> Hi Petr, > > Depending on your LDAP backend, you can use LDAP ACLs, a single actual > domain config block, and use BindAsCurrentUser to isolate users to what > they can see in LDAP only (usually their own domain). > > The option was implemented for exactly that scenario :) > However - I have no idea how it interacts with the Openchange parts. If > you're not using that or feel like beta testing them with this option > (as a SOGo2 user you're already beta testing anyway), no problem :) >
Ok, ive set it up using BindAsCurrentUser and it's working fine. If anyone's doing the same here is the LDAP ACL: access to dn.base="ou=emails,dc=webgate,dc=net,dc=au" by * read access to dn.regex="^uid=[^,]+@([^,]+),ou=emails,dc=webgate,dc=net,dc=au$" by dn.regex="^uid=[^,]+@$1,ou=emails,dc=webgate,dc=net,dc=au$" read by * break Adjust to your needs as you wish. Im going to tackle openchange stuff another day and report back. Thanks! Petr -- users@sogo.nu https://inverse.ca/sogo/lists