Dear list, I use saslauthd to auth against ldap (bind auth) and I am trying to use ptloader to fetch group information from LDAP so that group based ACL's can be used for shared folders. The ldap auth works fine, but the group information gets screwed up somewhere. With tcpdump I see my directory server sending the correct group information to ptloader, but ptloader seems to interpret this information wrong. If I look with ptdump each user is listed with the correct number of groups he is member of, but the group name is wrong. Instead of the group name (cn attribute) it shows some random attribute such as another group member (a value of the memberUid attribute), or "top" ( a value of the objectclass attribute ). Sometimes, the group name is correct. I am running cyrus 2.2.13, on debian lenny amd64, compiled from the debian lenny source package to include ptloader support ( the default debian binary package does not include ptloader support ). /etc/imapd.conf: auth_mech: pts unix_group_enable: no ptloader_sock: /var/run/cyrus/socket/ptsock ldap_base: ou=people,dc=example,dc=org ldap_filter: (uid=%U) ldap_version: 3 ldap_sasl: 0 ldap_size_limit: 100 ldap_group_base: ou=groups,dc=example,dc=org ldap_group_scope: sub ldap_group_filter: cn=%u ldap_member_scope: sub ldap_member_base: ou=groups,dc=example,dc=org # ldap_member_method: attribute # ldap_member_attribute: memberUid ldap_member_method: filter ldap_member_filter: memberUid=%U ldap_uri: ldap://netinfo.example.org/ pts_module: ldap My group information is in ou=groups,dc=example,dc=org. My groups are "posixGroup" with the uid's of the members listed in the memberUid attribute, the group name is listed in the cn attribute: dn: cn=domainusers,ou=groups,dc=example,dc=org gidNumber: 513 description: Netbios Domain Users sambaSID: S-1-5-21-xxxx-xxxx-513 sambaGroupType: 2 displayName: Domain Users cn: domainusers memberUid: anja memberUid: someuid1 ... memberUid: someuid20 objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping this is a typical user entry: dn: cn=Anja Smith,ou=people,dc=example,dc=org objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: top objectClass: shadowAccount givenName: Anja sn: Smith cn: Anja Smith uid: anja uidNumber: 2018 sambaSID: S-1-5-21-xxxx sambaLMPassword: xxxx sambaNTPassword: xxxx loginShell: /bin/bash gidNumber: 513 sambaPrimaryGroupSID: S-1-5-21-xxxx homeDirectory: /home/anja sambaAcctFlags: [UX] userPassword: xxxx mail: anja@xxxxxxxxxxx mail: Anja.Smith@xxxxxxxxxxx sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 shadowMax: 99999 The man pages are somewhat sparse on details on how the parameters are interpreted and how they will get the ldap information interpreted. I tried serveral variations on the configuration file without any success. Any tips on how to fix this ? Kind regards, Jos ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
