On 14 Apr 2010, at 12:42, Shelley Waltz wrote: > I wish a simple way to control who in the LDAP database may login > and autocreate a cyrus imap account. Not everyone in the LDAP > database, > just certain users. Any suggested methods? > > I have RHEL5 with > cyrus-imapd-2.3.7-7 > cyrus-sasl-2.1.22-5 > and use > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN LOGIN > and /etc/sysconfig/saslauthd > MECH=ldap Is there something in LDAP that defines who may or may not have access? If so, you can modify the LDAP search so only the authorized users are returned, e.g.: (&(uid=$uid)(something=imap)) Does this make sense? Or, ... taking a look at: http://idms.rutgers.edu/ldap/authn-authz.shtml it seems that the Rutgers LDAP servers have a pretty robust, per- application authorization model. :wes ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
