Cryus-imapd/Saslauthd/LDAP login access
Adam Tauno Williams
awilliam at whitemice.org
Wed Apr 14 13:56:48 EDT 2010
On Wed, 2010-04-14 at 13:33 -0400, Wesley Craig wrote:
> On 14 Apr 2010, at 12:42, Shelley Waltz wrote:
> > I wish a simple way to control who in the LDAP database may login
> > and autocreate a cyrus imap account. Not everyone in the LDAP
> > database,
> > just certain users. Any suggested methods?
> >
> > I have RHEL5 with
> > cyrus-imapd-2.3.7-7
> > cyrus-sasl-2.1.22-5
> > and use
> > sasl_pwcheck_method: saslauthd
> > sasl_mech_list: PLAIN LOGIN
> > and /etc/sysconfig/saslauthd
> > MECH=ldap
> Is there something in LDAP that defines who may or may not have
> access? If so, you can modify the LDAP search so only the authorized
> users are returned, e.g.:
> (&(uid=$uid)(something=imap))
Right, we use:
ldap_filter: (|(&(objectclass=morrisonuser)(morrisonactiveuser=Y)(uid=%
u))(&(objectclass=morrisonsystemaccount)(uid=%
u))(&(objectclass=simpleSecurityObject)(employeeType=virtual)(uid=%u)))
More information about the Info-cyrus
mailing list