Re: ldap lookup with different search_base's? [auf Viren überprüft]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

 >> What do I have to enter at "admins" in /etc/imapd.conf?
Something that matches your special regexp. In my following example it is cyrus.

I.e. <snip>
authz-regexp uid=cyrus,cn=[^,]*,cn=auth
        dn:cn=admin,dc=mailservices
authz-regexp uid=([^,]*),cn=[^,]*,cn=auth
        dn.regex:cn=$1,ou=users,dc=mailservices
<snap>

where can I find more examples of this?

My saslauthd.conf looks like this:

/etc/saslauthd.conf
ldap_servers: ldap://1.2.3.4/
ldap_timeout: 10
ldap_time_limit: 10
ldap_search_base: ou=users,dc=mailservices
ldap_auth_method: bind
ldap_filter: (cn=%u)
ldap_debug: 0
ldap_verbose: off
ldap_ssl: no
ldap_start_tls: no
ldap_referrals: no

And this is my imapd.conf:

/etc/imapd.conf
configdirectory: /var/cyrus/config
partition-default: /var/cyrus/spool
admins: cyrus
sievedir: /var/cyrus/config/sieve
sendmail: /usr/sbin/sendmail

altnamespace: true
hashimapspool: true
unixhierarchysep: true
virtdomains: userid
allowusermoves: true

sasl_pwcheck_method: saslauthd

servername: imap.localhost

munge8bit: true
username_tolower: true

From what I can see, the user cyrus would never be passed to LDAP, since the saslauthd.conf defines which searchbase to use. And sasl would never simply pass "cyrus" but attach the hostname on an empty realm, so LDAP would get something like cyrus@xxxxxxxxxxxxxxx

Regards
Marten
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux