On Thu, 21 Apr 2005, Simon Matter wrote:
On Thu, 21 Apr 2005, Simon Matter wrote:
Hello, I already use| setaclmailbox with an Unix group as "id". But I'd like to do the same with an ldap group.
Is'it possible ? I didn't find anything on google.
You can configure /etc/nsswitch.conf to use LDAP for groups. Check with 'getent group' that your LDAP groups are visible to the system. There is one issue with this solution: If your LDAP groups are large or your LDAP is slow, all IMAP access is also slow. Using nscd doesn't work here, at least on Linux. I have therefore created a groupcache patch for cyrus which chaches the groups in a file for faster access. The patch is in my rpms and also available here: http://www.invoca.ch/pub/packages/cyrus-imapd/scripts/groupcache/
The groupcache can be updated via cyrus master with a entry like this in /etc/cyrus.conf EVENTS section:
groupcache cmd="upd_groupcache" period=5
You can also use pts/ldap for groups.
That's correct. I was assuming that he's using Unix groups and LDAP groups at the same time. For authentication this works fine with PAM, above solution does the same for groups. Is a mixed environment possible with pts/ldap?
You can use only one authorization mechanism (identifiers and groups) and you can mix this with any type of authentication setup. Authorization mechanism is selected during build/compile; you can specify authorization mech at runtime (imapd.conf ) in the cvs version of cyrus-imapd.
-- Igor
Simon
-Igor
Regards, Simon
Thanks.
Nicolas Schmitz | --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
-- Igor
-- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
