<p>Hi,</p>
<p>I stumbled onto this before. What is not clearly stated in the doc is that if you use auth_mech: pts , every user need to exist in the pts database (ldap in your case). Well, maybe it is clearly stated, but I overlooked it ;-)<br>
<br>
That said, you do not need AFS to use pts, though it seems to be very AFS oriented.</p>
<p>Kind regards, </p>
<p>Clement Hermann<br>
P.S. : Sorry about the top posting : blame the stupid android gmail client...</p>
<p><blockquote type="cite">On 8 20, 2009 8:10 PM, "Wil Cooley" <wcooley@nakedape.cc> wrote:<br><br><p><font color="#500050">On Wed, 2009-08-19 at 15:33 +0300, Evgeniy Arbatov wrote:
> Dear list,
>
> I want to ask your advic...</font></p>Do I understand correctly from this discussion and the sparse mention of<br>
this in the documentation that the LDAP ptloader module can be used to<br>
manage group ACLs with "auth_mech=pts/pts_module=ldap", instead of<br>
"auth_mech=unix/unix_group_enable=1"?<br>
<br>
Does this solve the slowness caused by UNIX groups in LDAP?<br>
<br>
Does "auth_mech" affect anything else?<br>
<br>
I have heretofore ignored mention of the pts/ptloader stuff because I<br>
was under the impression that it was entirely AFS-related, which I have<br>
no infrastructure for, but if this is the way to enable groups in LDAP<br>
without the slowness, then I need to look more closely at this.<br>
<br>
Wil<br>
<font color="#888888">--<br>
Wil Cooley <wcooley@nakedape.cc><br>
</font><br>----<br>
Cyrus Home Page: <a href="http://cyrusimap.web.cmu.edu/" target="_blank">http://cyrusimap.web.cmu.edu/</a><br>
Cyrus Wiki/FAQ: <a href="http://cyrusimap.web.cmu.edu/twiki" target="_blank">http://cyrusimap.web.cmu.edu/twiki</a><br>
List Archives/Info: <a href="http://asg.web.cmu.edu/cyrus/mailing-list.html" target="_blank">http://asg.web.cmu.edu/cyrus/mailing-list.html</a><br></blockquote></p>