Scott, I was just browsing my LDAP schema. Where should if find authorizedService?
--Ez On Mon, 2005-04-04 at 09:33, Scott Balmos wrote: > Use pam_ldap in conjunction with the pam_check_service_attr option in > its config file. Then add authorizedService attributes for every PAM > service you want. Cyrus can get especially fine-grained, because it has > four separate PAM services (one each for POP3, IMAP, NNTP, and Sieve). > See below for a section of my account LDIF. Note that SASL does not > append "d" to its service entries, like you think it would. That screwed > me over the first time I tried to get this setup going. > > authorizedService: sshd > authorizedService: ftpd > authorizedService: imap > authorizedService: pop > authorizedService: nntp > authorizedService: smtp > authorizedService: sieve > > --Scott > > Ezsra McDonald wrote: > > >My current system is SuSe 8.1. This version of saslauthd was not > >compiled with LDAP support. It currently hands off authentication to > >pam_ldap. I have looked for the cyrus_sasl src RPM for the version I am > >running. I would rebuild it but apparently it is not available. It looks > >like I will have to hack a later RPM and see if I can get it to work on > >SuSe 8.1. > > > >Does anyone know how to give pam_ldap a filter to use? That would be my > >quickest fix. I will be investigating that now. > > > >--Ez > > > >On Sun, 2005-04-03 at 14:07, Ondřej Surý wrote: > > > > > >>It's not task for IMAP server, but for SASL auth daemon. You have to > >>construct LDAP query in sasl so it allow only users which have mail to > >>login. Either create some special flag in LDAP. > >> > >>F.E.: "ldap_filter: (&(uid=%u)(allowCyrusLogin=true))" or something > >>similar. > >> > >>Ondrej > >> > >>On Fri, 2005-04-01 at 13:02 -0800, Ezsra McDonald wrote: > >> > >> > >> > >>>Is there a setting to tell IMAP not to allow > >>>authenticated users who don't have cyrus accounts? > >>> > >>> > > -- Ezsra McDonald ...................................................................... Linux is like a wigwam -- no Gates, no Windows, and an Apache inside. CONFIDENTIALITY NOTICE: This E-mail and any attachments are confidential. If you are not the intended recipient, you do not have permission to disclose, copy, distribute, or open any attachments. If you have received this E-mail in error, please notify us immediately by returning it to the sender and delete this copy from your system. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
