We have a cyrus server that's joined to an AD domain via winbind. Group
enumeration and expansion is enabled inside winbind, so getgrent(3)
delivers correct membership data for all groups. (Tested via getent
group as well as a small C program just to make sure.)
User A is in groups B and C;
On 27 May 2010, at 06:38, Duncan Gibb wrote:
> Yes. It would be nice when someone has time to make the configuration
> of pts_ldap more similar to other things likely to be using the same
> data (eg pam/nss/samba as well as saslauthd).
Comments on:
https://bugzilla.andrew.cmu.edu/show_bu
Hi Duncan,
> JDG> My groups are "posixGroup" with the uid's of the members listed
> JDG> in the memberUid attribute, the group name is listed in the cn
> JDG> attribute:
>
> If you add
>
> ldap_member_attribute: cn
>
> to your config, it s
ptdump each user is listed with the correct number
JDG> of groups he is member of, but the group name is wrong. Instead
JDG> of the group name (cn attribute) it shows some random attribute
JDG> such as another group member (a value of the memberUid attribute),
JDG> or "top"
ee my directory server sending the correct
group information to ptloader, but ptloader seems to interpret this
information wrong.
If I look with ptdump each user is listed with the correct number of
groups he is member of, but the group name is wrong. Instead of the
group name (cn attribute) it shows
Marc Patermann wrote:
> Hi,
>
> IMAPd 2.2.12 is connected with sasl ldapdb (ptloader) to an OpenLDAP
> (2.3.x) server.
>
> I can set acls with existing groups. I cannot set acls with non existing
> groups. So far: IMAPd is checking for groups in LDAP just right.
Afair
Hi,
IMAPd 2.2.12 is connected with sasl ldapdb (ptloader) to an OpenLDAP
(2.3.x) server.
I can set acls with existing groups. I cannot set acls with non existing
groups. So far: IMAPd is checking for groups in LDAP just right.
localhost.ofd-h.de> sam user.foo.Junk group:bar r
Stefan Pampel wrote:
> Dmitriy Kirhlarov <[EMAIL PROTECTED]> schrieb:
>> Christopher DeMarco wrote:
>>> I want to put a group: into an ACL, but I want to expand the group
>>> using LDAP rather than /etc/groups.
>>>
>>> A thread from this list cir
Dmitriy Kirhlarov <[EMAIL PROTECTED]> schrieb:
> Christopher DeMarco wrote:
>> I want to put a group: into an ACL, but I want to expand the group
>> using LDAP rather than /etc/groups.
>>
>> A thread from this list circa 2006 seems to indicate that if PAM use
Christopher DeMarco wrote:
> I want to put a group: into an ACL, but I want to expand the group
> using LDAP rather than /etc/groups.
>
> A thread from this list circa 2006 seems to indicate that if PAM uses
> LDAP (or NIS for that matter), that Cyrus will use LDAP without ev
Christopher DeMarco wrote:
> I want to put a group: into an ACL, but I want to expand the group
> using LDAP rather than /etc/groups.
>
> A thread from this list circa 2006 seems to indicate that if PAM uses
> LDAP (or NIS for that matter), that Cyrus will use LDAP without ev
I want to put a group: into an ACL, but I want to expand the group
using LDAP rather than /etc/groups.
A thread from this list circa 2006 seems to indicate that if PAM uses
LDAP (or NIS for that matter), that Cyrus will use LDAP without even
knowing it.
I'd actually prefer that Cyrus do
Hello, don't know if this is a stupid question or if it's something I can
achieve with Virtual Domains on Cyrus. I'd like to know if there is a simple
solution to my standard installation of Cyrus.
Using ACLs I can have IMAP users see a "user" folder containing shared
mailboxes.
Now, I have to c
Hi, list.
1. I'm also using ldap-based groups ACL in cyrus. When I add any user to
more them 1 group, cyrus can't autorize them. I can't find any
documentation about this behavior. Is it normal?
2. How to configure default ldap_realm for connecting to saslauthd?
I h
Messaggio originale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] conto di
> Milen Dimov
> Inviato: mercoledì 30 maggio 2007 22.31
> A: info-cyrus@lists.andrew.cmu.edu
> Oggetto: Re: groups, members, LDAP and ptloader
>
>
> Warren Turkal wrote:
> > On W
En/na Warren Turkal ha escrit:
On Wednesday 30 May 2007 14:30, Milen Dimov wrote:
We successfully run cyrus 2.2.12 and 2.3.8 both with LDAP users
authentication and authorization utilizing respectively saslauthd and
ptloader with LDAP support.
I was under the impression that you could avoid sa
Warren Turkal wrote:
> On Wednesday 30 May 2007 14:30, Milen Dimov wrote:
>> We successfully run cyrus 2.2.12 and 2.3.8 both with LDAP users
>> authentication and authorization utilizing respectively saslauthd and
>> ptloader with LDAP support.
