* Clement Hermann (nodens) <nodens2099@xxxxxxxxx> [20110809 04:04]: > Le 09/08/2011 02:08, Jeroen van Meeuwen (Kolab Systems) a écrit : > > Hi there, > > > Hi, > > > I wanted to ask who is actively using ptclient/ldap, as I have some inhouse > > patch pending on the canonification using some sort of result_attribute, if > > you will. > > > > We currently have under consideration whether everything, life and the > > universe should be configurable before the patch is accepted upstream, which > > is to say (pardon my postfix lingo); > > > > - result_attribute_format, > > - leaf_result_attribute, > > > > but also; > > > > - group_filter_scope, > > - group_result_attribute > > > > Which is to say, we have a deployment extensively using 'nsroledn' -which > > functionally behaves like a 'memberOf', and the question then becomes if you > > want to use the 'cn' attribute for groups -which most often is not enforced to > > be a unique attribute value for groups, but is automatically unique is the > > search scope for groups is 'one' and the 'cn' attribute builds the 'rdn'. > > > > Long story short, I would like to know of other people who use ptclient/ldap, > > or have attempted to do so but failed, and the various use-case / deployment > > scenarios. > > We use it for shared folders / mailboxes, on a Stock debian install (so > 2.2.x), we only repackaged cyrus to include pts support. Works great so far > We use it extensively (in our current 2.3.x murder and soon in 2.4) for controlling access to shared folders. In addition we use ldap/pts as a general purpose authorization service for our Cyrus Murder installation; we've got a lot of people in our LDAP directory and Kerberos KDC, but only a subset of that population get IMAP service. We haven't had an issue with non-uniqueness of "cn" for group names as we use a dedicated search base for groups and our groups have their cn built into their dn... We have noticed some weirdness when ptloader is configured to authenticate to the LDAP server, it appears to want to do a SASL proxy authz *as* the end user. This seems unnecessarily complex and it fails in a non-graceful way in our environment, consequently we've configured ptloader to do anonymous ldap queries. Ben -- ________________________________________________________________________ PGP (318B6A97): 3F23 EBC8 B73E 92B7 0A67 705A 8219 DCF0 318B 6A97
Attachment:
signature.asc
Description: Digital signature
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
