ACLs, public folders, group:, saslauthd, LDAP, etc.
Derek P. Moore
derekm at hackunix.org
Fri Feb 20 03:46:53 EST 2004
Howdy, again,
Another problem, another email. This problem I've yet to solve.
I've got series of mailboxes (straycat.*) and I want to use the group: mechanism
to set the ACLs for these mailboxes, as this seems the most elegant solution.
I thought to myself, "I'll just add all the users to a POSIX group, do a quick
'sam straycat.* group:straycats lrsip', and it'll be all good." Not so.
I'm storing all system configuration information (or as much as I can) in LDAP,
and I'm using nss_ldap. Authentication is through saslauthd against Kerberos.
In fact, here's my imapd.conf:
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_keytab: /etc/mail/cyrus-imapd.keytab
sasl_pwcheck_method: saslauthd
sasl_mech_list: LOGIN PLAIN
tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
unix_group_enable: true
Pretty simple.
Anyways, I've got the group added to LDAP, and 'id user' is showing that
getgrent(3) sees the 'straycats' group. However, setting the 'group:straycats'
ACL seems to have only one effect... I now get a ton of the following in
/var/log/auth:
Feb 20 02:25:05 germ imap[7298]: could not find auxprop plugin, was
searching for '[all]'
Any help? Thanks.
Derek
[ derek p. moore ]-------------------[ http://hackunix.org/~derekm/pubkey.asc ]
[ derekm at hackunix.org ]----------------------------[ bfd2 fad6 1014 80c9 aaa8 ]
[ http://hackunix.org/~derekm/ ]-------------------[ a4a0 f449 3461 a443 51b9 ]
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list