Re: ldap lookup with different search_base's? [auf Viren überprüft]
Marten Lehmann
lehmann at cnm.de
Thu Jan 4 11:14:53 EST 2007
Hello,
> >> What do I have to enter at "admins" in /etc/imapd.conf?
> Something that matches your special regexp. In my following example it
> is cyrus.
>
> I.e. <snip>
> authz-regexp uid=cyrus,cn=[^,]*,cn=auth
> dn:cn=admin,dc=mailservices
> authz-regexp uid=([^,]*),cn=[^,]*,cn=auth
> dn.regex:cn=$1,ou=users,dc=mailservices
> <snap>
where can I find more examples of this?
My saslauthd.conf looks like this:
/etc/saslauthd.conf
ldap_servers: ldap://1.2.3.4/
ldap_timeout: 10
ldap_time_limit: 10
ldap_search_base: ou=users,dc=mailservices
ldap_auth_method: bind
ldap_filter: (cn=%u)
ldap_debug: 0
ldap_verbose: off
ldap_ssl: no
ldap_start_tls: no
ldap_referrals: no
And this is my imapd.conf:
/etc/imapd.conf
configdirectory: /var/cyrus/config
partition-default: /var/cyrus/spool
admins: cyrus
sievedir: /var/cyrus/config/sieve
sendmail: /usr/sbin/sendmail
altnamespace: true
hashimapspool: true
unixhierarchysep: true
virtdomains: userid
allowusermoves: true
sasl_pwcheck_method: saslauthd
servername: imap.localhost
munge8bit: true
username_tolower: true
From what I can see, the user cyrus would never be passed to LDAP,
since the saslauthd.conf defines which searchbase to use. And sasl would
never simply pass "cyrus" but attach the hostname on an empty realm, so
LDAP would get something like cyrus at imap.localhost.
Regards
Marten
More information about the Info-cyrus
mailing list