On Wed, 2010-04-14 at 13:33 -0400, Wesley Craig wrote: > On 14 Apr 2010, at 12:42, Shelley Waltz wrote: > > I wish a simple way to control who in the LDAP database may login > > and autocreate a cyrus imap account. Not everyone in the LDAP > > database, > > just certain users. Any suggested methods? > > > > I have RHEL5 with > > cyrus-imapd-2.3.7-7 > > cyrus-sasl-2.1.22-5 > > and use > > sasl_pwcheck_method: saslauthd > > sasl_mech_list: PLAIN LOGIN > > and /etc/sysconfig/saslauthd > > MECH=ldap > Is there something in LDAP that defines who may or may not have > access? If so, you can modify the LDAP search so only the authorized > users are returned, e.g.: > (&(uid=$uid)(something=imap)) Right, we use: ldap_filter: (|(&(objectclass=morrisonuser)(morrisonactiveuser=Y)(uid=% u))(&(objectclass=morrisonsystemaccount)(uid=% u))(&(objectclass=simpleSecurityObject)(employeeType=virtual)(uid=%u))) ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
