[pkg-kolab] kolab-cyrus and pts/ldap
Neil Price
nprice at gibb.co.za
Thu Mar 31 09:09:37 UTC 2011
kolab/cyrus package excludes the pts binaries (cyrus-imapd package also
does this) on squeeze. So I'm not sure if this can be classified as a bug.
pts/ldap is an alternative to the horrible kolab imapd.groups hack for
group permissions on shared imap folders.
Here is how to add the binaries:
apt-get source kolab-cyrus-imapd
cd kolab-cyrus-imapd-2.2.13/
Modify debian/rules
add this
--with-ldap=/usr \
--with-auth=pts \
Add this to debian/kolab-cyrus-imapd.install
usr/lib/cyrus/bin/ptloader
usr/lib/cyrus/bin/ptdump
usr/lib/cyrus/bin/ptexpire
Build the package
dpkg-buildpackage -B
(install devel packages as needed)
Configuration:
/etc/kolab/templates/cyrus.conf.template
Add this in the SERVICES section
ptloader cmd="ptloader"
listen="/var/run/cyrus/socket/ptsock" prefork=1
make directories for ptclient
mkdir /var/lib/cyrus/ptclient/
chown cyrus:mail /var/lib/cyrus/ptclient/
edit /etc/kolab/templates/imapd.conf.template by adding this:
auth_mech: pts
pts_module: ldap
ptscache_timeout: 10
ptloader_sock: /var/run/cyrus/socket/ptsock
ldap_group_base: @@@base_dn@@@
ldap_member_base: @@@base_dn@@@
ldap_scope: sub
ldap_realm: @@@postfix-mydomain@@@
@@@postfix-mydestination|join( )@@@
ldap_filter:
(|(&(objectclass=gosaMailAccount)(uid=%U))(&(objectclass=kolabInetOrgPerson)(cn=%U)))
ldap_group_filter: (&(objectclass=posixGroup)(cn=%U))
ldap_sasl: 0
ldap_member_method: filter
ldap_member_filter: (&(objectclass=posixGroup)(memberUid=%U))
ldap_member_attribute: cn
# size limit determines the max number of groups a user may be
# in before authentication fails
ldap_size_limit: 64
You can now use an acl of group:groupname in cyradm
More information about the pkg-kolab-devel
mailing list