Cyrus Imapd shared folders question
jc.duss59 at laposte.net
jc.duss59 at laposte.net
Wed Jan 31 12:16:20 EST 2007
Well, nss_ldap seams a little bit hard fo me to understand....
Is there a way to use saslauthd for authentication and pts for
authorization? Or is pts can do both? Or saslauthd both?
Saslauthd works fine for authentication but i can't make pts
working for authorization: I still got error like :
Jan 31 17:59:37 imaptest ptloader[726]:
ldap_sasl_interactive_bind() failed 16 (No such attribute).
Jan 31 17:59:37 imaptest imap[727]: ptload(): bad response
from ptloader server: ptsmodule_connect() failed
Jan 31 17:59:37 imaptest imap[727]: ptload completely failed:
unable to canonify identifier: toto2
Jan 31 17:59:37 imaptest imap[727]: badlogin: [10.1.45.1]
plaintext toto2 invalid user
Here is my imapd.conf
configdirectory: /var/imap
partition-default: /var/spool/imap
allowplaintext: yes
admins: cyrus
reject8bit: no
sieveusehomedir: false
sievedir: /var/imap/sieve
sasl_pwcheck_method: saslauthd
auth_mech: pts
pts_module: ldap
ldap_start_tls: 0
ldap_base: ou=users,o=myorg,dc=fr
ldap_uri: ldap://ldap.mydomain.com
ldap_group_base: ou=groups,o=myorg,dc=fr
ldap_group_filter: (cn=%u)
ldap_filter: (uid=%u)
ldap_member_filter: (member=%u)
ldap_member_method: filter
ldap_member_attribute: cn
ldap_member_scope: sub
ldap_group_scope: sub
ptscache_timeout: 5
ptscache_db: skiplist
ldap_size_limit: 1
ldap_scope: sub
ptloader_sock: /var/imap/socket/ptsock
tls_cert_file: /usr/local/etc/imaptest.cer
tls_key_file: /usr/local/etc/imaptest.pem
tls_ca_file: /usr/local/etc/toto.ca
Can someone help me? Thanks.
---------- Debut du message initial -----------
De : "Simon Matter" simon.matter at invoca.ch
A : "jc.duss59 at laposte.net" jc.duss59 at laposte.net
Copies : "info-cyrus" info-cyrus at lists.andrew.cmu.edu
Date : Wed, 31 Jan 2007 07:34:51 +0100 (CET)
Objet : RE: Cyrus Imapd shared folders question
> > Ok! It's Working fine! Thanks!
> >
> > Another things i try to make:
> >
> > I'd like to create shared maillbox acl by group.
> > for example
> > sam maillist group:mygroup lprs
> >
> > it doesn't work.
> >
> > I use saslauthd to authenticate my user on the server. I also
> > got group on my ldap server.
> >
> > Who can i make cyrus to check group on my ldap?
> >
> > Is it possible to make it with cyrus-saslauthd (as i'm using
> > for my user) or do i have to use pts auxprop , ldap ptloader?
> > where can i get more documentation about it? (man imapd.conf
> > is not very expressive about it)
>
> saslauthd is not involved here. For what you want there are
at least 2 ways:
> 1) You can use nss_ldap to map LDAP groups to Unix groups
which can then
> be used by a group:name ACL. Please note that you may need
some way of
> group caching for large groups, as those lookups are
expensive on the LDAP
> side. For it you could use nss_db or the patches I use
available here
>
http://www.invoca.ch/pub/packages/cyrus-imapd/scripts/groupcache/.
>
> 2) As you mentioned, pts with it's ldap support should also
work (I have
> never used it so I can't tell how exactly it works).
>
> Simon
>
Envoyez vos cartes de voeux depuis www.laposte.net
Elles seront ensuite distribuées par le facteur : pratique et malin !
More information about the Info-cyrus
mailing list