>
> I was under the impression that you could avoid s
On Wednesday 30 May 2007 14:30, Milen Dimov wrote:
> We successfully run cyrus 2.2.12 and 2.3.8 both with LDAP users
> authentication and authorization utilizing respectively saslauthd and
> ptloader with LDAP support.
I was under the impression that you could avoid saslauthd for authentication.
ControlPanel
ldap_group_filter: cn=%U
ldap_member_method: attribute
ldap_member_attribute: bizBlueboardMemberOf
unix_group_enable: no
auth_mech: pts
pts_module: ldap
...
The attribute bizBlueboardMemberOf is defined in BlueBoard propriety
LDAP objectClass. It is multi value attribute that contains the names of
On Wednesday 30 May 2007 09:04, Toschi Pietro wrote:
> Is there somebody on this list so kind and please try to explain me what
> I'm missing?
You're not the only one lost with all of this. I hope someone can at least
post a working configuration that shows using LDAP without saslauthd so that
Hi all
I find very difficult to understand relationships between groups, members, LDAP
and ptloader.
I have a cyrus 2.2.12 successfully authenticating users with saslauthd and my
user DB is openLDAP
I would like to upgrade to 2.3.8. It's now some days that I try to investigate
the differ
c:304
Ben
The last commit has an issue.
Please try this patch and report back:
--- ldap.c.orig 2006-08-09 14:42:05.023665000 -0400
+++ ldap.c 2006-08-09 14:42:41.274455000 -0400
@@ -1065,11 +1065,11 @@
continue;
strcpy((*newstate)->groups[i].id, "
in main (argc=6099056, argv=0x7fff9e959258,
> > envp=0x7fff9e959268) at service-thread.c:304
> >
> >Ben
> >
>
> The last commit has an issue.
>
> Please try this patch and report back:
>
> --- ldap.c.orig 2006-08-09 14:42:05.023665000 -0400
> +++ ldap
2006-08-09 14:42:05.023665000 -0400
+++ ldap.c 2006-08-09 14:42:41.274455000 -0400
@@ -1065,11 +1065,11 @@
continue;
strcpy((*newstate)->groups[i].id, "group:");
+
int j;
- strcpy((*newstate)->groups[i].id, "group:&
c.orig 2006-08-09 14:42:05.023665000 -0400
+++ ldap.c 2006-08-09 14:42:41.274455000 -0400
@@ -1065,11 +1065,11 @@
continue;
strcpy((*newstate)->groups[i].id, "group:");
+
int j;
- strcpy((*newstate)->groups[i].id, &qu
* Ben Poliakoff <[EMAIL PROTECTED]> [20060809 09:53]:
> * Igor Brezac <[EMAIL PROTECTED]> [20060809 07:39]:
> >
> >
> > On Tue, 8 Aug 2006, Ben Poliakoff wrote:
> >
> > >ptloader is segfaulting on multiple servers in my test environment when
> > >the user that is connecting for IMAP service is f
* Igor Brezac <[EMAIL PROTECTED]> [20060809 07:39]:
>
>
> On Tue, 8 Aug 2006, Ben Poliakoff wrote:
>
> >ptloader is segfaulting on multiple servers in my test environment when
> >the user that is connecting for IMAP service is found in more than one
> >group.
> >
> >I have a core file, but it do
imapd.conf:
auth_mech: pts
pts_module: ldap
ldap_filter: (uid=%U)
ldap_start_tls: 0
ldap_base: dc=example,dc=com
ldap_sasl: 0
ldap_uri: ldap://ldap.example.com
# max number of records to return
ldap_size_limit: 100
# begin LDAP group configs
# find groups
ldap_
r: (uid=%U)
ldap_start_tls: 0
ldap_base: dc=example,dc=com
ldap_sasl: 0
ldap_uri: ldap://ldap.example.com
# max number of records to return
ldap_size_limit: 100
# begin LDAP group configs
# find groups
ldap_group_base: ou=group,dc=example,dc=com
ldap_group_filt
Hello everyone. This is my first post in this list.
I am running Debian Sid with Cyrus IMAP 2.2.13. Previously I was using
Debian Sarge with Cyrus IMAP 2.1 and I was using UNIX groups to set up
ACL in the form of:
cyradm> sam user.customers group:reservations lrs
Time ago I was told that it
Hello everyone. This is my first post in this list.
I am running Debian Sid with Cyrus IMAP 2.2.13. Previously I was using
Debian Sarge with Cyrus IMAP 2.1 and I was using UNIX groups to set up
ACL in the form of:
cyradm> sam user.customers group:reservations lrs
Time ago I was told that it
IL PROTECTED]
Envoyé : vendredi 2 juin 2006 16:54
À : Brasseur Valéry
Cc : info-cyrus@lists.andrew.cmu.edu
Objet : Re: cyrus ACL and groups ...
