ldap groups in acl

2009-02-03 Thread Marc Patermann 
Hi,

IMAPd 2.2.12 is connected with sasl ldapdb (ptloader) to an OpenLDAP 
(2.3.x) server.

I can set acls with existing groups. I cannot set acls with non existing 
groups. So far: IMAPd is checking for groups in LDAP just right.

localhost.ofd-h.de> sam user.foo.Junk  group:bar read
localhost.ofd-h.de> sam user.foo.Junk  group:no-bar read
setaclmailbox: group:no-bar: lrs: Invalid identifier
localhost.ofd-h.de> lam user.foo.Junk
foo lrswipcda
group:bar lrs

But is does not work any further.
Users don't see the folder in their folder list (with Thunderbird).

The LDAP-Groups are "objectClass: groupOfNames" with the DNs in the 
"member" attributes. Users' username is in "maildrop" attribute.

This is set in imapd.conf

ldap_group_base: ou=gruppen,ou=humans,ou=foo
ldap_group_filter: ou=%U
ldap_member_attribute: member
ldap_group_scope: sub
ldap_member_method: attribute


Should this work? Where to look at?


Marc

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: ldap groups in acl

2009-02-03 Thread Dmitriy Kirhlarov 
Marc Patermann wrote:
> Hi,
> 
> IMAPd 2.2.12 is connected with sasl ldapdb (ptloader) to an OpenLDAP 
> (2.3.x) server.
> 
> I can set acls with existing groups. I cannot set acls with non existing 
> groups. So far: IMAPd is checking for groups in LDAP just right.


Afair, ldap group fixed in 2.3.13 ptloader.
Try to update.

WBR.
Dmitriy

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html