Well, nss_ldap seams a little bit hard fo me to understand.... Is there a way to use saslauthd for authentication and pts for authorization? Or is pts can do both? Or saslauthd both? Saslauthd works fine for authentication but i can't make pts working for authorization: I still got error like : Jan 31 17:59:37 imaptest ptloader[726]: ldap_sasl_interactive_bind() failed 16 (No such attribute). Jan 31 17:59:37 imaptest imap[727]: ptload(): bad response from ptloader server: ptsmodule_connect() failed Jan 31 17:59:37 imaptest imap[727]: ptload completely failed: unable to canonify identifier: toto2 Jan 31 17:59:37 imaptest imap[727]: badlogin: [10.1.45.1] plaintext toto2 invalid user Here is my imapd.conf configdirectory: /var/imap partition-default: /var/spool/imap allowplaintext: yes admins: cyrus reject8bit: no sieveusehomedir: false sievedir: /var/imap/sieve sasl_pwcheck_method: saslauthd auth_mech: pts pts_module: ldap ldap_start_tls: 0 ldap_base: ou=users,o=myorg,dc=fr ldap_uri: ldap://ldap.mydomain.com ldap_group_base: ou=groups,o=myorg,dc=fr ldap_group_filter: (cn=%u) ldap_filter: (uid=%u) ldap_member_filter: (member=%u) ldap_member_method: filter ldap_member_attribute: cn ldap_member_scope: sub ldap_group_scope: sub ptscache_timeout: 5 ptscache_db: skiplist ldap_size_limit: 1 ldap_scope: sub ptloader_sock: /var/imap/socket/ptsock tls_cert_file: /usr/local/etc/imaptest.cer tls_key_file: /usr/local/etc/imaptest.pem tls_ca_file: /usr/local/etc/toto.ca Can someone help me? Thanks. ---------- Debut du message initial ----------- De : "Simon Matter" simon.matter@xxxxxxxxx A : "jc.duss59@xxxxxxxxxxx" jc.duss59@xxxxxxxxxxx Copies : "info-cyrus" info-cyrus@xxxxxxxxxxxxxxxxxxxx Date : Wed, 31 Jan 2007 07:34:51 +0100 (CET) Objet : RE: Cyrus Imapd shared folders question > > Ok! It's Working fine! Thanks! > > > > Another things i try to make: > > > > I'd like to create shared maillbox acl by group. > > for example > > sam maillist group:mygroup lprs > > > > it doesn't work. > > > > I use saslauthd to authenticate my user on the server. I also > > got group on my ldap server. > > > > Who can i make cyrus to check group on my ldap? > > > > Is it possible to make it with cyrus-saslauthd (as i'm using > > for my user) or do i have to use pts auxprop , ldap ptloader? > > where can i get more documentation about it? (man imapd.conf > > is not very expressive about it) > > saslauthd is not involved here. For what you want there are at least 2 ways: > 1) You can use nss_ldap to map LDAP groups to Unix groups which can then > be used by a group:name ACL. Please note that you may need some way of > group caching for large groups, as those lookups are expensive on the LDAP > side. For it you could use nss_db or the patches I use available here > http://www.invoca.ch/pub/packages/cyrus-imapd/scripts/groupcache/. > > 2) As you mentioned, pts with it's ldap support should also work (I have > never used it so I can't tell how exactly it works). > > Simon > Envoyez vos cartes de voeux depuis www.laposte.net Elles seront ensuite distribuées par le facteur : pratique et malin ! ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
