groups, members, LDAP and ptloader

Dmitriy Kirhlarov dimma at
Thu Jun 7 05:21:35 EDT 2007

Hi, list.

1. I'm also using ldap-based groups ACL in cyrus. When I add any user to 
more them 1 group, cyrus can't autorize them. I can't find any 
documentation about this behavior. Is it normal?

2. How to configure default ldap_realm for connecting to saslauthd?
I have two domains -- '' and '' and want to 
make second my default (users must connect to server as 'user', not 
'user at'). Is it possible?

My imapd.conf:
auth_mech: pts
ldap_base: ou=users,o=domain
ldap_filter: (uid=%U)
ldap_group_base: ou=cyrus,ou=mail,o=domain
ldap_group_filter: (cn=%U)
ldap_group_scope: one
ldap_member_attribute: cn
ldap_member_base: ou=cyrus,ou=mail,o=domain
ldap_member_filter: (uniqueMember=%D)
ldap_member_method: filter
ldap_sasl: no
ldap_scope: one
ldap_start_tls: yes
ldap_tls_cacert_file: /etc/ssl/cacert.pem
ldap_uri: ldap://
pts_module: ldap
sasl_mech_list: plain login
sasl_pwcheck_method: saslauthd
tls_ca_file: /etc/ssl/cacert.pem
tls_cert_file: /usr/local/etc/ssl/
tls_key_file: /usr/local/etc/ssl/
unixhierarchysep: yes
virtdomains: yes

ldap_servers: ldap://
ldap_tls_cacert_file: /etc/ssl/cacert.pem
ldap_search_base: ou=%3,o=%2
ldap_filter: uid=%U
ldap_start_tls: yes

More information about the Info-cyrus mailing list