On Sat, 17 Jan 2004, Tim Pushor wrote: > > >>I have determined that the way its currently setup (the ldap ptloader) > >>won't do what I want, so I am in the process of rewriting it for my needs. > >> > >> > > > >Interesting. Why is that? (Not using it myself right now, but would > >like to at some point.) > > > > > > > Because it relies on a user having multiple memberof attributes to > describe their group membership. This is OK if thats how you do group > membersip, but I already protect various bits of the directory using > OpenLDAP's group scheme - a seperate group object that contains multiple > member attributes, each being the DN of the 'subscriber'. I don't want > to support multiple group schemes if I can at all avoid it.
I do not see how this is going to work within cyrus context. You will need to change a lot more than just ptloader/ldap code for this to work. > I hope I didn't come off sounding like a jerk. I really don't mind doing > the work. It'd be twice as nice if others were interested, but if not > thats ok too ;-) I'd just like to see the API docs, or at least some > notes, if they exist. This is one of the major things that I really > wanted to see in Cyrus (external authorization). I'm excited! I do not think such docs exist (except for the code itself). Basically, whenever a user logs in, cyrus fetches all groups the user is member of (ptloader/ldap does this in your case). This group list is later used for mailbox access (check lib/auth_pts.c). You'd be better of writing an ldap authorization module. Check lib/auth_unix.c for an example. -- Igor