allow user to use: pop only, or pop & imap (sasl2 + ldap)
Christian Schulte
cs at schulte.it
Thu May 8 20:16:17 EDT 2003
Bruhin Gregor wrote:
>I'm using sasl2 with openldap, and would like to set specific rights for my
>users.
>Some users should be allowed to use only the pop3d daemon, some other users
>pop & imap for example.
>
>Is this possible ?
>
>
I do it with sasl2 auxprop mysql like:
smtp:~# cat /etc/cyrus.conf
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="/usr/local/cyrus2-neu/bin/ctl_cyrusdb -C
/etc/imapd.conf -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="/usr/local/cyrus2-neu/bin/idled -C /etc/imapd.conf"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="/usr/local/cyrus2-neu/bin/imapd -C /etc/imapd.conf"
listen="[ip]:imap" prefork=0
imaps cmd="/usr/local/cyrus2-neu/bin/imapd -C /etc/imapd.conf
-s" listen="[ip]:imaps" prefork=0
pop3 cmd="/usr/local/cyrus2-neu/bin/pop3d -C /etc/popd.conf"
listen="[ip]:pop3" prefork=0
pop3s cmd="/usr/local/cyrus2-neu/bin/pop3d -C /etc/popd.conf
-s" listen="[ip]:pop3s" prefork=0
sieve cmd="/usr/local/cyrus2-neu/bin/timsieved -C
/etc/imapd.conf" listen="[ip]:sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="/usr/local/cyrus2-neu/bin/lmtpd -C /etc/imapd.conf"
listen="/var/imap/socket/lmtp" prefork=1
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/opt/rams/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="/usr/local/cyrus2-neu/bin/ctl_cyrusdb -C
/etc/imapd.conf -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="/usr/local/cyrus2-neu/bin/ctl_deliver -C
/etc/imapd.conf -E 3" period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd="/usr/local/cyrus2-neu/bin/tls_prune -C
/etc/imapd.conf" period=1440
#creates indexes for messages to improve search performance
squatter cmd="/usr/local/cyrus2-neu/bin/squatter -C
/etc/imapd.conf" at=0430
}
smtp:~# cat /etc/imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
sievedir: /var/spool/sieve
servername: fqdn
admins: cyrus
defaultdomain: fqdn
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: mysql
sasl_allowanonymouslogin: no
sasl_allowplaintext: yes
sasl_mech_list: PLAIN LOGIN
sasl_mysql_user: theuser
sasl_mysql_passwd: thepass
sasl_mysql_hostnames: localhost
sasl_mysql_database: admin
sasl_mysql_statement: select password from SASLUser where login='%u' and
domain='%r' and IMAP='YES'
#tls_cert_file: /var/imap/imap.crt
#tls_key_file: /var/imap/imap.key
#tls_ca_file: /usr/lib/ssl/demoCA/cacert.pem
idlesocket: /var/imap/socket/idle
unixhierarchysep: yes
virtdomains: yes
altnamespace: on
sharedprefix: Teamordner
userprefix: Accounts
unix_group_enable: 0
umask: 007
imapidresponse: no
logtimestamps: 1
lmtp_over_quota_perm_failure: 1
autocreatequota: -1
smtp:~# cat /etc/popd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
sievedir: /var/spool/sieve
servername: fqdn
admins: cyrus
defaultdomain: defaultdomain
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: mysql
sasl_allowanonymouslogin: no
sasl_allowplaintext: yes
sasl_mech_list: PLAIN LOGIN
sasl_mysql_user: theuser
sasl_mysql_passwd: thepass
sasl_mysql_hostnames: localhost
sasl_mysql_database: admin
sasl_mysql_statement: select password from SASLUser where login='%u' and
domain='%r' and POP='YES'
#tls_cert_file: /var/imap/pop.crt
#tls_key_file: /var/imap/pop.key
#tls_ca_file: /usr/lib/ssl/demoCA/cacert.pem
idlesocket: /var/imap/socket/idle
unixhierarchysep: yes
virtdomains: yes
altnamespace: on
sharedprefix: Teamordner
userprefix: Accounts
unix_group_enable: 0
umask: 007
imapidresponse: no
logtimestamps: 1
lmtp_over_quota_perm_failure: 1
autocreatequota: -1
More information about the Info-cyrus
mailing list