cyrus ACL and groups ...
Simon Matter
simon.matter at ch.sauter-bc.com
Fri Jun 2 09:42:14 EDT 2006
> On Fri, Jun 02, 2006 at 10:31:46AM +0200, Brasseur Valéry wrote:
>> I have seen in the code that when you want to use groups in ACL for
>> cyrus,
>> the group is a UNIX one ... (calling setgrent, getpwnam ... )
>> Is there a a way to use LDAP groups instead ...
>
> If you use nss_ldap, then cyrus will be using ldap groups without even
> knowing
> about it.
>
> But you may have performance problems if cyrus uses group enumeration,
> that's
> expensive in ldap.
Usually you could use nscd to cache but nss_ldap group lookups don't work,
and they really are slow with large groups. Therefore, I have implemented
(I mean hacked) a groupcache feature for cyrus-imapd which is included in
my rpms. Let me know if you are interested and don't want to exctract them
from the source rpm.
Simon
More information about the Info-cyrus
mailing list