groups, members, LDAP and ptloader

[Dmitriy Kirhlarov]

Hi, list.

1. I'm also using ldap-based groups ACL in cyrus. When I add any user to 
more them 1 group, cyrus can't autorize them. I can't find any 
documentation about this behavior. Is it normal?

2. How to configure default ldap_realm for connecting to saslauthd?
I have two domains -- 'domain.com' and 'team.domain.com' and want to 
make second my default (users must connect to server as 'user', not 
'user at team.domain.com'). Is it possible?

My imapd.conf:
...
auth_mech: pts
defaultdomain: domain.com
ldap_base: ou=users,o=domain
ldap_filter: (uid=%U)
ldap_group_base: ou=cyrus,ou=mail,o=domain
ldap_group_filter: (cn=%U)
ldap_group_scope: one
ldap_member_attribute: cn
ldap_member_base: ou=cyrus,ou=mail,o=domain
ldap_member_filter: (uniqueMember=%D)
ldap_member_method: filter
ldap_sasl: no
ldap_scope: one
ldap_start_tls: yes
ldap_tls_cacert_file: /etc/ssl/cacert.pem
ldap_uri: ldap://ldap.domain.com
pts_module: ldap
sasl_mech_list: plain login
sasl_pwcheck_method: saslauthd
servername: mail.domain.com
tls_ca_file: /etc/ssl/cacert.pem
tls_cert_file: /usr/local/etc/ssl/mail.domain.com.crt
tls_key_file: /usr/local/etc/ssl/mail.domain.com.key
unixhierarchysep: yes
virtdomains: yes

saslauthd.conf:
ldap_servers: ldap://ldap.domain.com
ldap_tls_cacert_file: /etc/ssl/cacert.pem
ldap_search_base: ou=%3,o=%2
ldap_default_realm: users.domain.com
ldap_filter: uid=%U
ldap_start_tls: yes