Input on patch for ptclient/ldap requested

Tue Aug 9 07:02:53 EDT 2011

Le 09/08/2011 02:08, Jeroen van Meeuwen (Kolab Systems) a écrit :
> Hi there,
>
Hi,

> I wanted to ask who is actively using ptclient/ldap, as I have some inhouse
> patch pending on the canonification using some sort of result_attribute, if
> you will.
>
> We currently have under consideration whether everything, life and the
> universe should be configurable before the patch is accepted upstream, which
> is to say (pardon my postfix lingo);
>
> - result_attribute_format,
> - leaf_result_attribute,
>
> but also;
>
> - group_filter_scope,
> - group_result_attribute
>
> Which is to say, we have a deployment extensively using 'nsroledn' -which
> functionally behaves like a 'memberOf', and the question then becomes if you
> want to use the 'cn' attribute for groups -which most often is not enforced to
> be a unique attribute value for groups, but is automatically unique is the
> search scope for groups is 'one' and the 'cn' attribute builds the 'rdn'.
>
> Long story short, I would like to know of other people who use ptclient/ldap,
> or have attempted to do so but failed, and the various use-case / deployment
> scenarios.

We use it for shared folders / mailboxes, on a Stock debian install (so 
2.2.x), we only repackaged cyrus to include pts support. Works great so far

Actually, I do think everything should be configurable. LDAP deployment 
are often preexistent, and used by other applications : the more 
configurable it is, the less work you have to do to use cyrus in your 
existing environment. Other application might be older proprietary stuff 
without much flexibility and strange ways to use a LDAP tree...

Here are the relevant parts of our imapd.conf :

auth_mech: pts
pts_module: ldap
ptloader_sock: /var/run/cyrus/socket/ptsock
username_tolower: 0

ldap_filter: (|(uid=%u)(cn=%u))
ldap_referrals: 1

ldap_group_filter: (&(objectClass=groupOfUniqueNames)(cn=%u))
ldap_group_base: <some path>
ldap_member_base: <some path>
ldap_member_method: filter
ldap_member_filter: (uniqueMember=%D)
ldap_member_attribute: cn

ldap_size_limit: 0

Groups are in one part of the tree, users are listed in the group with 
their DN and in another part of the tree.

Cheers,

-- 
Clement Hermann (nodens)
- "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?"
Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/

Vous trouverez ma clef publique sur le serveur public pgp.mit.edu.
Please find my public key on the public keyserver pgp.mit.edu.