Sorry for the delay, I was busy with other projects. :/
On 26.04.19 10:03, ellie timoney wrote:
> Hi Sven,
>
> I don't know much about running it in a production capacity, but our
> test suite sets up the following for LDAP pts:
>
> imapd.conf:
> ...
> ptloader_sock: /path/to/some/socket
> auth_mech: pts
> pts_module: ldap
> ...
>
> cyrus.conf:
> SERVICES {
> ...
> ptloader cmd="ptloader" listen="/path/to/some/socket"
> ...
> }
>
> Does this get you going?
It starts now, and according to the log, ptloader is initialized, but it
doesn't find any LDAP groups, and I can't really figure out why – it
just silently fails to find any groups (so users can't access shared
folders), with no indication in the logs as to why, even with
debug/chatty both enabled.
Groups *do* work with pts disabled and libpam-winbind resolving them as
native groups, so they *should* be set up correctly, I think.
Relevant settings:
> # These make no difference
> #debug: 1
> #chatty: 1
>
> # Same as in sample, path correct
> #auth_mech: pts
> pts_module: ldap
> ptloader_sock: /var/run/cyrus/socket/pts
>
> # Work, verified with s_client
> ldap_uri: ldaps://graz-dc-sem.ad.tao.at/
> ldap_ca_file: /usr/local/share/ca-certificates/tao-ad-ca.crt
> ldap_verify_peer: yes
>
> ldap_version: 3
> ldap_sasl: 0
> ldap_bind_dn: CN=some_user,CN=Users,DC=ad,DC=tao,DC=at
> ldap_password: some_password
> # Seems to work up to here, wrong password results in a ptloader error
> # message. Correct password results in no output?
>
> ldap_base: CN=Users,DC=ad,DC=tao,DC=at
> ldap_group_base: CN=Users,DC=ad,DC=tao,DC=at
> ldap_member_base: CN=Users,DC=ad,DC=tao,DC=at
>
> # These SHOULD work, and do work with ldapsearch, but silently fail?
> ldap_group_filter: (&(|(cn=%u)(sAMAccountName=%u))(objectClass=group))
> ldap_member_attribute: memberUid
> ldap_user_attribute: uid
> ldap_filter: (uid=%u)
Is there another way to get ptloader to spit out debug information and
pinpoint what's not set up correctly?
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwedas@xxxxxx | ☎ +43 680 301 7167
TAO Digital | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45 | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz | https://www.tao-digital.at
Attachment:
signature.asc
Description: OpenPGP digital signature
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
