Problem with ptloader and Novell Edirectory

Klaus Steinberger <Klaus.Steinberger@xxxxxxxxxxxxxxxxxxxxxx> · Tue, 6 May 2008 14:35:44 +0200

Hello,

I try to setup ptloader, but run into trouble with the way Novell handles 
groups.

Novell edirectory does the following:

the groupMembership Attribute inside the person object is multivalued, and 
contains the full DN's of the groups. Vice versa, the group Object contains a 
multivalued Attribut "member" containing the Full DN's of the Members.

ptloader seems to work, but returns full dn's and of course the groups are not 
working:

[root@test-imap etc]# /usr/lib/cyrus-imapd/ptdump
user: guinea.pig time: 1210077241 groups: 10
  group:cn=cipphysik,ou=berechtigungsgruppen,o=physik
  group:cn=mitarbeiter,ou=berechtigungsgruppen,o=physik
  group:cn=mll-ldap,ou=exportgruppen,o=physik
  group:cn=email,ou=berechtigungsgruppen,o=physik
  group:cn=campususer,ou=gruppen,o=physik
  group:cn=bl-group,ou=berechtigungsgruppen,o=physik
  group:cn=verwaltung,ou=berechtigungsgruppen,o=physik
  group:cn=test,ou=gruppen,ou=subversion,ou=anwendungen,o=physik
  group:cn=otrs,ou=otrs,ou=anwendungen,o=physik
  group:cn=webmaster-tssp,ou=otrs,ou=anwendungen,o=physik

Here is the relevant part of imapd.conf:

ldap_sasl: 0
ldap_base: ou=Personen,o=physik
ldap_filter: (uid=%u)
ldap_group_base: ou=Gruppen,o=physik
ldap_group_filter: (member=%D)
ldap_uri: ldap://edir11.physik.uni-muenchen.de
ldap_member_method: attribute
ldap_member_attribute: groupMemberShip
ldap_member_base: ou=Gruppen,o=physik
ldap_tls_cacert_file: /etc/pki/tls/certs/ca-bundle.crt
pts_module: ldap
ptscache_timeout: 10
ptloader_sock: /var/lib/imap/ptclient/ptsock

Any idea what I have to change in the imapd.conf to get it working?

Sincerly,
Klaus
-- 
Klaus Steinberger         Beschleunigerlaboratorium
Phone: (+49 89)289 14287  Am Coulombwall 6, D-85748 Garching, Germany
FAX:   (+49 89)289 14280  EMail: Klaus.Steinberger@xxxxxxxxxxxxxxxxxxxxxx
URL: http://www.physik.uni-muenchen.de/~Klaus.Steinberger/
Attachment:
smime.p7s

Description: S/MIME cryptographic signature
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html