Mailbox access control with ldap for group
Simon Matter
simon.matter at ch.sauter-bc.com
Thu Apr 21 09:56:01 EDT 2005
>
> On Thu, 21 Apr 2005, Simon Matter wrote:
>
>>> Hello,
>>> I already use| setaclmailbox with an Unix group as "id". But I'd like
>>> to
>>> do the same with an ldap group.
>>>
>>> Is'it possible ? I didn't find anything on google.
>>
>> You can configure /etc/nsswitch.conf to use LDAP for groups. Check with
>> 'getent group' that your LDAP groups are visible to the system.
>> There is one issue with this solution: If your LDAP groups are large or
>> your LDAP is slow, all IMAP access is also slow. Using nscd doesn't work
>> here, at least on Linux. I have therefore created a groupcache patch for
>> cyrus which chaches the groups in a file for faster access. The patch is
>> in my rpms and also available here:
>> http://www.invoca.ch/pub/packages/cyrus-imapd/scripts/groupcache/
>>
>> The groupcache can be updated via cyrus master with a entry like this in
>> /etc/cyrus.conf EVENTS section:
>>
>> groupcache cmd="upd_groupcache" period=5
>>
>
> You can also use pts/ldap for groups.
That's correct. I was assuming that he's using Unix groups and LDAP groups
at the same time. For authentication this works fine with PAM, above
solution does the same for groups.
Is a mixed environment possible with pts/ldap?
Simon
>
> -Igor
>
>> Regards,
>> Simon
>>
>>>
>>>
>>> Thanks.
>>>
>>> Nicolas Schmitz
>>> |
>>> ---
>>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>>
>>
>>
>> ---
>> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>
> --
> Igor
>
>
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list