ldap groups in acl
Marc Patermann
hans.moser at ofd-sth.niedersachsen.de
Tue Feb 3 10:09:47 EST 2009
Hi,
IMAPd 2.2.12 is connected with sasl ldapdb (ptloader) to an OpenLDAP
(2.3.x) server.
I can set acls with existing groups. I cannot set acls with non existing
groups. So far: IMAPd is checking for groups in LDAP just right.
localhost.ofd-h.de> sam user.foo.Junk group:bar read
localhost.ofd-h.de> sam user.foo.Junk group:no-bar read
setaclmailbox: group:no-bar: lrs: Invalid identifier
localhost.ofd-h.de> lam user.foo.Junk
foo lrswipcda
group:bar lrs
But is does not work any further.
Users don't see the folder in their folder list (with Thunderbird).
The LDAP-Groups are "objectClass: groupOfNames" with the DNs in the
"member" attributes. Users' username is in "maildrop" attribute.
This is set in imapd.conf
ldap_group_base: ou=gruppen,ou=humans,ou=foo
ldap_group_filter: ou=%U
ldap_member_attribute: member
ldap_group_scope: sub
ldap_member_method: attribute
Should this work? Where to look at?
Marc
More information about the Info-cyrus
mailing list