thanks francis,
filter = "memberof = 'cn=enterpriseusers,dc=groups,o=example'";
did the trick for both login restrictions an gal filtering.
another step towards unified configuration.
thanks again, sg
btw: what about group based access rights for calendars and address books? has this been implemeted/will it be implemented?
Sent: Monday, November 07, 2016 at 3:01 PM
From: "\"Francis Lachapelle\" ([email protected])" <[email protected]>
To: [email protected]
Subject: Re: [SOGo] ldap addressbooks with filter based on dynamic ldap group
From: "\"Francis Lachapelle\" ([email protected])" <[email protected]>
To: [email protected]
Subject: Re: [SOGo] ldap addressbooks with filter based on dynamic ldap group
Hello sg
> On Nov 4, 2016, at 12:16 PM, sg gs ([email protected]) <[email protected]> wrote:
>
> hello,
> all our active users (besides others) are members of group: cn=enterpriseusers,dc=groups,o=example.
> to restrict access to these memberes i added filters
> (&(uid=%u)(memberof=cn=enterpriseusers,dc=groups,o=example))
> to dovecot and postfix. these filters work perfect for dovecot and postfix (and other systems outside of sogos's scope).
>
> now i would like to add equivalent filters to sogo's login users and the global addresslist. so i tried to add the line
> filter = "(memberof=cn=enterpriseusers,dc=groups,o=example)";
> to sogo's login-users configuration. the result was, that it was no longer possible to log in for any user. so i removed the fiter and added it to the definition of the global addresslist. the effekt was, that it was no longer possible to search in the gal - no matter, what i typed into the search field , always all members of the gal were displayed.
Have you tried this syntax?
filter = "memberof = 'cn=enterpriseusers,dc=groups,o=example'";
> after modification of the filter to something like
> filter = "account-type = enterprise-user"; (which defines a subset of the above list)
> only matching users were displayed in the gal and seraching worked fine.
>
> what can i do implement the dovecot and postfix restrictions into sogo's login configuration and address list?
>
> regards, sg
--
[email protected]
https://inverse.ca/sogo/lists
> On Nov 4, 2016, at 12:16 PM, sg gs ([email protected]) <[email protected]> wrote:
>
> hello,
> all our active users (besides others) are members of group: cn=enterpriseusers,dc=groups,o=example.
> to restrict access to these memberes i added filters
> (&(uid=%u)(memberof=cn=enterpriseusers,dc=groups,o=example))
> to dovecot and postfix. these filters work perfect for dovecot and postfix (and other systems outside of sogos's scope).
>
> now i would like to add equivalent filters to sogo's login users and the global addresslist. so i tried to add the line
> filter = "(memberof=cn=enterpriseusers,dc=groups,o=example)";
> to sogo's login-users configuration. the result was, that it was no longer possible to log in for any user. so i removed the fiter and added it to the definition of the global addresslist. the effekt was, that it was no longer possible to search in the gal - no matter, what i typed into the search field , always all members of the gal were displayed.
Have you tried this syntax?
filter = "memberof = 'cn=enterpriseusers,dc=groups,o=example'";
> after modification of the filter to something like
> filter = "account-type = enterprise-user"; (which defines a subset of the above list)
> only matching users were displayed in the gal and seraching worked fine.
>
> what can i do implement the dovecot and postfix restrictions into sogo's login configuration and address list?
>
> regards, sg
--
[email protected]
https://inverse.ca/sogo/lists
