行身份验证的应用程序使用。
我还有一个配置为使用 ldap 的 postfix 邮件服务器。我将我的电子邮件存储在 dc=mailAccount,dc=domain.com,dc=mail,dc=domain,dc=com
下
我现在无法在我的用户中设置真实的电子邮件,因为电子邮件的 cn 是唯一的。
Attribute value would not be unique
This update has been or will be cancelled, it would result in an attribute value not being unique. You might like to search the LDAP server for the offending entry.
我正在存储电子邮件 dn,但现在我加载了错误的电子邮件,并且在我的大多数应用程序(如 Gitlab)中可见:
Email: mail=me@domain.com,dc=mailaccount,dc=domain.com,dc=mail,dc=domain,dc=com
我认为可以将邮件服务器帐户和用户存储在我的 ldap 的不同部分。
我只能在 phpLDAPadmin 中导入 *.ldif 文件来编辑条目和配置,我不知道这个的语法。
编辑
这是我的后缀配置:
ldap-aliases.cf
server_host = ldap://virtual.domain.com
server_port = 389
search_base = dc=mail,dc=domain,dc=com
query_filter = (&(objectClass=CourierMailAlias) (mail=%s))
result_attribute = maildrop
bind = yes
bind_dn = cn=readonly,dc=domain,dc=com
bind_pw = 123
version = 3
tls_ca_cert_file = /etc/postfix/ssl/cacert.pem
tls_cert = /etc/postfix/ssl/mail.domain.com-full.pem
tls_key = /etc/postfix/ssl/mail.domain.com-key.pem
ldap-accounts.cf
server_host = ldap://virtual.domain.com
server_port = 389
search_base = dc=mail,dc=domain,dc=com
query_filter = (&(objectClass=CourierMailAccount)(mail=%s))
result_attribute = mailbox
bind = yes
bind_dn = cn=readonly,dc=domain,dc=com
bind_pw = 123
version = 3
tls_ca_cert_file = /etc/postfix/ssl/cacert.pem
tls_cert = /etc/postfix/ssl/mail.domain.com-full.pem
tls_key = /etc/postfix/ssl/mail.domain.com-key.pem
ldap-domain.cf
server_host = ldap://virtual.domain.com
server_port = 389
search_base = dc=mail,dc=domain,dc=com
query_filter = (&(description=virtualDomain)(dc=%s))
result_attribute = dc
bind = yes
bind_dn = cn=readonly,dc=domain,dc=com
bind_pw = 123
version = 3
tls_ca_cert_file = /etc/postfix/ssl/cacert.pem
tls_cert = /etc/postfix/ssl/mail.domain.com-full.pem
tls_key = /etc/postfix/ssl/mail.domain.com-key.pem
这是整棵树的导出
dc=domain,dc=com 的 LDIF 导出
# Server: ldap.service.domain-ovh.consul (ldap.service.domain-ovh.consul)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 74
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on June 14, 2017 9:48 pm
# Version: 1.2.3
version: 1
# Entry 1: dc=domain,dc=com
dn: dc=domain,dc=com
dc: domain
o: vdm Ltd
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 2: cn=admin,dc=domain,dc=com
dn: cn=admin,dc=domain,dc=com
cn: admin
description: LDAP administrator
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword: {SSHA}123456789123456789123456789
# Entry 3: cn=readonly,dc=domain,dc=com
dn: cn=readonly,dc=domain,dc=com
cn: readonly
description: LDAP read only user
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword: {SSHA}123456789123456789123456789
# Entry 4: cn=readonlypw,dc=domain,dc=com
dn: cn=readonlypw,dc=domain,dc=com
cn: readonlypw
description: LDAP read only user with password
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword: {SSHA}123456789123456789123456789
# Entry 5: dc=mail,dc=domain,dc=com
dn: dc=mail,dc=domain,dc=com
dc: mail
o: mail
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 6: dc=domain.com,dc=mail,dc=domain,dc=com
dn: dc=domain.com,dc=mail,dc=domain,dc=com
dc: domain.com
description: virtualDomain
o: domain.com
objectclass: top
objectclass: dcObject
objectclass: organization
userpassword: {SSHA}123456789123456789123456789
# Entry 7: dc=mailAccount,dc=domain.com,dc=mail,dc=domain,dc=com
dn: dc=mailAccount,dc=domain.com,dc=mail,dc=domain,dc=com
dc: mailAccount
o: mailAccount
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 8: mail=Tom.Joseph@domain.com,dc=mailAccount,dc=domain...
dn: mail=Tom.Joseph@domain.com,dc=mailAccount,dc=domain.com,dc=ma
il,dc=domain,dc=com
cn: Tom.Joseph@domain.com
displayname: Tom Joseph
givenname: Tom
homedirectory: /var/mail
mail: Tom.Joseph@domain.com
mailbox: domain.com/Tom.Joseph/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Joseph
userpassword: {SSHA}123456789123456789123456789
# Entry 9: mail=tom.soyer@domain.com,dc=mailAccount,dc=domain...
dn: mail=tom.soyer@domain.com,dc=mailAccount,dc=domain.com,dc=
mail,dc=domain,dc=com
cn: tom.soyer@domain.com
displayname: tom.soyer
givenname: Tom
homedirectory: /var/mail
mail: tom.soyer@domain.com
mailbox: domain.com/tom.soyer/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Soyer
userpassword: {SSHA}123456789123456789123456789
# Entry 10: mail=john.woe@domain.com,dc=mailAccount,dc=domain...
dn: mail=john.woe@domain.com,dc=mailAccount,dc=domain.com,dc=
mail,dc=domain,dc=com
cn: john.woe@domain.com
displayname: john.woe
givenname: Mat
homedirectory: /var/mail
mail: john.woe@domain.com
mailbox: domain.com/john.woe/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Voltaire
