Hi, list Torsten Schlabach wrote: > http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusAuthentication > > and comment or correct. > > I am especially keen on that last section when it comes to LDAP. > > A lot of what I have written is a bit based on guesswork an conclusion > and it would be nice if someone could confirm or deny. I'm using only saslauthd authentication. This part looks fine. With saslauthd also possible build authorization saslauthd.conf: ... ldap_group_attr: uniqueMember ldap_group_dn: cn=imap,ou=mail,o=domain ldap_group_match_method: attr ... I'm not sure about topic, but cyrus group ACL's also can be creating with ldap-based groups imapd.conf: ... ldap_group_base: ou=cyrus,ou=mail,o=domain ldap_group_filter: (cn=%U) ldap_group_scope: one ldap_member_attribute: cn ldap_member_base: ou=cyrus,ou=mail,o=domain ldap_member_filter: (uniqueMember=%D) ldap_member_method: filter ... cyradm: lam shared/design group:boss lrswipktecd group:info lrswipktecd anyone p But user can be membered only one group! If it's not true, ptloader can't authenticate user (yes. user cant bind to server) with strange diagnose. WBR. Dmitriy ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
