ldap groups in acl

Marc Patermann hans.moser at ofd-sth.niedersachsen.de
Tue Feb 3 10:09:47 EST 2009


Hi,

IMAPd 2.2.12 is connected with sasl ldapdb (ptloader) to an OpenLDAP 
(2.3.x) server.

I can set acls with existing groups. I cannot set acls with non existing 
groups. So far: IMAPd is checking for groups in LDAP just right.

localhost.ofd-h.de> sam user.foo.Junk  group:bar read
localhost.ofd-h.de> sam user.foo.Junk  group:no-bar read
setaclmailbox: group:no-bar: lrs: Invalid identifier
localhost.ofd-h.de> lam user.foo.Junk
foo lrswipcda
group:bar lrs

But is does not work any further.
Users don't see the folder in their folder list (with Thunderbird).

The LDAP-Groups are "objectClass: groupOfNames" with the DNs in the 
"member" attributes. Users' username is in "maildrop" attribute.

This is set in imapd.conf

ldap_group_base: ou=gruppen,ou=humans,ou=foo
ldap_group_filter: ou=%U
ldap_member_attribute: member
ldap_group_scope: sub
ldap_member_method: attribute


Should this work? Where to look at?


Marc


More information about the Info-cyrus mailing list