Writeup on Cyrus authentication config

Dmitriy Kirhlarov dimma at higis.ru
Fri Jun 8 13:03:31 EDT 2007

Hi, list

Torsten Schlabach wrote:
> http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusAuthentication
> and comment or correct.
> I am especially keen on that last section when it comes to LDAP.
> A lot of what I have written is a bit based on guesswork an conclusion 
> and it would be nice if someone could confirm or deny.

I'm using only saslauthd authentication. This part looks fine.
With saslauthd also possible build authorization
ldap_group_attr: uniqueMember
ldap_group_dn: cn=imap,ou=mail,o=domain
ldap_group_match_method: attr

I'm not sure about topic, but cyrus group ACL's also can be creating 
with ldap-based groups
ldap_group_base: ou=cyrus,ou=mail,o=domain
ldap_group_filter: (cn=%U)
ldap_group_scope: one
ldap_member_attribute: cn
ldap_member_base: ou=cyrus,ou=mail,o=domain
ldap_member_filter: (uniqueMember=%D)
ldap_member_method: filter

lam shared/design
group:boss lrswipktecd
group:info lrswipktecd
anyone p

But user can be membered only one group! If it's not true, ptloader 
can't authenticate user (yes. user cant bind to server) with strange 


More information about the Info-cyrus mailing list