[Dovecot] ACL + shared-imap + nested AD groups
Martin Ott
martin.ott at itk-engineering.de
Fri Mar 19 18:27:02 EET 2010
Hi,
I'm looking for a solution to use nested AD groups for authorization in
shared-imap folders(namespace public).
As a simple hack to determine the (primary) groups of a user we use the
following setup with a post-login script:
in dovecot.conf
...
protocol imap {
mail_executable = /etc/dovecot/ldap_groups.sh
...
ldap_groups.sh
ACL_GROUPS=`ldapsearch -h ldapserver -p 3268 -s sub -D "cn=ldap mail, ou=user,
ou=global, ou=xxx, dc=xxx, dc=local" -b "ou=xxx, dc=xxx, dc=local"
"(&(sAMAccountName=$USER))" -LLL memberOf -w password | grep "memberOf: CN=" |
sed 's/memberOf: CN=//' | sed 's/,OU=.*//' | tr "\n" "," | sed 's/, $//'`
export ACL_GROUPS
exec /usr/libexec/dovecot/imap $*
Does anyone know, how to simply get the groups of groups with such a
post-login script?
Thanks,
Martin
More information about the dovecot
mailing list