You are not logged in.
Pages: 1
Has anyone succesfully setup postfix to work with ldap (via cyrus) and using ACLs?
I have postfix working with ldap (using the CourierMailAccount); however I can't seem to add ACLs to slapd.conf. Everything works ok until I try and add ACLs like:
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to *
by self write
by users read
# by anonymous read
by * none
With the above ACL, when a user tries to "send" email to another user on the system, postfix says that the user is unknown. However if I add in the "anonymous read" rule, sending email works.
I just can't seem to figure out what I am missing. I can easily post other configuration files if that would help.
Thanks in advance,
Chris....
Offline
Hi Chris
here's what we use on our school and that works :
access to * by * write
access to * by * read
access to attr=userPassword
by * read
by * write
access to *
by dn="cn=Manager,dc=dmusyd,dc=edu" write
by users read
by * auth
Hopefully you can use these ??
but remember this:
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
Just for what you're in need of!!!
Just getting better .... All the time
Offline
Thanks for the reply. I haven't actually been back to the ACL issue, we just got samba/posix accounts/ldap to work together. pretty sweat thing...
As for your setup, doesn't the first rule that meets a given access request win. If that is true than your first rule (access to * by * write) will match all requests and everyone (including anonymous) will be able to write to any/all entries.
I could be wrong though since I have not actually gotten ACL's to work yet.
If I am wrong (which I will try out when I get back from break), please let me know.
Thanks,
Chris....
Offline
Anonymous havent got acces !!
For our situation thereś not acces from anonumous -People are able to read from others home, but not write (File rights) and then again they have a totally private directory also wich is privat
Just getting better .... All the time
Offline
Pages: 1