[Dovecot] Secondary groups from ldap

Timo Sirainen tss at iki.fi
Thu Sep 17 04:16:09 EEST 2009


On Sep 16, 2009, at 5:18 AM, Ian Levesque wrote:

> I'm trying to configure my user_attrs using LDAP as the userdb so  
> that dovecot knows what secondary groups a user is a member of. The  
> LDAP backend is an Open Directory implementation, which stores  
> secondary group affiliations as memberUid attributes in  
> cn=groupname,cn=groups,dc=dns,dc=name,dc=server.

Do you mean memberGid? Also is it only secondary groups, the primary  
group is somewhere else?

> With ldapsearch, my query would be:
>
> ldapsearch -x -b cn=groups,dc=dns,dc=name,dc=server  
> "(memberUid=ian)" cn
>
> Is this possible to configure in Dovecot?


Hmm. Looking at the code if you do:

user_attrs = memberGid=gid

then it should set "gid=123,345,456" field. You could verify that this  
gets returned by setting auth_debug=yes. But .. I can't really see  
where that code would actually be used, since it looks like only the  
first GID is actually used. Try anyway how far you can get. :)



More information about the dovecot mailing list