Problem with ptloader and Novell Edirectory

Klaus Steinberger Klaus.Steinberger at physik.uni-muenchen.de
Wed May 7 06:23:19 EDT 2008


Hi Wes.

> On 06 May 2008, at 15:51, Klaus Steinberger wrote:
> > I'm using  cyrus-imapd-2.3.7-1.1.el5 (Scientific Linux).
>
> That's pretty old, there have been a lot of fixes to the pt & ldap
> code in the intervening 5 or so releases.

Thanks! That solved my problem, i built the SRPM from Fedora 8 now for SL5 
(2.3.11-1). Groups are working now. I had to change the ldap_group_filter 
from my original question, so now the ldap parameters are the following:

ldap_sasl: 0
ldap_base: ou=Personen,o=physik
ldap_filter: (uid=%u)
ldap_group_base: ou=Gruppen,o=physik
ldap_group_filter: (cn=%u)
ldap_uri: ldap://edir11.physik.uni-muenchen.de
ldap_size_limit: 20
ldap_member_method: filter
ldap_member_filter: (member=%D)
ldap_member_attribute: cn
ldap_member_base: ou=Gruppen,o=physik
ldap_tls_cacert_file: /etc/pki/tls/certs/ca-bundle.crt
pts_module: ldap
ptscache_timeout: 10
ptloader_sock: /var/lib/imap/ptclient/ptsock


This should work as long as no user is member of more than 20 groups. (should 
not be the case here, some special groups are outside "ou=Gruppen,o=physik" 
and are not counted).

ptdump now shows:


[root at test-imap etc]# /usr/lib/cyrus-imapd/ptdump
user: guinea.pig time: 1210155445 groups: 1
  group:campususer
user: klaus.steinberger time: 1210155332 groups: 4
  group:pr-adm-verw
  group:cipwheel
  group:etpgrid
  group:rechner
[root at test-imap etc]# 

Setting ACL's on groups now works as expected.

Sincerly,
Klaus



-- 
Klaus Steinberger         Beschleunigerlaboratorium
Phone: (+49 89)289 14287  Am Coulombwall 6, D-85748 Garching, Germany
FAX:   (+49 89)289 14280  EMail: Klaus.Steinberger at Physik.Uni-Muenchen.DE
URL: http://www.physik.uni-muenchen.de/~Klaus.Steinberger/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2002 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080507/7bf8f186/attachment.bin 


More information about the Info-cyrus mailing list