userpassword: {SSHA}123456789123456789123456789
# Entry 11: mail=git@domain.com,dc=mailAccount,dc=domain.com,dc=m...
dn: mail=git@domain.com,dc=mailAccount,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: git@domain.com
displayname: gitlab
givenname: gitlab
homedirectory: /var/mail
mail: git@domain.com
mailbox: domain.com/git/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Email
userpassword: {SSHA}123456789123456789123456789+DowTdRhEhkqVAwASugKp
# Entry 12: mail=no-reply@domain.com,dc=mailAccount,dc=domain.com...
dn: mail=no-reply@domain.com,dc=mailAccount,dc=domain.com,dc=mail,dc
=domain,dc=com
cn: no-reply@domain.com
displayname: no-reply
givenname: no-reply
homedirectory: /var/mail
mail: no-reply@domain.com
mailbox: domain.com/no-reply/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: no-reply
userpassword: {SSHA}123456789123456789123456789
# Entry 13: mail=relay@domain.com,dc=mailAccount,dc=domain.com,dc...
dn: mail=relay@domain.com,dc=mailAccount,dc=domain.com,dc=mail,dc=ko
paxgroup,dc=com
cn: relay@domain.com
displayname: relay
givenname: relay
homedirectory: /var/mail
mail: relay@domain.com
mailbox: domain.com/relay/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: relay
userpassword: {SSHA}123456789123456789123456789
# Entry 14: mail=test@domain.com,dc=mailAccount,dc=domain.com,dc=...
dn: mail=test@domain.com,dc=mailAccount,dc=domain.com,dc=mail,dc=kop
axgroup,dc=com
cn: test@domain.com
displayname: Dev Email
givenname: Dev
homedirectory: /var/mail
mail: test@domain.com
mailbox: domain.com/test/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Email
userpassword: {SSHA}123456789123456789123456789
# Entry 15: dc=mailAlias,dc=domain.com,dc=mail,dc=domain,dc=com
dn: dc=mailAlias,dc=domain.com,dc=mail,dc=domain,dc=com
dc: mailAlias
o: mailAlias
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 16: mail=accounting@domain.com,dc=mailAlias,dc=domain.com...
dn: mail=accounting@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc
=domain,dc=com
cn: accounting@domain.com
displayname: Everybody
mail: accounting@domain.com
maildrop: sbg@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: accounting
# Entry 17: mail=vdm@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=vdm@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: vdm@domain.com
displayname: Tom Joseph
givenname: Tom
mail: vdm@domain.com
maildrop: Tom.Joseph@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Joseph
# Entry 18: mail=tsr@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=tsr@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: tsr@domain.com
displayname: tom.soyer
givenname: Sofiane
mail: tsr@domain.com
maildrop: tom.soyer@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Soyer
# Entry 19: mail=all@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=all@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: all@domain.com
displayname: Everybody
mail: all@domain.com
maildrop: sbg@domain.com tsr@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Everybody
# Entry 20: mail=board@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=board@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: board@domain.com
displayname: Board
mail: board@domain.com
maildrop: sbg@domain.com tsr@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Board
# Entry 21: mail=dev@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=dev@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: dev@domain.com
displayname: Developers
mail: dev@domain.com
maildrop: sbg@domain.com tsr@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Developers
# Entry 22: mail=sbg@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=sbg@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: sbg@domain.com
displayname: john.woe
givenname: Mat
mail: sbg@domain.com
maildrop: john.woe@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Voltaire
# Entry 23: mail=hongkong@domain.com,dc=mailAlias,dc=domain.com,d...
dn: mail=hongkong@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=k
opaxgroup,dc=com
cn: hongkong@domain.com
displayname: Hong-Kong Offices
mail: hongkong@domain.com
maildrop: sbg@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Hong-Kong Offices
# Entry 24: mail=job@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=job@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: job@domain.com
displayname: Jobs
mail: job@domain.com
maildrop: sbg@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Jobs
# Entry 25: mail=media@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=media@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: media@domain.com
displayname: Jobs
mail: media@domain.com
maildrop: sbg@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Jobs
# Entry 26: mail=postmaster@domain.com,dc=mailAlias,dc=domain.com...
dn: mail=postmaster@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc
=domain,dc=com
cn: postmaster@domain.com
displayname: postmaster
mail: postmaster@domain.com
maildrop: sbg@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: postmaster
# Entry 27: mail=social@domain.com,dc=mailAlias,dc=domain.com,dc=...
dn: mail=social@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kop
axgroup,dc=com
cn: social@domain.com
displayname: Social
mail: social@domain.com
maildrop: sbg@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Social
# Entry 28: mail=test1@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=test1@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: test1@domain.com
displayname: Test Email
mail: test1@domain.com
maildrop: test@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Test Email
# Entry 29: mail=test2@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=test2@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: test2@domain.com
displayname: Test Email
mail: test2@domain.com
maildrop: test@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Test Email
# Entry 30: mail=test3@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=test3@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: test3@domain.com
displayname: Test Email
mail: test3@domain.com
maildrop: test@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Test Email
# Entry 31: mail=vietnamese@domain.com,dc=mailAlias,dc=domain.com...
dn: mail=vietnamese@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc
=domain,dc=com
cn: vietnamese@domain.com
displayname: Social
mail: vietnamese@domain.com
maildrop: sbg@domain.com vdm@domain.com tsr@domain.com debbiemcl
ean86@gmail.com d.Voltaire@gmail.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Social
# Entry 32: o=vdm,dc=domain,dc=com
dn: o=vdm,dc=domain,dc=com
o: vdm Ltd
o: vdm
objectclass: top
objectclass: organization
# Entry 33: ou=administrations,o=vdm,dc=domain,dc=com
dn: ou=administrations,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: administrations
# Entry 34: ou=groups,ou=administrations,o=vdm,dc=domain,dc=com
dn: ou=groups,ou=administrations,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