Are your users stored in a LDAP server as well?
If so, then you can have Cyrus speak LDAP and get the info. Plus it
can do caching (ptscache_timeout)
In Cyrus
That nearly what i am looking for !!!
Where is the doc for pts ? and the LDAP part ?
Thanks
-Message d'origine-
De : Patrick Radtke [mailto:[EMAIL PROTECTED]
Envoyé : vendredi 2 juin 2006 16:54
À : Brasseur Valéry
Cc : info-cyrus@lists.andrew.cmu.edu
Objet : Re: cyrus ACL and g
_sock: /var/cyrus/socket/ptsock
look for ldap_* options in `man imapd.conf`
-Patrick
On Jun 2, 2006, at 4:31 AM, Brasseur Valéry wrote:
I have seen in the code that when you want to use groups in ACL for
cyrus, the group is a UNIX one ... (calling setgrent, getpwnam ... )
Is there a a way to use
On Fri, Jun 02, 2006 at 03:42:14PM +0200, Simon Matter wrote:
> > On Fri, Jun 02, 2006 at 10:31:46AM +0200, Brasseur Valéry wrote:
> >> I have seen in the code that when you want to use groups in ACL for
> >> cyrus,
> >> the group is a UNIX one ... (calling setgren
> On Fri, Jun 02, 2006 at 10:31:46AM +0200, Brasseur Valéry wrote:
>> I have seen in the code that when you want to use groups in ACL for
>> cyrus,
>> the group is a UNIX one ... (calling setgrent, getpwnam ... )
>> Is there a a way to use LDAP groups instead ...
&g
On Fri, Jun 02, 2006 at 10:31:46AM +0200, Brasseur Valéry wrote:
> I have seen in the code that when you want to use groups in ACL for cyrus,
> the group is a UNIX one ... (calling setgrent, getpwnam ... )
> Is there a a way to use LDAP groups instead ...
If you use nss_ldap, then cyru
I have seen in the code that when you want to use groups in ACL for cyrus, the
group is a UNIX one ... (calling setgrent, getpwnam ... )
Is there a a way to use LDAP groups instead ...
Thanks
Valery
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http
Hi!
My Cyrus users are in LDAP - via sasl ldapdb.
Does this work with LDAP-groups too?
Do I have to configure something else?
Hans
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing
ated files are here:
http://www.invoca.ch/pub/packages/cyrus-imapd/scripts/groupcache/
The source rpm is here as usual:
http://www.invoca.ch/pub/packages/cyrus-imapd/
Below is a cut'n'paste from the README file. Feedback as always welcome.
Regards,
Simon
>From the README:
If you hav
I have several mailboxes which are read-only accessible to a sizable but
finite group. One such mailbox is a repository for faculty news and I need
to maintain over 300 individual ACLs with "lrs" permissions. If this were a
static situation, it wouldn't be an issue, but membership is dynamic (ad
On Tue, 25 May 2004, Sven Schiwek wrote:
> Hi,
>
> I installed cyrus-imapd 2.2.3 and imported my old mails. The Shared-
> folder have group ACLs like group:sysop. I changed my authentification
> from PAM to SASL with saslauthd.
> The system is working fine, but if I want to change a group ACL cyr
Sorry for the certificate... :(
Sven Schiwek
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Hi,
I installed cyrus-imapd 2.2.3 and imported my old mails. The Shared-
folder have group ACLs like group:sysop. I changed my authentification
from PAM to SASL with saslauthd.
The system is working fine, but if I want to change a group ACL cyradm
says:
8<
> dam admins group:sysop
deleteacl
Hi,
When I create groups in my /etc/group file to use with cyrus, I'd like to have
them there in format [EMAIL PROTECTED]:*:gid:users which I think make sense.
It works just fine except fot the default domain. With the default domain
groups work only in format groupname:*:gid:users
When I
On Sun, 13 Jul 2003, Marcelino Vallejo wrote:
> I've found that installing libnss-mysql I could gave ACLs to non UNIX
> groups. Those groups are declared in MySql tables.
> One step forward.
Doing this can be really expensive on your MySQL server, since every call
to auth_newst
I've found that installing libnss-mysql I could gave ACLs to non UNIX
groups. Those groups are declared in MySql tables.
One step forward.
Marcelino Vallejo wrote:
Hi.
We are trying to not to use UNIX users at all, authenticating through
pam and taking all groups members from NT Domain th
tried just using pam_smb?
Then saslauthd -a pam?
James.
