user and realm splitting in cyrus/ldap

Rudy Gevaert Rudy.Gevaert at UGent.be
Tue Dec 26 04:03:09 EST 2006


Marten Lehmann wrote:
> Hello,
> 
>> In my case it is:
>> ldap_filter: 
>> (&(umMailObjectStatus=enabled)(umCyrusStatus=enabled)(umLogin=%u%R))
>>
>> So that it looks for user at domain.com
> 
> thanks. I'm using saslauthd with the -r option now as Simon adviced but 
> your combination with the "enabled" status is interesting. I also 
> planned to include this because we want to be able to disabled certain 
> accounts but there is one catch with it: The user just sees 
> "authentication failure". So he might think something is wrong with our 
> servers although we blocked his account intentionally.
> 
> Is there a way to include an own, special error message? I would like to 
> distinguish between

I don't think so.  I haven't heard of it.  It would be interesting though.

In our setup we have three levels of status.
umMailObjectStatus: is disabled object can't do a thing
umMailboxStatus: if enabled object can receive mail
umCyrusStatus: if enabled object can login with cyrus

That way we can have users who still receive mail but can't log in 
anymore.  (E.g. people who have left the university but have a sieve 
forward on their account.)  Or we can't temporary block someone from 
loging in, but his mail is still accepted.

Rudy

-- 
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert          Rudy.Gevaert at UGent.be          tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur  Direction ICT, Infrastructure dept.
Groep Systemen                     Systems group
Universiteit Gent                  Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --


More information about the Info-cyrus mailing list