search

gfidente / mlapd

MLAPD is a mailing list access manager which uses LDAP to check for user's rights to post messages
0 stars 0 forks source link

DN membership #9

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Purpose of changes:

I could suggest to add dn based membership.
For instance:

  dn: cn=news,ou=groups,dc=example.com,dc=root,dc=dn
  uniqueMemeber: uid=gfidente,ou=people,dc=example.com,dc=root,dc=dn
  mgrpAllowedBroadcaster: em...@foo.bar

Original issue reported on code.google.com by m.fave...@gmail.com on 19 Jul 2011 at 7:56

GoogleCodeExporter commented 9 years ago 
I do understand it's common to have DN based group membership using 
uniqueMember, but while I do recognize it as a good feature I don't have much 
time to work on it now. Feel free to submit a patch if you can and I will 
surely add it into the project.

Original comment by gfide...@gmail.com on 24 Jul 2011 at 2:45

GoogleCodeExporter commented 9 years ago 
This is the patch for "internals".
ALLWDATTRIBUTE, SUBSCRATTRIBUTE and MEMBERMAIL of SUBSCRDNATTRIBUTE are 
authorized.
MEMBERMAIL are searched using MEMBERFILTER.
This work for me.
What do you think? Feel free to add the patch to the project.

I attach the diff files and the modified files too.
Regards

Original comment by m.fave...@gmail.com on 7 Aug 2014 at 6:34

Attachments:

GoogleCodeExporter commented 9 years ago 
Just a note: this mechanism is not recursive on SUBSCRDNATTRIBUTE as in Postfix 
happens (see special_result_attribute at 
http://www.postfix.org/ldap_table.5.html). SUBSCRDNATTRIBUTE must be a DN value 
and not a URL value.

Simply, with this patch mlapd retrieves SUBSCRDNATTRIBUTE on group entry. Then 
it uses it as a base DN of a new base search, to obtain mails to authorize.

Original comment by m.fave...@gmail.com on 7 Aug 2014 at 1:12

GoogleCodeExporter commented 9 years ago 
hi,

thanks a lot for your submission.

Unfortunately I didn't ever provide any folrmal test for this tool so I'm 
unable to test the changes quickly, yet I'm incline to include this.

Before we move forward, I wanted to ask you a few more things:
1. I was thinking to move the project over to github (with some automated 
script), would you prefer the changes to be merged before or after that?
2. can you provide a small sample/extract of an LDAP tree that would work with 
your default settings? something that we could use as an additional section in 
the HowToPopulateLDAP wiki page

thanks!

Original comment by gfide...@gmail.com on 7 Aug 2014 at 1:25

GoogleCodeExporter commented 9 years ago 
Hi Giulio,

  about your questions:

1. I don't have any particular hurry. If you plan to move to github, you could 
merge the patch after.

2. I attached a short description: mlapd.txt

Ciao
Marco

Original comment by m.fave...@gmail.com on 8 Aug 2014 at 7:20

Attachments:

GoogleCodeExporter commented 9 years ago 
This is the right description.

Original comment by m.fave...@gmail.com on 8 Aug 2014 at 7:26

Attachments: