Re: Problem with ptloader and Novell Edirectory

From: Klaus Steinberger (no email)
Date: Wed May 07 2008 - 06:23:19 EDT

Next message: Janne Peltonen: "Sync fails: bad protocol?"

Previous message: Wesley Craig: "Re: Problem with ptloader and Novell Edirectory"
Maybe in reply to: Klaus Steinberger: "Problem with ptloader and Novell Edirectory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Wes.

> On 06 May 2008, at 15:51, Klaus Steinberger wrote:
> > I'm using cyrus-imapd-2.3.7-1.1.el5 (Scientific Linux).
>
> That's pretty old, there have been a lot of fixes to the pt & ldap
> code in the intervening 5 or so releases.

Thanks! That solved my problem, i built the SRPM from Fedora 8 now for SL5
(2.3.11-1). Groups are working now. I had to change the ldap_group_filter
from my original question, so now the ldap parameters are the following:

ldap_sasl: 0
ldap_base: ou=Personen,o=physik
ldap_filter: (uid=%u)
ldap_group_base: ou=Gruppen,o=physik
ldap_group_filter: (cn=%u)
ldap_uri: ldap://edir11.physik.uni-muenchen.de
ldap_size_limit: 20
ldap_member_method: filter
ldap_member_filter: (member=%D)
ldap_member_attribute: cn
ldap_member_base: ou=Gruppen,o=physik
ldap_tls_cacert_file: /etc/pki/tls/certs/ca-bundle.crt
pts_module: ldap
ptscache_timeout: 10
ptloader_sock: /var/lib/imap/ptclient/ptsock

This should work as long as no user is member of more than 20 groups. (should
not be the case here, some special groups are outside "ou=Gruppen,o=physik"
and are not counted).

ptdump now shows:

[root at test-imap etc]# /usr/lib/cyrus-imapd/ptdump
user: guinea.pig time: 1210155445 groups: 1
  group:campususer
user: klaus.steinberger time: 1210155332 groups: 4
  group:pr-adm-verw
  group:cipwheel
  group:etpgrid
  group:rechner
[root at test-imap etc]#

Setting ACL's on groups now works as expected.

Sincerly,
Klaus

-- 
Klaus Steinberger         Beschleunigerlaboratorium
Phone: (+49 89)289 14287  Am Coulombwall 6, D-85748 Garching, Germany
FAX:   (+49 89)289 14280  EMail: 
URL: http://www.physik.uni-muenchen.de/~Klaus.Steinberger/

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

application/pkcs7-signature attachment: smime.p7s

Next message: Janne Peltonen: "Sync fails: bad protocol?"

Previous message: Wesley Craig: "Re: Problem with ptloader and Novell Edirectory"
Maybe in reply to: Klaus Steinberger: "Problem with ptloader and Novell Edirectory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs