On 02/18/2010 09:45 AM, Oliver Eales wrote: > Isn't it possible to just give the each allowed IMAP Users a attribute > like imap=1 ?
Yes, it would. But this would also require me to use PASSWORD LOOKUP (e.g. with a filter like '(&(objectclass=person)(imap=1))'), but I do not want to use password lookups, but auth binding with a given DN, which is derived from the username. > If you really need to do it with the groups, the SUN DSSE Ldap has > features like ROLES or COSes where you can set attributes for an entry > based on a internal search. Same as above - this approach only makes sense when using password lookups. What I need is a combination of lookup and auth_bind. The lookup is needed to find a DN to authenticate as, after that I want to use this DN for LDAP based authentication... -stefan-