search for: ldap_group

...I'm looking for a solution to use nested AD groups for authorization in shared-imap folders(namespace public). As a simple hack to determine the (primary) groups of a user we use the following setup with a post-login script: in dovecot.conf ... protocol imap { mail_executable = /etc/dovecot/ldap_groups.sh ... ldap_groups.sh ACL_GROUPS=`ldapsearch -h ldapserver -p 3268 -s sub -D "cn=ldap mail, ou=user, ou=global, ou=xxx, dc=xxx, dc=local" -b "ou=xxx, dc=xxx, dc=local" "(&(sAMAccountName=$USER))" -LLL memberOf -w password | grep "memberOf: CN=" | sed...

...aram ntlm keep_alive on # NTLM basic auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --domain=MYDOMINIO auth_param ntlm children 20 auth_param basic children 20 auth_param basic realm Proxy midominio.comu auth_param basic credentialsttl 1 hours external_acl_type ldap_group children-max=20 %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl authenticate_ttl 1 hours authenticate_ip_ttl 1 hours krb5.conf [libdefaults] default_realm = MYDOMINIO.COM dns_lookup_kdc = no dns_lookup_realm = no ticket_lifetime = 24h default_keytab_name = /etc/squid3/PROXY.keytab ; for Wi...

...ervice auth { unix_listener auth-userdb { group = vmail user = vmail } } service config { unix_listener config { user = vmail } } service imap-login { process_limit = 500 process_min_avail = 2 user = vmail } service imap-postlogin { executable = script-login /etc/dovecot/ldap_groups.sh user = vmail } service imap { executable = imap imap-postlogin } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = 24 } unix_listener lmtp { mode = 0666 } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert = </etc/pki/tls...