ACLs, public folders, group:, saslauthd, LDAP, etc.

Simon Matter simon.matter at ch.sauter-bc.com
Fri Feb 20 05:57:03 EST 2004 

> Howdy, again,
>
> Another problem, another email.  This problem I've yet to solve.
>
> I've got series of mailboxes (straycat.*) and I want to use the group:
> mechanism
> to set the ACLs for these mailboxes, as this seems the most elegant
> solution.
> I thought to myself, "I'll just add all the users to a POSIX group, do a
> quick
> 'sam straycat.* group:straycats lrsip', and it'll be all good."  Not so.
>
> I'm storing all system configuration information (or as much as I can) in
> LDAP,
> and I'm using nss_ldap.  Authentication is through saslauthd against
> Kerberos.
> In fact, here's my imapd.conf:
>
>   configdirectory: /var/lib/imap
>   partition-default: /var/spool/imap
>   admins: cyrus
>   sievedir: /var/lib/imap/sieve
>   sendmail: /usr/sbin/sendmail
>   hashimapspool: true
>   sasl_keytab: /etc/mail/cyrus-imapd.keytab
>   sasl_pwcheck_method: saslauthd
>   sasl_mech_list: LOGIN PLAIN
>   tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
>   tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
>   unix_group_enable: true
>
> Pretty simple.
>
> Anyways, I've got the group added to LDAP, and 'id user' is showing that
> getgrent(3) sees the 'straycats' group.  However, setting the
> 'group:straycats'

Hi,

How is your saslauthd configured?

Does 'getent group' show your groups?

Simon

> ACL seems to have only one effect...  I now get a ton of the following in
> /var/log/auth:
>
>   Feb 20 02:25:05 germ imap[7298]: could not find auxprop plugin, was
>   searching for '[all]'
>
> Any help?  Thanks.
>
> Derek
>
> [ derek p. moore ]-------------------[
> http://hackunix.org/~derekm/pubkey.asc ]
> [ derekm at hackunix.org ]----------------------------[ bfd2 fad6 1014 80c9
> aaa8 ]
> [ http://hackunix.org/~derekm/ ]-------------------[ a4a0 f449 3461 a443
> 51b9 ]
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
> ---
> Home Page: http://asg.web.cmu.edu/cyrus
> Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>


---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list