Writeup on Cyrus authentication config
Dmitriy Kirhlarov
dimma at higis.ru
Fri Jun 8 13:03:31 EDT 2007
Hi, list
Torsten Schlabach wrote:
> http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusAuthentication
>
> and comment or correct.
>
> I am especially keen on that last section when it comes to LDAP.
>
> A lot of what I have written is a bit based on guesswork an conclusion
> and it would be nice if someone could confirm or deny.
I'm using only saslauthd authentication. This part looks fine.
With saslauthd also possible build authorization
saslauthd.conf:
...
ldap_group_attr: uniqueMember
ldap_group_dn: cn=imap,ou=mail,o=domain
ldap_group_match_method: attr
...
I'm not sure about topic, but cyrus group ACL's also can be creating
with ldap-based groups
imapd.conf:
...
ldap_group_base: ou=cyrus,ou=mail,o=domain
ldap_group_filter: (cn=%U)
ldap_group_scope: one
ldap_member_attribute: cn
ldap_member_base: ou=cyrus,ou=mail,o=domain
ldap_member_filter: (uniqueMember=%D)
ldap_member_method: filter
...
cyradm:
lam shared/design
group:boss lrswipktecd
group:info lrswipktecd
anyone p
But user can be membered only one group! If it's not true, ptloader
can't authenticate user (yes. user cant bind to server) with strange
diagnose.
WBR.
Dmitriy
More information about the Info-cyrus
mailing list