1 最后由 yulei_mail (2017-02-05 20:51:27) 编辑

主题: 求教LDAP的问题,如何列出用户和用户组

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.5-1
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):OpenLDAP
- 使用的 Linux/BSD 发行版名称及版本号:ubuntu 16.04
- 与您的问题相关的日志信息:
====
我使用群晖的DSM,设置LDAP时,它一定要先列出LDAP上的用户和用户组。但是我虽然能够连接成功LDAP
却无法列出用户和用户组。
请问LDAP中应该如何设置?

Post's attachments

捕获.PNG 24.69 kb, 1 downloads since 2017-02-05 

You don't have the permssions to download the attachments of this post.

回复: 求教LDAP的问题,如何列出用户和用户组

iRedMail 有用户和组,但你的 DSM 使用的 LDAP FILTER 语句可能不对。检查一下。

3 最后由 yulei_mail (2017-02-05 20:54:36) 编辑

回复: 求教LDAP的问题,如何列出用户和用户组

张工好,实在不明白这些filter如何设置,我把截图作为主贴了附件了,您看看吧。这些如何设置啊。
PunBB bbcode test

回复: 求教LDAP的问题,如何列出用户和用户组

最理想的 LDAP filter 是:

(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailList)(objectClass=mailAlias)(objectClass=mailUser)))

不了解你的 DSM,只能你自己试试了。

5 最后由 yulei_mail (2017-02-06 08:56:56) 编辑

回复: 求教LDAP的问题,如何列出用户和用户组

对LDAP的设置,实在超出智商能力所及,看到DSM的官网上有这样的解释:
URL:https://www.synology.cn/en-global/knowledgebase/DSM/help/DSM/AdminCenter/file_directory_service_ldap
Before customizing LDAP attribute mappings, you will need some background knowledge. Synology DSM and the Profile editor both adhere to RFC 2307. For example, you can specify filter > passwd as userFilter, in which case the Synology NAS will interpret records with objectClass=userFilter on your LDAP server as LDAP accounts. If you specify passwd > uid as username, the Synology NAS will interpret username on your LDAP server as an account name. Leaving the mapping empty will apply RFC 2307 rules.

Synology NAS requires a fixed integer to serve as an LDAP account identifier (uidNumber) or a group identifier (gidNumber). However, not all LDAP servers use integers to represent such attributes. Therefore, a keyword HASH() is provided to convert such attributes to integers. For example, your LDAP server might use the attribute userid with a hexadecimal value as the unique identifier for an LDAP account. In this case, you can set passwd > uidNumber to HASH(userid), and then Synology NAS will convert it into an integer.

The following is the summary of customizable attributes:

    filter
        group: required objectClass for group.
        passwd: required objectClass for user.
        shadow: required objectClass for user passwords.
    group
        cn: group name.
        gidNumber: GID number of this group.
        memberUid: members of this group.
    passwd
        uidNumber: UID number of this user.
        uid: username.
        gidNumber: primary GID number of this user.
    shadow
        uid: username.
        userPassword: user password.

所以,真不知道上述解释和张工给出的LDAPfilter之间有怎样的关系啊。拜托张工看在我好歹付了一点费的面子上帮忙看看吧。