# Entry 35: cn=odoo_users,ou=groups,ou=administrations,o=vdm,dc=domain...
dn: cn=odoo_users,ou=groups,ou=administrations,o=vdm,dc=domain,dc=com
cn: odoo_users
description: Users allowed to login to odoo.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 36: ou=users,ou=administrations,o=vdm,dc=domain,dc=com
dn: ou=users,ou=administrations,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users
# Entry 37: ou=developers,o=vdm,dc=domain,dc=com
dn: ou=developers,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: developers
# Entry 38: ou=groups,ou=developers,o=vdm,dc=domain,dc=com
dn: ou=groups,ou=developers,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
# Entry 39: cn=git_users,ou=groups,ou=developers,o=vdm,dc=domain,dc...
dn: cn=git_users,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Git Users
cn: git_users
description: Users allowed to login to git.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 40: cn=jenkins_admins,ou=groups,ou=developers,o=vdm,dc=domaino...
dn: cn=jenkins_admins,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Jenkins Administrators
cn: jenkins_admins
description: Staff members allowed to administrate to jenkins build system
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 41: cn=jenkins_users,ou=groups,ou=developers,o=vdm,dc=domainou...
dn: cn=jenkins_users,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Jenkins Users
cn: jenkins_users
description: Staff members allowed to login to jenkins build system
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 42: cn=private_users,ou=groups,ou=developers,o=vdm,dc=domainou...
dn: cn=private_users,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Private git users
cn: private_users
description: Users allowed to login to the private git
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 43: ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain,dc=com...
dn: ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
objectclass: organizationalUnit
objectclass: top
ou: sonar
# Entry 44: cn=api-administrators,ou=sonar,ou=groups,ou=developers,o=kopa...
dn: cn=api-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=vdmg
roup,dc=com
cn: api-administrators
description: administrators of domain/api
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 45: cn=api-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc...
dn: cn=api-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain
,dc=com
cn: api-developers
description: developers of domain/api
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 46: cn=backoffice-administrators,ou=sonar,ou=groups,ou=developers...
dn: cn=backoffice-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc
=domain,dc=com
cn: backoffice-administrators
description: administrators of domain/backoffice
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 47: cn=backoffice-developers,ou=sonar,ou=groups,ou=developers,o=k...
dn: cn=backoffice-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=kop
axgroup,dc=com
cn: backoffice-developers
description: developers of domain/backoffice
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 48: cn=bootstrap-styled-administrators,ou=sonar,ou=groups,ou=deve...
dn: cn=bootstrap-styled-administrators,ou=sonar,ou=groups,ou=developers,o=ko
pax,dc=domain,dc=com
cn: bootstrap-styled-administrators
description: administrators of bootstrap-styled
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 49: cn=bootstrap-styled-developers,ou=sonar,ou=groups,ou=develope...
dn: cn=bootstrap-styled-developers,ou=sonar,ou=groups,ou=developers,o=vdm,
dc=domain,dc=com
cn: bootstrap-styled-developers
description: developers of bootstrap-styled
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 50: cn=dev-tools-administrators,ou=sonar,ou=groups,ou=developers,...
dn: cn=dev-tools-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=
domain,dc=com
cn: dev-tools-administrators
description: administrators of module/devtools/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 51: cn=dev-tools-developers,ou=sonar,ou=groups,ou=developers,o=ko...
dn: cn=dev-tools-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=kopa
xgroup,dc=com
cn: dev-tools-developers
description: developers of module/devtools/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 52: cn=java-api-administrators,ou=sonar,ou=groups,ou=developers,o...
dn: cn=java-api-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=k
opaxgroup,dc=com
cn: java-api-administrators
description: administrators of git/java-api/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 53: cn=java-api-developers,ou=sonar,ou=groups,ou=developers,o=kop...
dn: cn=java-api-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=vdm
group,dc=com
cn: java-api-developers
description: developers of git/java-api/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 54: cn=quality-gates-administrators,ou=sonar,ou=groups,ou=develop...
dn: cn=quality-gates-administrators,ou=sonar,ou=groups,ou=developers,o=vdm
,dc=domain,dc=com
cn: quality-gates-administrators
description: quality-gates administrators
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 55: cn=quality-profiles-administrators,ou=sonar,ou=groups,ou=deve...
dn: cn=quality-profiles-administrators,ou=sonar,ou=groups,ou=developers,o=ko
pax,dc=domain,dc=com
cn: quality-profiles-administrators
description: quality-profiles administrators
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 56: cn=redstar-administrators,ou=sonar,ou=groups,ou=developers,o=...
dn: cn=redstar-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=ko
paxgroup,dc=com
cn: redstar-administrators
description: administrators of redstar/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 57: cn=redstar-developers,ou=sonar,ou=groups,ou=developers,o=kopa...
dn: cn=redstar-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=vdmg
roup,dc=com
cn: redstar-developers
description: developers of redstar/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 58: cn=sonar-administrators,ou=sonar,ou=groups,ou=developers,o=ko...
dn: cn=sonar-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=kopa
xgroup,dc=com
cn: sonar-administrators
description: Administrators of https://sonarqube.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 59: cn=sonar-users,ou=sonar,ou=groups,ou=developers,o=vdm,dc=ko...
