[Dovecot] LDAP acl_groups - can multivalue LDAP be used
Hi,
Is there some kind of way to get acl_groups out of LDAP without having to maintain an entry with a list of groups 'a,b,c' and so on?
Our groups have a list of 'member' attributes with CNs pointing at users. Ideally there would be a way to look this up directly.
Alternately I could perhaps use an OpenLDAP overlay to show 'group' attributes for each user's ldap entry. I would then like to be able to tell it to get all 'group' attributes and comma-separate them.
The best option I've seen so far is something like http://www.dovecot.org/list/dovecot/2010-March/047731.html which seems to involve a completely separate LDAP session from a login script.
Thanks in advance for any help,
Ian
On Sat, 2010-10-30 at 00:57 +0100, ian+dovecot@comtek.co.uk wrote:
Is there some kind of way to get acl_groups out of LDAP without having to maintain an entry with a list of groups 'a,b,c' and so on?
Nope.
Alternately I could perhaps use an OpenLDAP overlay to show 'group' attributes for each user's ldap entry. I would then like to be able to tell it to get all 'group' attributes and comma-separate them.
That would be nice, yes. Added to TODO for the LDAP configuration rewrite (v2.1 maybe).
participants (2)
-
ian+dovecot@comtek.co.uk
-
Timo Sirainen