On 02/18/2010 09:45 AM, Oliver Eales wrote:
Isn't it possible to just give the each allowed IMAP Users a attribute like imap=1 ?
Yes, it would. But this would also require me to use PASSWORD LOOKUP (e.g. with a filter like '(&(objectclass=person)(imap=1))'), but I do not want to use password lookups, but auth binding with a given DN, which is derived from the username.
If you really need to do it with the groups, the SUN DSSE Ldap has features like ROLES or COSes where you can set attributes for an entry based on a internal search.
Same as above - this approach only makes sense when using password lookups.
What I need is a combination of lookup and auth_bind. The lookup is needed to find a DN to authenticate as, after that I want to use this DN for LDAP based authentication...
-stefan-