dn: cn=sonar-users,ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain,dc
=com
cn: sonar-users
description: Users of https://sonarqube.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 60: ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: ou=users,ou=developers,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users
# Entry 61: c=FR,ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: c=FR,ou=users,ou=developers,o=vdm,dc=domain,dc=com
c: FR
description: France officies
objectclass: country
objectclass: top
# Entry 62: c=HK,ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: c=HK,ou=users,ou=developers,o=vdm,dc=domain,dc=com
c: HK
description: Hong-Kong officies
objectclass: country
objectclass: top
# Entry 63: c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=com
c: VN
description: Vietnam officies
objectclass: country
objectclass: top
# Entry 64: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=...
dn: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=com
cn: john.woe
employeetype: developer
gecos: john.woe
gidnumber: 14564101
givenname: Mat
homedirectory: /home/sbg
loginshell: /bin/bash
mail: mail=john.woe@domain.com,dc=mailAccount,dc=domain.com,d
c=mail,dc=domain,dc=com
objectclass: top
objectclass: posixAccount
objectclass: inetOrgPerson
sn: Voltaire
uid: sbg
uidnumber: 14583102
userpassword: {SSHA}123456789123456789123456789
# Entry 65: ou=school,o=vdm,dc=domain,dc=com
dn: ou=school,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: school
# Entry 66: ou=groups,ou=school,o=vdm,dc=domain,dc=com
dn: ou=groups,ou=school,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
# Entry 67: cn=module_users,ou=groups,ou=school,o=vdm,dc=domain,dc=...
dn: cn=module_users,ou=groups,ou=school,o=vdm,dc=domain,dc=com
cn: School git users
cn: module_users
description: Users allowed to login to module.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 68: cn=school_users,ou=groups,ou=school,o=vdm,dc=domain,dc=...
dn: cn=school_users,ou=groups,ou=school,o=vdm,dc=domain,dc=com
cn: School git users
cn: school_users
description: Users allowed to login to school.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 69: ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: ou=users,ou=school,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users
# Entry 70: c=FR,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: c=FR,ou=users,ou=school,o=vdm,dc=domain,dc=com
c: FR
description: France officies
objectclass: country
objectclass: top
# Entry 71: c=HK,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: c=HK,ou=users,ou=school,o=vdm,dc=domain,dc=com
c: HK
description: Hong-Kong officies
objectclass: country
objectclass: top
# Entry 72: c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
c: VN
description: Vietnam officies
objectclass: country
objectclass: top
# Entry 73: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
cn: Tom Joseph
employeetype: developer
gecos: Tom Joseph
gidnumber: 14564103
givenname: Tom
homedirectory: /home/vdm
loginshell: /bin/bash
mail: mail=Tom.Joseph@domain.com,dc=mailAccount,dc=domain.com,dc=
mail,dc=domain,dc=com
objectclass: top
objectclass: posixAccount
objectclass: inetOrgPerson
sn: Joseph
uid: vdm
uidnumber: 14583104
userpassword: {SSHA}123456789123456789123456789+eiWwf9KTr4A+79CjyqY5/okZsL2Ke1
# Entry 74: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
cn: tom.soyer
employeetype: developer
gecos: tom.soyer
gidnumber: 14564103
homedirectory: /home/tsr
loginshell: /bin/bash
mail: mail=tom.soyer@domain.com,dc=mailAccount,dc=domain.com,d
c=mail,dc=domain,dc=com
objectclass: top
objectclass: posixAccount
objectclass: inetOrgPerson
sn: Soyer
uid: tsr
uidnumber: 14583104
userpassword: {SSHA}123456789123456789123456789
您可以配置像 /etc/postfix/ldap-aliases.cf 这样的地图:
server_host = ldap.example.com
search_base = ou=users,ou=developers,o=orga,dc=domain,dc=com
# look for entries with this
query_filter = (|(uid=%s)(mailacceptinggeneralid=%s)(mail=%s@domain.com))
# what attribute from the search result is returned
result_attribute = mail
# the format in which the result is returned
result_format = %s
使用这种配置,您不需要特定的分支来配置电子邮件帐户。
这与 cn 无关。
这是因为您的 unique 覆盖配置错误,或者配置不够好。您可能正在使用旧的 unique_attributes 条目,或者您可能只有一个 unique_uri 条目。
您应该使用 多个 unique_uri 条目来定义 mail 属性在 dc=mailAccount,dc=domain.com,dc=mail,dc=com 下必须是唯一的,并且再次单独地在ou=users,ou=school,o=vdm,dc=domain,dc=com,也许在 dc=mailAlias,... 下,无论您需要什么。
编辑 类似于:
unique_uri=ldap:///dc=mailAccount,dc=domain.com,dc=mail,dc=com?mail?sub ldap:///ou=users,ou=school,o=vdm,dc=domain,dc=com?mail?sub
也许
ldap:///dc=mailAlias,dc=domain.com,dc=mail,dc=domain,dc=com?mail?sub
或者当然 olcUniqueURI: 而不是 unique_uri= 如果你使用的是在线配置,你应该这样做。
并且不要忘记删除旧的 unique_attributes 或 olcUniqueAttributes 条目。请注意它是什么,以防其他属性被设置为唯一,在这种情况下,您还必须在 olcUniqueURI 中配置它们。例如,我也有 uid 和 displayName 作为唯一。由于我不想确定这些范围,这意味着:
olcUniqueURI: ldap:///?mail,uid,displayName?sub
我正在使用 OpenLDAP 并将我的用户存储在 ou=users,ou=developers,o=orga,dc=domain,dc=com
每个用户都有一个 mail 属性,供使用 LDAP 进行身份验证的应用程序使用。
我还有一个配置为使用 ldap 的 postfix 邮件服务器。我将我的电子邮件存储在 dc=mailAccount,dc=domain.com,dc=mail,dc=domain,dc=com
我现在无法在我的用户中设置真实的电子邮件,因为电子邮件的 cn 是唯一的。
Attribute value would not be unique
This update has been or will be cancelled, it would result in an attribute value not being unique. You might like to search the LDAP server for the offending entry.
