Re: Problem with ptloader and Novell Edirectory

Klaus Steinberger <Klaus.Steinberger@xxxxxxxxxxxxxxxxxxxxxx> · Wed, 7 May 2008 12:23:19 +0200

Hi Wes.

> On 06 May 2008, at 15:51, Klaus Steinberger wrote:
> > I'm using  cyrus-imapd-2.3.7-1.1.el5 (Scientific Linux).
>
> That's pretty old, there have been a lot of fixes to the pt & ldap
> code in the intervening 5 or so releases.

Thanks! That solved my problem, i built the SRPM from Fedora 8 now for SL5 
(2.3.11-1). Groups are working now. I had to change the ldap_group_filter 
from my original question, so now the ldap parameters are the following:

ldap_sasl: 0
ldap_base: ou=Personen,o=physik
ldap_filter: (uid=%u)
ldap_group_base: ou=Gruppen,o=physik
ldap_group_filter: (cn=%u)
ldap_uri: ldap://edir11.physik.uni-muenchen.de
ldap_size_limit: 20
ldap_member_method: filter
ldap_member_filter: (member=%D)
ldap_member_attribute: cn
ldap_member_base: ou=Gruppen,o=physik
ldap_tls_cacert_file: /etc/pki/tls/certs/ca-bundle.crt
pts_module: ldap
ptscache_timeout: 10
ptloader_sock: /var/lib/imap/ptclient/ptsock

This should work as long as no user is member of more than 20 groups. (should 
not be the case here, some special groups are outside "ou=Gruppen,o=physik" 
and are not counted).

ptdump now shows:

[root@test-imap etc]# /usr/lib/cyrus-imapd/ptdump
user: guinea.pig time: 1210155445 groups: 1
  group:campususer
user: klaus.steinberger time: 1210155332 groups: 4
  group:pr-adm-verw
  group:cipwheel
  group:etpgrid
  group:rechner
[root@test-imap etc]# 

Setting ACL's on groups now works as expected.

Sincerly,
Klaus

-- 
Klaus Steinberger         Beschleunigerlaboratorium
Phone: (+49 89)289 14287  Am Coulombwall 6, D-85748 Garching, Germany
FAX:   (+49 89)289 14280  EMail: Klaus.Steinberger@xxxxxxxxxxxxxxxxxxxxxx
URL: http://www.physik.uni-muenchen.de/~Klaus.Steinberger/
Attachment:
smime.p7s

Description: S/MIME cryptographic signature
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html