Warren Turkal wrote: > On Wednesday 30 May 2007 09:04, Toschi Pietro wrote: >> Is there somebody on this list so kind and please try to explain me what >> I'm missing? > > You're not the only one lost with all of this. I hope someone can at least > post a working configuration that shows using LDAP without saslauthd so that > I would at least know what a working config looks like. Hi, We successfully run cyrus 2.2.12 and 2.3.8 both with LDAP users authentication and authorization utilizing respectively saslauthd and ptloader with LDAP support. The documentation that comes with Cyrus IMAP contains very good explanation of the terms authentication and authorization and the different authorization mechanisms that Cyrus IMAP provides. Please take a look at cyrus-imapd-2.3.8/doc/text/overview As an example I provide a part of configuration file of our production Cyrus IMAP server with only the settings regarding ptloader LDAP user authorization module: /etc/imapd.conf ... virtdomains: yes # default value of %d for ldap_filter and ldap_base # %% = % # %u = user # %U = user portion of %u (%U = test when %u = test@xxxxxxxxxx) # %d = domain portion of %u if available (%d = domain.tld when # %u = %test@xxxxxxxxxx), # otherwise same as %r # %r = realm # %D = user dn. (use when ldap_member_method: filter) # %1-9 = domain tokens (%1 = tld, %2 = domain when %d = domain.tld) defaultdomain: systemdomain.tld ldap_uri: ldap://ldaphost ldap_version: 3 ldap_sasl: 0 ldap_bind_dn: uid=sys_user,ou=People,ou=systemdomain.tld,o=ControlPanel ldap_password: somepass ldap_base: ou=People,ou=%d,o=ControlPanel ldap_filter: uid=%U ldap_group_base: ou=Group,ou=%d,o=ControlPanel ldap_group_filter: cn=%U ldap_member_method: attribute ldap_member_attribute: bizBlueboardMemberOf unix_group_enable: no auth_mech: pts pts_module: ldap ... The attribute bizBlueboardMemberOf is defined in BlueBoard propriety LDAP objectClass. It is multi value attribute that contains the names of the groups the user is member of. We have branches of "ou" entries under "o=ControlPanel" for every virtual domain we support. o=ControlPanel ou=systemdomain.tld,o=ControlPanel ... ou=domain1.tld,o=ControlPanel ... ou=domain2.tld,o=ControlPanel ... Hope this example will help you and others to understand how LDAP ptloader works. Cheers, Milen ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