我正在存储电子邮件 dn,但现在我加载了错误的电子邮件,并且在我的大多数应用程序(如 Gitlab)中可见:
Email: mail=me@domain.com,dc=mailaccount,dc=domain.com,dc=mail,dc=domain,dc=com
我认为可以将邮件服务器帐户和用户存储在我的 ldap 的不同部分。
我只能在 phpLDAPadmin 中导入 *.ldif 文件来编辑条目和配置,我不知道这个的语法。
编辑
这是我的后缀配置:
ldap-aliases.cf
server_host = ldap://virtual.domain.com
server_port = 389
search_base = dc=mail,dc=domain,dc=com
query_filter = (&(objectClass=CourierMailAlias) (mail=%s))
result_attribute = maildrop
bind = yes
bind_dn = cn=readonly,dc=domain,dc=com
bind_pw = 123
version = 3
tls_ca_cert_file = /etc/postfix/ssl/cacert.pem
tls_cert = /etc/postfix/ssl/mail.domain.com-full.pem
tls_key = /etc/postfix/ssl/mail.domain.com-key.pem
ldap-accounts.cf
server_host = ldap://virtual.domain.com
server_port = 389
search_base = dc=mail,dc=domain,dc=com
query_filter = (&(objectClass=CourierMailAccount)(mail=%s))
result_attribute = mailbox
bind = yes
bind_dn = cn=readonly,dc=domain,dc=com
bind_pw = 123
version = 3
tls_ca_cert_file = /etc/postfix/ssl/cacert.pem
tls_cert = /etc/postfix/ssl/mail.domain.com-full.pem
tls_key = /etc/postfix/ssl/mail.domain.com-key.pem
ldap-domain.cf
server_host = ldap://virtual.domain.com
server_port = 389
search_base = dc=mail,dc=domain,dc=com
query_filter = (&(description=virtualDomain)(dc=%s))
result_attribute = dc
bind = yes
bind_dn = cn=readonly,dc=domain,dc=com
bind_pw = 123
version = 3
tls_ca_cert_file = /etc/postfix/ssl/cacert.pem
tls_cert = /etc/postfix/ssl/mail.domain.com-full.pem
tls_key = /etc/postfix/ssl/mail.domain.com-key.pem
这是整棵树的导出
dc=domain,dc=com 的 LDIF 导出
# Server: ldap.service.domain-ovh.consul (ldap.service.domain-ovh.consul)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 74
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on June 14, 2017 9:48 pm
# Version: 1.2.3
version: 1
# Entry 1: dc=domain,dc=com
dn: dc=domain,dc=com
dc: domain
o: vdm Ltd
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 2: cn=admin,dc=domain,dc=com
dn: cn=admin,dc=domain,dc=com
cn: admin
description: LDAP administrator
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword: {SSHA}123456789123456789123456789
# Entry 3: cn=readonly,dc=domain,dc=com
dn: cn=readonly,dc=domain,dc=com
cn: readonly
description: LDAP read only user
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword: {SSHA}123456789123456789123456789
# Entry 4: cn=readonlypw,dc=domain,dc=com
dn: cn=readonlypw,dc=domain,dc=com
cn: readonlypw
description: LDAP read only user with password
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword: {SSHA}123456789123456789123456789
# Entry 5: dc=mail,dc=domain,dc=com
dn: dc=mail,dc=domain,dc=com
dc: mail
o: mail
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 6: dc=domain.com,dc=mail,dc=domain,dc=com
dn: dc=domain.com,dc=mail,dc=domain,dc=com
dc: domain.com
description: virtualDomain
o: domain.com
objectclass: top
objectclass: dcObject
objectclass: organization
userpassword: {SSHA}123456789123456789123456789
# Entry 7: dc=mailAccount,dc=domain.com,dc=mail,dc=domain,dc=com
dn: dc=mailAccount,dc=domain.com,dc=mail,dc=domain,dc=com
dc: mailAccount
o: mailAccount
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 8: mail=Tom.Joseph@domain.com,dc=mailAccount,dc=domain...
dn: mail=Tom.Joseph@domain.com,dc=mailAccount,dc=domain.com,dc=ma
il,dc=domain,dc=com
cn: Tom.Joseph@domain.com
displayname: Tom Joseph
givenname: Tom
homedirectory: /var/mail
mail: Tom.Joseph@domain.com
mailbox: domain.com/Tom.Joseph/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Joseph
userpassword: {SSHA}123456789123456789123456789
# Entry 9: mail=tom.soyer@domain.com,dc=mailAccount,dc=domain...
dn: mail=tom.soyer@domain.com,dc=mailAccount,dc=domain.com,dc=
mail,dc=domain,dc=com
cn: tom.soyer@domain.com
displayname: tom.soyer
givenname: Tom
homedirectory: /var/mail
mail: tom.soyer@domain.com
mailbox: domain.com/tom.soyer/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Soyer
userpassword: {SSHA}123456789123456789123456789
# Entry 10: mail=john.woe@domain.com,dc=mailAccount,dc=domain...
dn: mail=john.woe@domain.com,dc=mailAccount,dc=domain.com,dc=
mail,dc=domain,dc=com
cn: john.woe@domain.com
displayname: john.woe
givenname: Mat
homedirectory: /var/mail
mail: john.woe@domain.com
mailbox: domain.com/john.woe/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Voltaire
userpassword: {SSHA}123456789123456789123456789
# Entry 11: mail=git@domain.com,dc=mailAccount,dc=domain.com,dc=m...
dn: mail=git@domain.com,dc=mailAccount,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: git@domain.com
displayname: gitlab
givenname: gitlab
homedirectory: /var/mail
mail: git@domain.com
mailbox: domain.com/git/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Email
userpassword: {SSHA}123456789123456789123456789+DowTdRhEhkqVAwASugKp
# Entry 12: mail=no-reply@domain.com,dc=mailAccount,dc=domain.com...
dn: mail=no-reply@domain.com,dc=mailAccount,dc=domain.com,dc=mail,dc
=domain,dc=com
cn: no-reply@domain.com
displayname: no-reply
givenname: no-reply
homedirectory: /var/mail
mail: no-reply@domain.com
mailbox: domain.com/no-reply/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: no-reply
userpassword: {SSHA}123456789123456789123456789
# Entry 13: mail=relay@domain.com,dc=mailAccount,dc=domain.com,dc...
dn: mail=relay@domain.com,dc=mailAccount,dc=domain.com,dc=mail,dc=ko
paxgroup,dc=com
cn: relay@domain.com
displayname: relay
givenname: relay
homedirectory: /var/mail
mail: relay@domain.com
mailbox: domain.com/relay/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: relay
userpassword: {SSHA}123456789123456789123456789
# Entry 14: mail=test@domain.com,dc=mailAccount,dc=domain.com,dc=...
dn: mail=test@domain.com,dc=mailAccount,dc=domain.com,dc=mail,dc=kop
axgroup,dc=com
cn: test@domain.com
displayname: Dev Email
givenname: Dev
homedirectory: /var/mail
mail: test@domain.com
mailbox: domain.com/test/
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAccount
sn: Email
userpassword: {SSHA}123456789123456789123456789
# Entry 15: dc=mailAlias,dc=domain.com,dc=mail,dc=domain,dc=com
dn: dc=mailAlias,dc=domain.com,dc=mail,dc=domain,dc=com
dc: mailAlias
o: mailAlias
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 16: mail=accounting@domain.com,dc=mailAlias,dc=domain.com...
dn: mail=accounting@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc
=domain,dc=com
cn: accounting@domain.com
displayname: Everybody
mail: accounting@domain.com
maildrop: sbg@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: accounting
# Entry 17: mail=vdm@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=vdm@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: vdm@domain.com
displayname: Tom Joseph
givenname: Tom
mail: vdm@domain.com
maildrop: Tom.Joseph@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Joseph
# Entry 18: mail=tsr@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=tsr@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: tsr@domain.com
displayname: tom.soyer
givenname: Sofiane
mail: tsr@domain.com
maildrop: tom.soyer@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Soyer
# Entry 19: mail=all@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=all@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: all@domain.com
displayname: Everybody
mail: all@domain.com
maildrop: sbg@domain.com tsr@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Everybody
# Entry 20: mail=board@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=board@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: board@domain.com
displayname: Board
mail: board@domain.com
maildrop: sbg@domain.com tsr@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Board
# Entry 21: mail=dev@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=dev@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: dev@domain.com
displayname: Developers
mail: dev@domain.com
maildrop: sbg@domain.com tsr@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Developers
# Entry 22: mail=sbg@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=sbg@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: sbg@domain.com
displayname: john.woe
givenname: Mat
mail: sbg@domain.com
maildrop: john.woe@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Voltaire
# Entry 23: mail=hongkong@domain.com,dc=mailAlias,dc=domain.com,d...
dn: mail=hongkong@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=k
opaxgroup,dc=com
cn: hongkong@domain.com
displayname: Hong-Kong Offices
mail: hongkong@domain.com
maildrop: sbg@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Hong-Kong Offices
# Entry 24: mail=job@domain.com,dc=mailAlias,dc=domain.com,dc=mai...
dn: mail=job@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=vdmg
roup,dc=com
cn: job@domain.com
displayname: Jobs
mail: job@domain.com
maildrop: sbg@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Jobs
# Entry 25: mail=media@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=media@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: media@domain.com
displayname: Jobs
mail: media@domain.com
maildrop: sbg@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Jobs
# Entry 26: mail=postmaster@domain.com,dc=mailAlias,dc=domain.com...
dn: mail=postmaster@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc
=domain,dc=com
cn: postmaster@domain.com
displayname: postmaster
mail: postmaster@domain.com
maildrop: sbg@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: postmaster
# Entry 27: mail=social@domain.com,dc=mailAlias,dc=domain.com,dc=...
dn: mail=social@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kop
axgroup,dc=com
cn: social@domain.com
displayname: Social
mail: social@domain.com
maildrop: sbg@domain.com vdm@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Social
# Entry 28: mail=test1@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=test1@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: test1@domain.com
displayname: Test Email
mail: test1@domain.com
maildrop: test@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Test Email
# Entry 29: mail=test2@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=test2@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: test2@domain.com
displayname: Test Email
mail: test2@domain.com
maildrop: test@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Test Email
# Entry 30: mail=test3@domain.com,dc=mailAlias,dc=domain.com,dc=m...
dn: mail=test3@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc=kopa
xgroup,dc=com
cn: test3@domain.com
displayname: Test Email
mail: test3@domain.com
maildrop: test@domain.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Test Email
# Entry 31: mail=vietnamese@domain.com,dc=mailAlias,dc=domain.com...
dn: mail=vietnamese@domain.com,dc=mailAlias,dc=domain.com,dc=mail,dc
=domain,dc=com
cn: vietnamese@domain.com
displayname: Social
mail: vietnamese@domain.com
maildrop: sbg@domain.com vdm@domain.com tsr@domain.com debbiemcl
ean86@gmail.com d.Voltaire@gmail.com
objectclass: top
objectclass: inetOrgPerson
objectclass: CourierMailAlias
sn: Social
# Entry 32: o=vdm,dc=domain,dc=com
dn: o=vdm,dc=domain,dc=com
o: vdm Ltd
o: vdm
objectclass: top
objectclass: organization
# Entry 33: ou=administrations,o=vdm,dc=domain,dc=com
dn: ou=administrations,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: administrations
# Entry 34: ou=groups,ou=administrations,o=vdm,dc=domain,dc=com
dn: ou=groups,ou=administrations,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
