> Hi Petr,
>
> Depending on your LDAP backend, you can use LDAP ACLs, a single actual
> domain config block, and use BindAsCurrentUser to isolate users to what
> they can see in LDAP only (usually their own domain).
>
> The option was implemented for exactly that scenario :)
> However - I have no idea how it interacts with the Openchange parts. If
> you're not using that or feel like beta testing them with this option
> (as a SOGo2 user you're already beta testing anyway), no problem :)
>
Ok, ive set it up using BindAsCurrentUser and it's working fine.
If anyone's doing the same here is the LDAP ACL:
access to dn.base="ou=emails,dc=webgate,dc=net,dc=au"
by * read
access to dn.regex="^uid=[^,]+@([^,]+),ou=emails,dc=webgate,dc=net,dc=au$"
by dn.regex="^uid=[^,]+@$1,ou=emails,dc=webgate,dc=net,dc=au$" read
by * break
Adjust to your needs as you wish.
Im going to tackle openchange stuff another day and report back.
Thanks!
Petr
--
users@sogo.nu
https://inverse.ca/sogo/lists