On Friday 11 July 2003 12:48 pm, Marcelino Vallejo wrote:
Hi.
We are trying to not to use UNIX users at all, authenticating through pam
and taking all groups members from NT Domain through winbind daemon, in
order to set ACLs. Have
Have you tried just using pam_smb?
Then saslauthd -a pam?
James.
On Friday 11 July 2003 12:48 pm, Marcelino Vallejo wrote:
> Hi.
> We are trying to not to use UNIX users at all, authenticating through pam
> and taking all groups members from NT Domain through winbind daemon, in
>
Hi.
We are trying to not to use UNIX users at all, authenticating through
pam and taking all groups members from NT Domain through winbind daemon,
in order to set ACLs.
Have anyone experimented with this?
We have gave ACL to an NT group in the form of: group: NTDOMAIN+ntuser.
Imapd has
Of course, if I understood well how it works! :)
>
I mean not the group the cyrus master server is running under, but groups which
I want to use to set ACL permissions on mailboxes, like "sam
user/[EMAIL PROTECTED] group:mygroup read"
So my question is: where I should define th
asked that question but still didn't get an answer:
I'm using 'saslauthd -a pam' for IMAP authentication (pam_pgsql actually) and
compiled cyrus-imapd22 --with-auth=unix
Should I still use /etc/groups for users group membership (to set access
mailbox permissions) or maybe ther
I asked that question but still didn't get an answer:
I'm using 'saslauthd -a pam' for IMAP authentication (pam_pgsql actually) and
compiled cyrus-imapd22 --with-auth=unix
Should I still use /etc/groups for users group membership (to set access
mailbox permissions) or may
I'm using 'saslauthd -a pam' for IMAP authentication (pam_pgsql actually) and
compiled cyrus-imapd22 --with-auth=unix
Should I still use /etc/groups for group membership?
Best regards,
Dmitry
- Original Message -
From: "Mika Iisakkila" <[EMAIL PROTECTED]>
To: "Ian McDonald" <[EMAIL PROTECTED]>
Cc: "Simon Matter" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Thursday, November 21, 2002 4:24 PM
Subject: Re: Please, wh
On Thu, 21 Nov 2002, Mika Iisakkila wrote:
> Theoretically this could use nss_ldap to get groups from LDAP,
> but more probably you'll get the infamous death by signal 11
> due to SASL library version clashes...
>
> It wouldn't probably be very hard to write a patc
Ian McDonald wrote:
Please, what are the groups, if not using Unix auth?
AFAIK you'd have to use Kerberos. If you have --with-auth=unix, the
group lookups go to the normal getpwnam()/getgrnam() functions, which
finally consult anything your name service switch is configured
Please, what are the groups, if not using Unix auth?
Thanks,
Ian
- Original Message -
From: "Simon Matter" <[EMAIL PROTECTED]>
To: "Ian McDonald" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, November 12, 2002 7:21 AM
Subject: Re: mech=
-> LDAP. Now, IIRC one can grant
permissions based on groups through ACLs, what are the group used in
this situation. Well, in my case I could have been using posix groups in
the LDAP tree but I'm curious whether this would work?
Simon
>
> My imapd.conf file is:
>
> configdirect
Hi,
If I store my passwords (and hence list of users) in sasldb2, what stores my
list of group names, and which users are in each group?
My imapd.conf file is:
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root
allowanonymouslogin: no
defaultacl: anyone lrs
autocrea
Ok, I'm attaching the patch. This is for 1.6.24,
and there are some things that could use some
work. Right now, all the LDAP stuff is set with
defines (this was done for a specific case, so
that was fine at the time). This was pretty much
directly taken from the auth_unix.c groups setup
If you want groups that the imap server will use for authorization
purposes, there's no support on this from the Cyrus IMAP side. (See my
previous message about authorization backends.) You'd have to look at
writing a new auth_ldap.c in the lib directory. (See auth_unix, for
ntication.
> Authentication is made via PAM and the pam_ldap-module.
> Now I want to store the groups in LDAP too. What do I have to
> do for this?
> I have read that nss_ldap is used for this, but I don't know
> how to configure it.
>
> Thanks
>
> Martin Stockhammer
>
> -
Hi,
> I use cyrus imap 1.6.24 with OpenLDAP for authentication.
> Authentication is made via PAM and the pam_ldap-module.
> Now I want to store the groups in LDAP too. What do I have to
> do for this?
Go to www.padl.com and get the migration tools. These will help you
generate grou
Hello,
I use cyrus imap 1.6.24 with OpenLDAP for authentication.
Authentication is made via PAM and the pam_ldap-module.
Now I want to store the groups in LDAP too. What do I have to
do for this?
I have read that nss_ldap is used for this, but I don't know
how to configure it.
Thanks
M
65 matches
Mail list logo
