user and realm splitting in cyrus/ldap
Rudy Gevaert
Rudy.Gevaert at UGent.be
Tue Dec 26 04:03:09 EST 2006
Marten Lehmann wrote:
> Hello,
>
>> In my case it is:
>> ldap_filter:
>> (&(umMailObjectStatus=enabled)(umCyrusStatus=enabled)(umLogin=%u%R))
>>
>> So that it looks for user at domain.com
>
> thanks. I'm using saslauthd with the -r option now as Simon adviced but
> your combination with the "enabled" status is interesting. I also
> planned to include this because we want to be able to disabled certain
> accounts but there is one catch with it: The user just sees
> "authentication failure". So he might think something is wrong with our
> servers although we blocked his account intentionally.
>
> Is there a way to include an own, special error message? I would like to
> distinguish between
I don't think so. I haven't heard of it. It would be interesting though.
In our setup we have three levels of status.
umMailObjectStatus: is disabled object can't do a thing
umMailboxStatus: if enabled object can receive mail
umCyrusStatus: if enabled object can login with cyrus
That way we can have users who still receive mail but can't log in
anymore. (E.g. people who have left the university but have a sieve
forward on their account.) Or we can't temporary block someone from
loging in, but his mail is still accepted.
Rudy
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert Rudy.Gevaert at UGent.be tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur Direction ICT, Infrastructure dept.
Groep Systemen Systems group
Universiteit Gent Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
More information about the Info-cyrus
mailing list