Re: ldap lookup with different search_base's? [auf Viren überprüft]

Hans Moser hans.moser at ofd-sth.niedersachsen.de
Thu Jan 4 05:18:53 EST 2007


Andreas Winkelmann schrieb:

> Hmm, you can use ldapdb. Then you can specify multiple authz-regexp In 
> slapd.conf. Seperate them somehow in the Matching-Pattern.
That's what I would recommend too.

> I havn't tested this, but I think it's a try worth.
It works.
Slapd converts the the SASL uid for u. Create a general regexp for the 
user, which points to something like cn=$1,ou=users,dc=mailservices
and a special regexp for uid admin (or cyrus ...), which points to 
cn=admin,dc=mailservices.

 >> What do I have to enter at "admins" in /etc/imapd.conf?
Something that matches your special regexp. In my following example it 
is cyrus.

I.e. <snip>
authz-regexp uid=cyrus,cn=[^,]*,cn=auth
         dn:cn=admin,dc=mailservices
authz-regexp uid=([^,]*),cn=[^,]*,cn=auth
         dn.regex:cn=$1,ou=users,dc=mailservices
<snap>

Ask man slap.conf for "authz-policy" and "authz-regexp". And man 
slapd.access.


Hans



More information about the Info-cyrus mailing list