Problem with ptloader and Novell Edirectory

Klaus Steinberger Klaus.Steinberger at physik.uni-muenchen.de
Tue May 6 08:35:44 EDT 2008 

Hello,

I try to setup ptloader, but run into trouble with the way Novell handles 
groups.

Novell edirectory does the following:

the groupMembership Attribute inside the person object is multivalued, and 
contains the full DN's of the groups. Vice versa, the group Object contains a 
multivalued Attribut "member" containing the Full DN's of the Members.

ptloader seems to work, but returns full dn's and of course the groups are not 
working:

[root at test-imap etc]# /usr/lib/cyrus-imapd/ptdump
user: guinea.pig time: 1210077241 groups: 10
  group:cn=cipphysik,ou=berechtigungsgruppen,o=physik
  group:cn=mitarbeiter,ou=berechtigungsgruppen,o=physik
  group:cn=mll-ldap,ou=exportgruppen,o=physik
  group:cn=email,ou=berechtigungsgruppen,o=physik
  group:cn=campususer,ou=gruppen,o=physik
  group:cn=bl-group,ou=berechtigungsgruppen,o=physik
  group:cn=verwaltung,ou=berechtigungsgruppen,o=physik
  group:cn=test,ou=gruppen,ou=subversion,ou=anwendungen,o=physik
  group:cn=otrs,ou=otrs,ou=anwendungen,o=physik
  group:cn=webmaster-tssp,ou=otrs,ou=anwendungen,o=physik

Here is the relevant part of imapd.conf:

ldap_sasl: 0
ldap_base: ou=Personen,o=physik
ldap_filter: (uid=%u)
ldap_group_base: ou=Gruppen,o=physik
ldap_group_filter: (member=%D)
ldap_uri: ldap://edir11.physik.uni-muenchen.de
ldap_member_method: attribute
ldap_member_attribute: groupMemberShip
ldap_member_base: ou=Gruppen,o=physik
ldap_tls_cacert_file: /etc/pki/tls/certs/ca-bundle.crt
pts_module: ldap
ptscache_timeout: 10
ptloader_sock: /var/lib/imap/ptclient/ptsock

Any idea what I have to change in the imapd.conf to get it working?

Sincerly,
Klaus
-- 
Klaus Steinberger         Beschleunigerlaboratorium
Phone: (+49 89)289 14287  Am Coulombwall 6, D-85748 Garching, Germany
FAX:   (+49 89)289 14280  EMail: Klaus.Steinberger at Physik.Uni-Muenchen.DE
URL: http://www.physik.uni-muenchen.de/~Klaus.Steinberger/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2002 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080506/1e02dc5d/attachment.bin

More information about the Info-cyrus mailing list