cyrus ACL and groups ...

Patrick Radtke phr2101 at columbia.edu
Fri Jun 2 10:54:09 EDT 2006


Are your users stored in a LDAP server as well?

If so, then you can have Cyrus speak LDAP and get the info. Plus it  
can do caching (ptscache_timeout)
In Cyrus 2.3 you'd want to do something like

#make the authz mechanism be pts
auth_mech: pts
#make pts talk to ldap
pts_module: ldap
ldap_base: dc=cc,dc=columbia,dc=edu
ldap_group_base: ou=group,dc=cc,dc=columbia,dc=edu
ldap_member_base: ou=group,dc=cc,dc=columbia,dc=edu
ldap_member_method: filter
ldap_member_filter:(memberuid=%U)
ldap_member_attribute: cn
ldap_size_limit: 100
ldap_sasl: 0
ldap_uri: ldap://ldapserver:prt
ptloader_sock: /var/cyrus/socket/ptsock

look for ldap_* options in `man imapd.conf`

-Patrick

On Jun 2, 2006, at 4:31 AM, Brasseur Valéry wrote:

> I have seen in the code that when you want to use groups in ACL for  
> cyrus, the group is a UNIX one ... (calling setgrent, getpwnam ... )
> Is there a a way to use LDAP groups instead ...
>
>
> Thanks
> Valery
>
>
> ----
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html



More information about the Info-cyrus mailing list