[prev in list] [next in list] [prev in thread] [next in thread]
List: kolab-devel
Subject: Re: [Kolab-devel] Cyrus IMAP groups patch
From: "Jeroen van Meeuwen (Kolab Systems)" <vanmeeuwen () kolabsys ! com>
Date: 2010-08-27 14:56:43
Message-ID: 201008271556.45507.vanmeeuwen () kolabsys ! com
[Download RAW message or body]
Mathieu Parent wrote:
> On Thu, Aug 26, 2010 at 5:22 PM, Gunnar Wrobel <wrobel@kolabsys.com> wrote:
> > Back to the native ports: My impression would be that it is okay to
> > follow Jeroens suggestion. At least as long as the groups always have
> > an ID in mail format. Which they do at the moment. So chances to mix
> > this up with system accounts are low. Do people agree? Thomas,
> > Mathieu, do you think this is okay?
>
> This is okay for the most common cases but you will need to apend
> "@example.org". How will cross-domain ACL works then? Also some
> implementations have uid!=mail, the GOsa one come to mind.
And 99.999% of all organisations using LDAP for that matter. It's actually
"most, if not all, LDAP implementation have uid != mail".
> Another
> solution is to change libnss-ldap.conf with attributes mapping to have
> uid=mail. The UNIX tools would work but this is little surprising to
> do:
>
> chown mathieu@example.org:mygroup@example.com /tmp/file
>
Actually the mathieu@example.org username user here is not impacted.
mygroup@example.com is a fully qualified group name, you could just use
mygroup if you set up the group cn properly. Of course one or the other has a
trade-off, especially if the same root object is used for all domains in a
single ldap environment, and environment (or "global") configuration is only
available within such root object... Anyways, moving too far away, OT for OP.
> While searching some info I got "ptloader". This is the authorization
> module for cyrus (SASL is the authentication one).
>
Yet another mechanism ;-) So, do we agree the patch in OP can go in the near
to foreseeable future?
--
Jeroen van Meeuwen
Senior Engineer, Kolab Systems AG
e: vanmeeuwen@kolabsys.com
t: +316 42 801 403
w: http://www.kolabsys.com
pgp: 9342 BF08
_______________________________________________
Kolab-devel mailing list
Kolab-devel@kolab.org
https://kolab.org/mailman/listinfo/kolab-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic