ptloader and ldap_member_method: filter problem
Igor Brezac
igor at ipass.net
Wed Jul 27 18:59:00 EDT 2005
On Wed, 27 Jul 2005, Sava Chankov wrote:
> Hi,
> I'm using cyrus-imapd-2.2.12 with ptloader patch from Igor Brezac that fixes the
> SASL authz bug. Groups are read from LDAP by ptloader properly, but group
> authorization doesn't work with this configuration:
>
> virtdomains: yes
> ldap_version: 3
> ldap_sasl: 0
> ldap_size_limit: 500
> ldap_bind_dn: uid=proxy_user,o=ControlPanel
> ldap_base: ou=People,ou=%d,o=ControlPanel
> ldap_filter: uid=%U
> ldap_group_base: ou=Group,ou=%d,o=ControlPanel
> ldap_group_filter: cn=%U
> ldap_member_method: filter
> ldap_member_base: ou=Group,ou=%d,o=ControlPanel
> ldap_member_attribute: cn
This assumes ldap_member_filter: (member=%D). Correct?
> A little example - user mincho at dve.bg is member of groups punk and
> ordinary_user. When the domain admin creates a shared folder named "test" and
> assigns read right to group punk with the command
>
> sam test group:punk at dve.bg read
>
> the result is that user mincho at dve.bg doesn't see the shared folder.
> ptdump
> output is:
> user: group:punk at dve.bg time: 1122481905 groups: 0
> user: mincho at dve.bg time: 1122481327 groups: 2
> ordinary_user
> punk
ptdump shows punk instead of punk at dve.bg. Keep in mind that ptdump shows
pts cache content. Can you show a sample ldap entry for each identifier?
--
Igor
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list