ptloader or the not so LDAPing easy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!

I'm trying to get LDAP groups to work with cyrus. I have ptloader
running, and have configured it to use LDAP (see below).

I can

* log in using users in LDAP
* set ACLs for groups in ldap: sam some/mailbox group:someGroup lrswp

I can not
* use the access rights from a group I am a member of

It does not seem like the ptloader ever actually performs the membership
LDAP-search with the filter specified in the imapd.conf...


> /usr/lib/cyrus/bin/ptdump
user: anna time: 1187173689 groups: 0
user: cyrus time: 1187173441 groups: 0
user: group:test.groups time: 1187173666 groups: 0
user: superadmin time: 1187173666 groups: 3
  Domain Admins
  S-1-5-21-7212131113-2629212131-2252721213-3065
  S-1-5-21-7212131113-2629212131-2252721213-3067

Why does ptdump list group:test.groups as a _user_?
Why is that group not listed as a group under user anna?
Why does ptloader show the sambaSid of two of the groups superadmin is a
member of, instead of the group name?


--- from imapd.conf ---
auth_mech: pts
ptloader_sock: /var/run/cyrus/socket/ptloader
ptscache_db: skiplist
ptscache_timeout: 10800
pts_module: ldap

ldap_sasl: 0
ldap_version: 3
ldap_size_limit: 0
ldap_uri: ldap://crocodile.freecode.no/
ldap_bind_dn: cn=admin,dc=crocodile,dc=freecode,dc=no
ldap_password: no-chanse-you'll-have-a-peek-at-it

ldap_base: dc=crocodile,dc=freecode,dc=no
ldap_filter: (uid=%U)
ldap_scope: sub

ldap_group_base: dc=crocodile,dc=freecode,dc=no
ldap_group_filter: (cn=%u)
ldap_group_scope: sub

ldap_member_method: filter
ldap_member_base: dc=crocodile,dc=freecode,dc=no
ldap_member_filter: (memberuid=%U)
ldap_member_scope: sub



---LDAP content---
dn: ou=Domain Admins,ou=Groups,dc=crocodile,dc=freecode,dc=no
objectClass: posixGroup
objectClass: grimoireGroup
objectClass: sambaGroupMapping
gidNumber: 1030
cn: Domain Admins
ou: Domain Admins
owner:
uid=superadmin,ou=administrators,ou=People,dc=crocodile,dc=freecode,dc=
 no
memberUid: root
memberUid: superadmin
description: Netbios Domain Administrators
sambaSID: S-1-5-21-7212131113-2629212131-2252721213-3061
sambaGroupType: 2
displayName: Domain Admins

# testgroup, groups, crocodile.freecode.no
dn: ou=testgroup,ou=groups,dc=crocodile,dc=freecode,dc=no
objectClass: grimoireGroup
objectClass: posixGroup
objectClass: sambaGroupMapping
owner: uid=superadmin,ou=administrators,ou=People
memberUid: superadmin
ou: testgroup
cn: testgroup.groups
gidNumber: 1032
sambaGroupType: 2
sambaSID: S-1-5-21-7212131113-2629212131-2252721213-3065

# test, groups, crocodile.freecode.no
dn: ou=test,ou=groups,dc=crocodile,dc=freecode,dc=no
objectClass: grimoireGroup
objectClass: posixGroup
objectClass: sambaGroupMapping
owner: uid=superadmin,ou=administrators,ou=People
memberUid: superadmin
memberUid: anna
ou: test
cn: test.groups
gidNumber: 1033
sambaGroupType: 2
sambaSID: S-1-5-21-7212131113-2629212131-2252721213-3067
displayName: FOOBAR

Best regards,
and thanks in advance,
Egil Möller

-- 
 Konsulent, Fri Programvare / Free Software Consultant
Cell: +47 - 91 17 05 93
Phone: +47 - 21 53 69 00, Fax: +47 - 21 53 69 09
Addr: Slemdalsveien 70, PB 1 Vinderen, 0319 Oslo
<http://www.freecode.no/>

 Free beer costs nothing, freedom costs a fight.
 Free beer lasts an eavening, freedom lasts a lifetime.

Attachment: signature.asc
Description: OpenPGP digital signature

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux