Ptloader configuration in Cyrus IMAP
Marc Patermann
hans.moser at ofd-sth.niedersachsen.de
Thu Aug 20 01:43:47 EDT 2009
Duncan,
Duncan Gibb schrieb:
> EA> pts_module: ldap
>
> This module is currently very difficult to configure, IMHO.
That's true. :) But it's doable.
> EA> ldap_member_method: attribute
>
> This method doesn't work they way you might expect. It finds the user
> object and wants to see the names of the groups of which the user is a
> member in the named attribute of the user. For example:
>
> dn: cn=Evgeniy Arbatov,ou=users,ou=people,dc=example,dc=com
> cn: Evgeniy Arbatov
> ou: admins
> ou: othergroup
> ou: thirdgroup
>
> If you want to put the names of the members into the group objects, you
> probably need to use the filter method.
>
>> dn: cn=admins,ou=groups,ou=people,dc=example,dc=com
>> uid: admins
>> member: cn=Evgeniy Arbatov,ou=users,ou=people,dc=example,dc=com
>
> I don't believe the current implementation supports this style of group
> membership (groupOfUniqueNames and similar). It's much more orientated
> towards posixGroup-style groups.
It does IMHO. Here it ist my config:
ldap_id: xxx
ldap_sasl: 1
ldap_password: xxxx
ldap_uri: ldap://tfas099.foo
ldap_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN
ldap_tls_cacert_file: /opt/mail/etc/openldap/ssl/ca2006.pem
ldap_tls_cert: /opt/mail/etc/openldap/ssl/cert2006.pem
ldap_tls_key: /opt/mail/etc/openldap/ssl/key2006.pem
ldap_base: ou=humans,ou=foo
ldap_group_base: ou=gruppen,ou=humans,ou=foo
ldap_group_filter: ou=%U
ldap_member_attribute: member
ldap_group_scope: sub
ldap_member_method: attribute
Marc
More information about the Info-cyrus
mailing list