LDAP auth, and Cyrus mailboxes..

Mike Beattie mike.beattie at otago.ac.nz
Wed Jun 16 01:09:11 EDT 2004

On Tue, Jun 15, 2004 at 09:27:46PM -0700, Carl P. Corliss wrote:
> >Erp. well, that's not possible, since the LDAP directory contains nothing
> >other than dn: and userPassword:.
> Your directory structure contains only two attributes for each user..?

Correct. The directory is there for authentication, and authentication only.
Authorisation is another story, and is maintained via other methods from our
provisioning system.

> >Ok, well, it's known behaviour, perhaps I'll need to think up another
> >solution. (an ugly patch to cyrus that adds a "loginrequiresinbox:"
> >option?)
> Cyrus is not the problem - your ldap configuration apparently is. 
> Reconfigure your schema such that you have something to filter on for 
> real accounts. Depending on your setup, you could filter on maildrop 
> (which, again, depends on your setup and whether or not you use the 
> maildrop attribute and, if you do, if it is only populated for 'real' 
> accounts). Then you could use something akin to:

I'm aware of this, but for this situation some configuration toggle makes
more sense (in our environment) - cyrus is in this case, responsible for the
authorisation component of our student email system.

I'll think of something...

Thanks anyway,
Mike Beattie  <mike.beattie at otago.ac.nz>     UNIX Systems Engineer, ITS
Ph: +64 3 479 8597       Fax: +64 3 479 5080      Cell: +64 27 44 80386
* Opinions expressed are my own, not those of the University of Otago *
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list