Re: ldap lookup with different search_base' s? [auf Viren überprüft]
Andreas Winkelmann schrieb: Hmm, you can use ldapdb. Then you can specify multiple authz-regexp In slapd.conf. Seperate them somehow in the Matching-Pattern. That's what I would recommend too. I havn't tested this, but I think it's a try worth. It works. Slapd converts the the SASL uid for u. Create a general regexp for the user, which points to something like cn=$1,ou=users,dc=mailservices and a special regexp for uid admin (or cyrus ...), which points to cn=admin,dc=mailservices. What do I have to enter at admins in /etc/imapd.conf? Something that matches your special regexp. In my following example it is cyrus. I.e. snip authz-regexp uid=cyrus,cn=[^,]*,cn=auth dn:cn=admin,dc=mailservices authz-regexp uid=([^,]*),cn=[^,]*,cn=auth dn.regex:cn=$1,ou=users,dc=mailservices snap Ask man slap.conf for authz-policy and authz-regexp. And man slapd.access. Hans Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ldap lookup with different search_base' s? [auf Viren überprüft]
Hello, What do I have to enter at admins in /etc/imapd.conf? Something that matches your special regexp. In my following example it is cyrus. I.e. snip authz-regexp uid=cyrus,cn=[^,]*,cn=auth dn:cn=admin,dc=mailservices authz-regexp uid=([^,]*),cn=[^,]*,cn=auth dn.regex:cn=$1,ou=users,dc=mailservices snap where can I find more examples of this? My saslauthd.conf looks like this: /etc/saslauthd.conf ldap_servers: ldap://1.2.3.4/ ldap_timeout: 10 ldap_time_limit: 10 ldap_search_base: ou=users,dc=mailservices ldap_auth_method: bind ldap_filter: (cn=%u) ldap_debug: 0 ldap_verbose: off ldap_ssl: no ldap_start_tls: no ldap_referrals: no And this is my imapd.conf: /etc/imapd.conf configdirectory: /var/cyrus/config partition-default: /var/cyrus/spool admins: cyrus sievedir: /var/cyrus/config/sieve sendmail: /usr/sbin/sendmail altnamespace: true hashimapspool: true unixhierarchysep: true virtdomains: userid allowusermoves: true sasl_pwcheck_method: saslauthd servername: imap.localhost munge8bit: true username_tolower: true From what I can see, the user cyrus would never be passed to LDAP, since the saslauthd.conf defines which searchbase to use. And sasl would never simply pass cyrus but attach the hostname on an empty realm, so LDAP would get something like [EMAIL PROTECTED] Regards Marten Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html