ptloader or the not so LDAPing easy
Egil Möller
egil.moller at freecode.no
Wed Aug 15 06:34:39 EDT 2007
Hi!
I'm trying to get LDAP groups to work with cyrus. I have ptloader
running, and have configured it to use LDAP (see below).
I can
* log in using users in LDAP
* set ACLs for groups in ldap: sam some/mailbox group:someGroup lrswp
I can not
* use the access rights from a group I am a member of
It does not seem like the ptloader ever actually performs the membership
LDAP-search with the filter specified in the imapd.conf...
> /usr/lib/cyrus/bin/ptdump
user: anna time: 1187173689 groups: 0
user: cyrus time: 1187173441 groups: 0
user: group:test.groups time: 1187173666 groups: 0
user: superadmin time: 1187173666 groups: 3
Domain Admins
S-1-5-21-7212131113-2629212131-2252721213-3065
S-1-5-21-7212131113-2629212131-2252721213-3067
Why does ptdump list group:test.groups as a _user_?
Why is that group not listed as a group under user anna?
Why does ptloader show the sambaSid of two of the groups superadmin is a
member of, instead of the group name?
--- from imapd.conf ---
auth_mech: pts
ptloader_sock: /var/run/cyrus/socket/ptloader
ptscache_db: skiplist
ptscache_timeout: 10800
pts_module: ldap
ldap_sasl: 0
ldap_version: 3
ldap_size_limit: 0
ldap_uri: ldap://crocodile.freecode.no/
ldap_bind_dn: cn=admin,dc=crocodile,dc=freecode,dc=no
ldap_password: no-chanse-you'll-have-a-peek-at-it
ldap_base: dc=crocodile,dc=freecode,dc=no
ldap_filter: (uid=%U)
ldap_scope: sub
ldap_group_base: dc=crocodile,dc=freecode,dc=no
ldap_group_filter: (cn=%u)
ldap_group_scope: sub
ldap_member_method: filter
ldap_member_base: dc=crocodile,dc=freecode,dc=no
ldap_member_filter: (memberuid=%U)
ldap_member_scope: sub
---LDAP content---
dn: ou=Domain Admins,ou=Groups,dc=crocodile,dc=freecode,dc=no
objectClass: posixGroup
objectClass: grimoireGroup
objectClass: sambaGroupMapping
gidNumber: 1030
cn: Domain Admins
ou: Domain Admins
owner:
uid=superadmin,ou=administrators,ou=People,dc=crocodile,dc=freecode,dc=
no
memberUid: root
memberUid: superadmin
description: Netbios Domain Administrators
sambaSID: S-1-5-21-7212131113-2629212131-2252721213-3061
sambaGroupType: 2
displayName: Domain Admins
# testgroup, groups, crocodile.freecode.no
dn: ou=testgroup,ou=groups,dc=crocodile,dc=freecode,dc=no
objectClass: grimoireGroup
objectClass: posixGroup
objectClass: sambaGroupMapping
owner: uid=superadmin,ou=administrators,ou=People
memberUid: superadmin
ou: testgroup
cn: testgroup.groups
gidNumber: 1032
sambaGroupType: 2
sambaSID: S-1-5-21-7212131113-2629212131-2252721213-3065
# test, groups, crocodile.freecode.no
dn: ou=test,ou=groups,dc=crocodile,dc=freecode,dc=no
objectClass: grimoireGroup
objectClass: posixGroup
objectClass: sambaGroupMapping
owner: uid=superadmin,ou=administrators,ou=People
memberUid: superadmin
memberUid: anna
ou: test
cn: test.groups
gidNumber: 1033
sambaGroupType: 2
sambaSID: S-1-5-21-7212131113-2629212131-2252721213-3067
displayName: FOOBAR
Best regards,
and thanks in advance,
Egil Möller
--
Konsulent, Fri Programvare / Free Software Consultant
Cell: +47 - 91 17 05 93
Phone: +47 - 21 53 69 00, Fax: +47 - 21 53 69 09
Addr: Slemdalsveien 70, PB 1 Vinderen, 0319 Oslo
<http://www.freecode.no/>
Free beer costs nothing, freedom costs a fight.
Free beer lasts an eavening, freedom lasts a lifetime.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20070815/f91f37f5/attachment.bin
More information about the Info-cyrus
mailing list