Duncan, Duncan Gibb schrieb: > EA> pts_module: ldap > > This module is currently very difficult to configure, IMHO. That's true. :) But it's doable. > EA> ldap_member_method: attribute > > This method doesn't work they way you might expect. It finds the user > object and wants to see the names of the groups of which the user is a > member in the named attribute of the user. For example: > > dn: cn=Evgeniy Arbatov,ou=users,ou=people,dc=example,dc=com > cn: Evgeniy Arbatov > ou: admins > ou: othergroup > ou: thirdgroup > > If you want to put the names of the members into the group objects, you > probably need to use the filter method. > >> dn: cn=admins,ou=groups,ou=people,dc=example,dc=com >> uid: admins >> member: cn=Evgeniy Arbatov,ou=users,ou=people,dc=example,dc=com > > I don't believe the current implementation supports this style of group > membership (groupOfUniqueNames and similar). It's much more orientated > towards posixGroup-style groups. It does IMHO. Here it ist my config: ldap_id: xxx ldap_sasl: 1 ldap_password: xxxx ldap_uri: ldap://tfas099.foo ldap_mech: PLAIN DIGEST-MD5 CRAM-MD5 LOGIN ldap_tls_cacert_file: /opt/mail/etc/openldap/ssl/ca2006.pem ldap_tls_cert: /opt/mail/etc/openldap/ssl/cert2006.pem ldap_tls_key: /opt/mail/etc/openldap/ssl/key2006.pem ldap_base: ou=humans,ou=foo ldap_group_base: ou=gruppen,ou=humans,ou=foo ldap_group_filter: ou=%U ldap_member_attribute: member ldap_group_scope: sub ldap_member_method: attribute Marc ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
