thr3ads.net - dovecot - [Dovecot] ACL + shared-imap + nested AD groups [Mar 2010]

If this information is useful, please help other people find it:
Share via:

Martin Ott

2010-Mar-19 16:27 UTC

[Dovecot] ACL + shared-imap + nested AD groups

Hi,

I'm looking for a solution to use nested AD groups for authorization in
shared-imap folders(namespace public).

As a simple hack to determine the (primary) groups of a user we use the
following setup with a post-login script:

in dovecot.conf
...
protocol imap {
mail_executable = /etc/dovecot/ldap_groups.sh
...


ldap_groups.sh

ACL_GROUPS=`ldapsearch -h ldapserver -p 3268 -s sub -D "cn=ldap mail,
ou=user,
ou=global, ou=xxx, dc=xxx, dc=local" -b "ou=xxx, dc=xxx,
dc=local"
"(&(sAMAccountName=$USER))" -LLL memberOf -w password | grep
"memberOf: CN=" |
sed 's/memberOf: CN=//' | sed 's/,OU=.*//' | tr "\n"
","  | sed 's/, $//'`
export ACL_GROUPS
exec /usr/libexec/dovecot/imap $*


Does anyone know, how to simply get the groups of groups with such a
post-login script?

Thanks,
Martin

Possibly Parallel Threads

Search for more maybe matching threads

dovecot - Mar 2010 - ACL + shared-imap + nested AD groups

[Dovecot] ACL + shared-imap + nested AD groups

Possibly Parallel Threads

Wisdom of the Ancients