Le 19/12/2012 00:45, [email protected] a écrit : > Hello, > > I am trying to make SOGo work with LDAP group-authentication in a way > that allows only members of a certain group to log on to the web interface.
In the documentation I read "SOGo supports LDAP-based groups ... You can set ACLs based on group membership and invite a group to a meeting (and the group will be decomposed to its list of members upon save by SOGo). You can also control the visibility of the group from the list of shared address books or during mail autocompletion by setting the isAddressBook parameter to YES or NO." I am not sure if this means that an LDAP-group can be used to restrict authentication to a subset of users. Here is however how I would achieve your goals: I see 2 cases. * case1: in your user entry you've got a "memberOf"-like attribute that is refering to the list of groups this particular user is member of ==> in this case you use a simple SogoSources entry with a "filter" parameter: you filter users having the choosen group DN or name (depending on your setup) as a value for this "memberOf" attribute. * case2: you don't have in your user entry any attribute that is storing the list of groups the user is member of. ==> in this case, you ask your LDAP directory manager to filter what users are "seen" on the directory through ACLs. In this case, the bindDN you're using to search for users is only able to see the users from your group. My 2 cents, Thibault -- [email protected] https://inverse.ca/sogo/lists
