Mailbox access control with ldap for group

Igor Brezac igor at ipass.net
Thu Apr 21 10:12:23 EDT 2005


On Thu, 21 Apr 2005, Simon Matter wrote:

>>
>> On Thu, 21 Apr 2005, Simon Matter wrote:
>>
>>>> Hello,
>>>> I already use| setaclmailbox with an Unix group as "id". But I'd like
>>>> to
>>>> do the same with an ldap group.
>>>>
>>>> Is'it possible ? I didn't find anything on google.
>>>
>>> You can configure /etc/nsswitch.conf to use LDAP for groups. Check with
>>> 'getent group' that your LDAP groups are visible to the system.
>>> There is one issue with this solution: If your LDAP groups are large or
>>> your LDAP is slow, all IMAP access is also slow. Using nscd doesn't work
>>> here, at least on Linux. I have therefore created a groupcache patch for
>>> cyrus which chaches the groups in a file for faster access. The patch is
>>> in my rpms and also available here:
>>> http://www.invoca.ch/pub/packages/cyrus-imapd/scripts/groupcache/
>>>
>>> The groupcache can be updated via cyrus master with a entry like this in
>>> /etc/cyrus.conf EVENTS section:
>>>
>>>  groupcache    cmd="upd_groupcache" period=5
>>>
>>
>> You can also use pts/ldap for groups.
>
> That's correct. I was assuming that he's using Unix groups and LDAP groups
> at the same time. For authentication this works fine with PAM, above
> solution does the same for groups.
> Is a mixed environment possible with pts/ldap?

You can use only one authorization mechanism (identifiers and groups) and 
you can mix this with any type of authentication setup.  Authorization 
mechanism is selected during build/compile; you can specify authorization 
mech at runtime (imapd.conf ) in the cvs version of cyrus-imapd.

--
Igor

>
> Simon
>
>>
>> -Igor
>>
>>> Regards,
>>> Simon
>>>
>>>>
>>>>
>>>> Thanks.
>>>>
>>>> Nicolas Schmitz
>>>> |
>>>> ---
>>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>
>>>>
>>>
>>>
>>> ---
>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>
>> --
>> Igor
>>
>>
>
>

-- 
Igor
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list