# Entry 35: cn=odoo_users,ou=groups,ou=administrations,o=vdm,dc=domain...
dn: cn=odoo_users,ou=groups,ou=administrations,o=vdm,dc=domain,dc=com
cn: odoo_users
description: Users allowed to login to odoo.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 36: ou=users,ou=administrations,o=vdm,dc=domain,dc=com
dn: ou=users,ou=administrations,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users
# Entry 37: ou=developers,o=vdm,dc=domain,dc=com
dn: ou=developers,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: developers
# Entry 38: ou=groups,ou=developers,o=vdm,dc=domain,dc=com
dn: ou=groups,ou=developers,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
# Entry 39: cn=git_users,ou=groups,ou=developers,o=vdm,dc=domain,dc...
dn: cn=git_users,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Git Users
cn: git_users
description: Users allowed to login to git.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 40: cn=jenkins_admins,ou=groups,ou=developers,o=vdm,dc=domaino...
dn: cn=jenkins_admins,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Jenkins Administrators
cn: jenkins_admins
description: Staff members allowed to administrate to jenkins build system
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 41: cn=jenkins_users,ou=groups,ou=developers,o=vdm,dc=domainou...
dn: cn=jenkins_users,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Jenkins Users
cn: jenkins_users
description: Staff members allowed to login to jenkins build system
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 42: cn=private_users,ou=groups,ou=developers,o=vdm,dc=domainou...
dn: cn=private_users,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
cn: Private git users
cn: private_users
description: Users allowed to login to the private git
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 43: ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain,dc=com...
dn: ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain,dc=com
objectclass: organizationalUnit
objectclass: top
ou: sonar
# Entry 44: cn=api-administrators,ou=sonar,ou=groups,ou=developers,o=kopa...
dn: cn=api-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=vdmg
roup,dc=com
cn: api-administrators
description: administrators of domain/api
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 45: cn=api-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc...
dn: cn=api-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain
,dc=com
cn: api-developers
description: developers of domain/api
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 46: cn=backoffice-administrators,ou=sonar,ou=groups,ou=developers...
dn: cn=backoffice-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc
=domain,dc=com
cn: backoffice-administrators
description: administrators of domain/backoffice
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 47: cn=backoffice-developers,ou=sonar,ou=groups,ou=developers,o=k...
dn: cn=backoffice-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=kop
axgroup,dc=com
cn: backoffice-developers
description: developers of domain/backoffice
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 48: cn=bootstrap-styled-administrators,ou=sonar,ou=groups,ou=deve...
dn: cn=bootstrap-styled-administrators,ou=sonar,ou=groups,ou=developers,o=ko
pax,dc=domain,dc=com
cn: bootstrap-styled-administrators
description: administrators of bootstrap-styled
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 49: cn=bootstrap-styled-developers,ou=sonar,ou=groups,ou=develope...
dn: cn=bootstrap-styled-developers,ou=sonar,ou=groups,ou=developers,o=vdm,
dc=domain,dc=com
cn: bootstrap-styled-developers
description: developers of bootstrap-styled
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 50: cn=dev-tools-administrators,ou=sonar,ou=groups,ou=developers,...
dn: cn=dev-tools-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=
domain,dc=com
cn: dev-tools-administrators
description: administrators of module/devtools/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 51: cn=dev-tools-developers,ou=sonar,ou=groups,ou=developers,o=ko...
dn: cn=dev-tools-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=kopa
xgroup,dc=com
cn: dev-tools-developers
description: developers of module/devtools/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 52: cn=java-api-administrators,ou=sonar,ou=groups,ou=developers,o...
dn: cn=java-api-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=k
opaxgroup,dc=com
cn: java-api-administrators
description: administrators of git/java-api/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 53: cn=java-api-developers,ou=sonar,ou=groups,ou=developers,o=kop...
dn: cn=java-api-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=vdm
group,dc=com
cn: java-api-developers
description: developers of git/java-api/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 54: cn=quality-gates-administrators,ou=sonar,ou=groups,ou=develop...
dn: cn=quality-gates-administrators,ou=sonar,ou=groups,ou=developers,o=vdm
,dc=domain,dc=com
cn: quality-gates-administrators
description: quality-gates administrators
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 55: cn=quality-profiles-administrators,ou=sonar,ou=groups,ou=deve...
dn: cn=quality-profiles-administrators,ou=sonar,ou=groups,ou=developers,o=ko
pax,dc=domain,dc=com
cn: quality-profiles-administrators
description: quality-profiles administrators
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 56: cn=redstar-administrators,ou=sonar,ou=groups,ou=developers,o=...
dn: cn=redstar-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=ko
paxgroup,dc=com
cn: redstar-administrators
description: administrators of redstar/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 57: cn=redstar-developers,ou=sonar,ou=groups,ou=developers,o=kopa...
dn: cn=redstar-developers,ou=sonar,ou=groups,ou=developers,o=vdm,dc=vdmg
roup,dc=com
cn: redstar-developers
description: developers of redstar/*
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 58: cn=sonar-administrators,ou=sonar,ou=groups,ou=developers,o=ko...
