ian+dovecot@comtek.co.uk
2010-Oct-29 23:57 UTC
[Dovecot] LDAP acl_groups - can multivalue LDAP be used
Hi, Is there some kind of way to get acl_groups out of LDAP without having to maintain an entry with a list of groups 'a,b,c' and so on? Our groups have a list of 'member' attributes with CNs pointing at users. Ideally there would be a way to look this up directly. Alternately I could perhaps use an OpenLDAP overlay to show 'group' attributes for each user's ldap entry. I would then like to be able to tell it to get all 'group' attributes and comma-separate them. The best option I've seen so far is something like http://www.dovecot.org/list/dovecot/2010-March/047731.html which seems to involve a completely separate LDAP session from a login script. Thanks in advance for any help, Ian
Timo Sirainen
2010-Nov-02 15:17 UTC
[Dovecot] LDAP acl_groups - can multivalue LDAP be used
On Sat, 2010-10-30 at 00:57 +0100, ian+dovecot at comtek.co.uk wrote:> Is there some kind of way to get acl_groups out of LDAP without having > to maintain an entry with a list of groups 'a,b,c' and so on?Nope.> Alternately I could perhaps use an OpenLDAP overlay to show 'group' > attributes for each user's ldap entry. I would then like to be able to > tell it to get all 'group' attributes and comma-separate them.That would be nice, yes. Added to TODO for the LDAP configuration rewrite (v2.1 maybe).