Mailbox access control with ldap for group
Simon Matter
simon.matter at ch.sauter-bc.com
Thu Apr 21 04:29:53 EDT 2005
> Hello,
> I already use| setaclmailbox with an Unix group as "id". But I'd like to
> do the same with an ldap group.
>
> Is'it possible ? I didn't find anything on google.
You can configure /etc/nsswitch.conf to use LDAP for groups. Check with
'getent group' that your LDAP groups are visible to the system.
There is one issue with this solution: If your LDAP groups are large or
your LDAP is slow, all IMAP access is also slow. Using nscd doesn't work
here, at least on Linux. I have therefore created a groupcache patch for
cyrus which chaches the groups in a file for faster access. The patch is
in my rpms and also available here:
http://www.invoca.ch/pub/packages/cyrus-imapd/scripts/groupcache/
The groupcache can be updated via cyrus master with a entry like this in
/etc/cyrus.conf EVENTS section:
groupcache cmd="upd_groupcache" period=5
Regards,
Simon
>
>
> Thanks.
>
> Nicolas Schmitz
> |
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list