How to query LDAP for email addresses of posixGroup members?

I am running an OpenLDAP server with groups of type posixGroup and users of type inetOrgPerson.

I need to extract the email address attribute for the users in a specified group.

The posixGroup type only stores the uid of the members in an开发者_运维技巧 attribute called memberUid.

The inetOrgPerson type does not store group membership information.

So basically I need to query for a group, extract the user ids, use those user ids to find the matching inetOrgPerson nodes and then grab the mail attribute.

I was hoping to be able to do all of this in one single filtered query, but I don't seem to able to find the right syntax to make it happen. This scenario seems to be more complex than most of the example queries I can find Googling.

Also, I am trying to do this all from an sh script if possible (on Ubuntu), so I have the ldapsearch command available.

Any ideas?

This is a job for the memberof overlay. It maintains a 'memberOf' atttribute in each user, say, that is a reverse mapping from memberUID in each group. Then you would just filter on (&(objectClass=inetOrgPerson)(memberOf={0})) where {0} becomes the group name.