dn: cn=sonar-administrators,ou=sonar,ou=groups,ou=developers,o=vdm,dc=kopa
xgroup,dc=com
cn: sonar-administrators
description: Administrators of https://sonarqube.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
# Entry 59: cn=sonar-users,ou=sonar,ou=groups,ou=developers,o=vdm,dc=ko...
dn: cn=sonar-users,ou=sonar,ou=groups,ou=developers,o=vdm,dc=domain,dc
=com
cn: sonar-users
description: Users of https://sonarqube.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 60: ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: ou=users,ou=developers,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users
# Entry 61: c=FR,ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: c=FR,ou=users,ou=developers,o=vdm,dc=domain,dc=com
c: FR
description: France officies
objectclass: country
objectclass: top
# Entry 62: c=HK,ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: c=HK,ou=users,ou=developers,o=vdm,dc=domain,dc=com
c: HK
description: Hong-Kong officies
objectclass: country
objectclass: top
# Entry 63: c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=com
dn: c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=com
c: VN
description: Vietnam officies
objectclass: country
objectclass: top
# Entry 64: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=...
dn: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=com
cn: john.woe
employeetype: developer
gecos: john.woe
gidnumber: 14564101
givenname: Mat
homedirectory: /home/sbg
loginshell: /bin/bash
mail: mail=john.woe@domain.com,dc=mailAccount,dc=domain.com,d
c=mail,dc=domain,dc=com
objectclass: top
objectclass: posixAccount
objectclass: inetOrgPerson
sn: Voltaire
uid: sbg
uidnumber: 14583102
userpassword: {SSHA}123456789123456789123456789
# Entry 65: ou=school,o=vdm,dc=domain,dc=com
dn: ou=school,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: school
# Entry 66: ou=groups,ou=school,o=vdm,dc=domain,dc=com
dn: ou=groups,ou=school,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups
# Entry 67: cn=module_users,ou=groups,ou=school,o=vdm,dc=domain,dc=...
dn: cn=module_users,ou=groups,ou=school,o=vdm,dc=domain,dc=com
cn: School git users
cn: module_users
description: Users allowed to login to module.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 68: cn=school_users,ou=groups,ou=school,o=vdm,dc=domain,dc=...
dn: cn=school_users,ou=groups,ou=school,o=vdm,dc=domain,dc=com
cn: School git users
cn: school_users
description: Users allowed to login to school.domain.com
objectclass: top
objectclass: groupOfUniqueNames
uniquemember: uid=sbg,c=VN,ou=users,ou=developers,o=vdm,dc=domain,dc=c
om
uniquemember: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
uniquemember: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
# Entry 69: ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: ou=users,ou=school,o=vdm,dc=domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: users
# Entry 70: c=FR,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: c=FR,ou=users,ou=school,o=vdm,dc=domain,dc=com
c: FR
description: France officies
objectclass: country
objectclass: top
# Entry 71: c=HK,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: c=HK,ou=users,ou=school,o=vdm,dc=domain,dc=com
c: HK
description: Hong-Kong officies
objectclass: country
objectclass: top
# Entry 72: c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
c: VN
description: Vietnam officies
objectclass: country
objectclass: top
# Entry 73: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: uid=vdm,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
cn: Tom Joseph
employeetype: developer
gecos: Tom Joseph
gidnumber: 14564103
givenname: Tom
homedirectory: /home/vdm
loginshell: /bin/bash
mail: mail=Tom.Joseph@domain.com,dc=mailAccount,dc=domain.com,dc=
mail,dc=domain,dc=com
objectclass: top
objectclass: posixAccount
objectclass: inetOrgPerson
sn: Joseph
uid: vdm
uidnumber: 14583104
userpassword: {SSHA}123456789123456789123456789+eiWwf9KTr4A+79CjyqY5/okZsL2Ke1
# Entry 74: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
dn: uid=tsr,c=VN,ou=users,ou=school,o=vdm,dc=domain,dc=com
cn: tom.soyer
employeetype: developer
gecos: tom.soyer
gidnumber: 14564103
homedirectory: /home/tsr
loginshell: /bin/bash
mail: mail=tom.soyer@domain.com,dc=mailAccount,dc=domain.com,d
c=mail,dc=domain,dc=com
objectclass: top
objectclass: posixAccount
objectclass: inetOrgPerson
sn: Soyer
uid: tsr
uidnumber: 14583104
userpassword: {SSHA}123456789123456789123456789
您可以配置像 /etc/postfix/ldap-aliases.cf 这样的地图:
server_host = ldap.example.com
search_base = ou=users,ou=developers,o=orga,dc=domain,dc=com
# look for entries with this
query_filter = (|(uid=%s)(mailacceptinggeneralid=%s)(mail=%s@domain.com))
# what attribute from the search result is returned
result_attribute = mail
# the format in which the result is returned
result_format = %s
使用这种配置,您不需要特定的分支来配置电子邮件帐户。
这与 cn 无关。
这是因为您的 unique 覆盖配置错误,或者配置不够好。您可能正在使用旧的 unique_attributes 条目,或者您可能只有一个 unique_uri 条目。
您应该使用 多个 unique_uri 条目来定义 mail 属性在 dc=mailAccount,dc=domain.com,dc=mail,dc=com 下必须是唯一的,并且再次单独地在ou=users,ou=school,o=vdm,dc=domain,dc=com,也许在 dc=mailAlias,... 下,无论您需要什么。
编辑 类似于:
unique_uri=ldap:///dc=mailAccount,dc=domain.com,dc=mail,dc=com?mail?sub ldap:///ou=users,ou=school,o=vdm,dc=domain,dc=com?mail?sub
也许
ldap:///dc=mailAlias,dc=domain.com,dc=mail,dc=domain,dc=com?mail?sub
或者当然 olcUniqueURI: 而不是 unique_uri= 如果你使用的是在线配置,你应该这样做。
并且不要忘记删除旧的 unique_attributes 或 olcUniqueAttributes 条目。请注意它是什么,以防其他属性被设置为唯一,在这种情况下,您还必须在 olcUniqueURI 中配置它们。例如,我也有 uid 和 displayName 作为唯一。由于我不想确定这些范围,这意味着:
olcUniqueURI: ldap:///?mail,uid,displayName?sub