[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
constraints on attributes or number of leaves [long]
Hi all,
I have planed to do a free gtk-libldap gui for an exim-ldap
configuration, to provide a nice interface for end-users that they
manage themselves their mail accounts.
There are different roles that the interface should manage:
- mail admin: can add/remove/modify domain.
- domain admin: can add/remove/modify mail user in his domain.
- mail user: can forward their mail, set aliases, auto-reply and so
on.
There are some constraints that can't be managed by the
client:
- unique constraint on mail attribute value, mail alias
value...(consistency)
- Max number of mail account per domain, max number of mail alias per
user...(trust no one... except server ACLs)
* For the unique constraint mail/alias, the only way i found is to
use the dn key, for example:
b@domain.home alias of a@domain.home.
dn: mail=a@domain.home,dc=domain,dc=home
objectClass: MailAccount
mail: a@domain.home
dn: mailalias=b@domain.home,dc=domain,dc=home
objectClass: MailAlias
mailalias: b@domain.home
mail: a@domain.home
(yes, there is also a circular reference problem, maybe i will have to
try "alias" objectclass , don't know right now )
* For the max number of child/attributes, there is a solution too:
precreate mail accounts with the "mail admin" role for example:
dn: uid=1,dc=domain,dc=home
objectClass: MailAccount
mail: (null)
...
dn: uid=2,dc=domain,dc=home
...
dn: uid=[max number of mail],dc=domain,dc=home
"domain admin" role will not be able to remove a MailAccount anymore, just set
mail attribute value.
But wait... what about the unique constraint ?
This is a catch 22
Any idea ?
Bye.