[turba] LDAP setup

Jean-Luc Wasmer jl.horde at wasmer.ca
Sat Aug 30 05:30:15 PDT 2003


> The problem is that my user accounts are stored in /etc/passwd - and not in
> LDAP.
> 
> How can I grant each user write access to his/her own address book?
> I suppose I'll have to use the "passwd" backend and somehow let slapd
> authenticate users using this. Any clues/hints on how to do this?

I'm not 100% sure, but I guess you'll have to get the SASL library and compile
LDAP with SASL.
The SASL docs says:
"/etc/passwd, via the call getpwnam(), is supported innately in the library.
Simply set the configuration option "pwcheck_method" to "passwd"."

By default, sasldb (the SASL secrets database) is used.


> 
> And how do I set the ownership for each organizational unit representing an
> addressbook?

This is explained in turba/docs/LDAP : 


3. Enforce ACL's to personal address books.

Add this to your LDAP ACL so users can only see their own address book:

Please note: this assumes that you store your users in the same LDAP
directory. If not, modify appropriately for your setup.

access to dn="ou=(.+), ou=personal_addressbook, dc=example, dc=com"
       by dn="uid=$1, dc=example, dc=com" write
       by * none


More information about the turba mailing list