Re: ldap lookup with different search_base's? [auf Viren überprüft]

• Previous message: MirosĊ‚aw Jaworski: "Re: Can murder be used for IMAP server migration?"
• Next in thread: Marten Lehmann: "Re: ldap lookup with different search_base's? [auf Viren überprüft]"
• Maybe reply: Marten Lehmann: "Re: ldap lookup with different search_base's? [auf Viren überprüft]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Andreas Winkelmann schrieb:

> Hmm, you can use ldapdb. Then you can specify multiple authz-regexp In
> slapd.conf. Seperate them somehow in the Matching-Pattern.
That's what I would recommend too.

> I havn't tested this, but I think it's a try worth.
It works.
Slapd converts the the SASL uid for u. Create a general regexp for the
user, which points to something like cn=$1,ou=users,dc=mailservices
and a special regexp for uid admin (or cyrus ...), which points to
cn=admin,dc=mailservices.

>> What do I have to enter at "admins" in /etc/imapd.conf?
Something that matches your special regexp. In my following example it
is cyrus.

I.e. <snip>
authz-regexp uid=cyrus,cn=[^,]*,cn=auth
         dn:cn=admin,dc=mailservices
authz-regexp uid=([^,]*),cn=[^,]*,cn=auth
         dn.regex:cn=$1,ou=users,dc=mailservices
<snap>

Ask man slap.conf for "authz-policy" and "authz-regexp". And man
slapd.access.

Hans

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

• Previous message: MirosĊ‚aw Jaworski: "Re: Can murder be used for IMAP server migration?"
• Next in thread: Marten Lehmann: "Re: ldap lookup with different search_base's? [auf Viren überprüft]"
• Maybe reply: Marten Lehmann: "Re: ldap lookup with different search_base's? [auf Viren überprüft]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]