Restrictive access to some users

Thu Apr 26 06:09:28 EDT 2007

Dmitriy Kirhlarov wrote:
> On Thu, Apr 26, 2007 at 12:07:20PM +0400, Dmitriy Kirhlarov wrote:
>> On Thu, Apr 26, 2007 at 12:14:13PM +0530, ram wrote:
>>
>>> On our cyrus server some users need access from office as well as from
>>> outside our LAN. So we nat the imap port on our firewall and people are
>>> able to access 
>>>
>>> But Contract employees need not access mails from outside the office.
>>> How can I allow access for such users only from the office
>> Cyrus imapd doesn't have source ip filter feature, afaik and support
>> only one authorization group (ldap_filter).
>> With this reason you have to use some tric.
>>
>> You need to configure two access groups and two cyrus servers (with
>> replication or murder configuration) and use different groups on this
>> servers.
>> Possible, some imap proxy can be configured for using second group.
> 
> O-ops.. :)
> 
> cyrus.conf:
> ...
> SERVICES {
> public		cmd="imapd -C /public.imapd.conf"	listen=public_ip:imap
> private		cmd=imapd				listen=private_ip:imap
> }

That doesn't fix the problem because you can't say which user can log in 
  on what interface.

But you could maybe do it like this:

two different imapd.confs.  In one of them you use a different saslauthd 
(if you would be using this) socket.  And run a second saslauthd with 
different config.

-- 
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert          Rudy.Gevaert at UGent.be          tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
Groep Systemen                    Systems group
Universiteit Gent                 Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --