General discussion on installation and configuration of SOGo

Text archives Help


[SOGo] LDAP Address Book Indirect Bind


Chronological Thread 
  • From: Nathanael Bettridge < >
  • To:
  • Subject: [SOGo] LDAP Address Book Indirect Bind
  • Date: Sun, 5 Dec 2010 05:42:25 -0800 (PST)
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=FmyjXC4/Og/ACpV8skpwznstx0/SnpW83yYoc+lC48Q5A2phmFfSyh5TITj9ArJcXDFDbCZTCOnO4Fuqr3WcgMmcpyyYq2rWeBHbRafIlsZU7XO/eJvDS+yJJCc2KLbHrHo/XNGfRhvsc+4a0htI5bfK8N93ja/c8wQVPYdEvBE=;

Hi folks,
 
I'm setting up a multi-tenant mail system at the moment, SOGo works a treat with it all, however there's one quirk.
 
with each UID only having read permissions to it's own domainOU and below.
 
Address books use a subtree search from o=hosting,dc=my,dc=domain - ACLs screen out unwanted entries.
 
When directly listing addresses from LDAP bound as a hosted user ( "> for instance), it can only see cards from within domainOU=test1.local, o=hos...
 
From within SOGo however, the user sees *all* configured domains' users, not just his own. LDAP debugging indicates queries are made only as the DN written into the defaults file (not the logged-in user)
 
It would be nice if the LDAP addressbooks could be enumerated based on an indirect bind. Is there any way to get SOGo to do this, or is it into patch territory? For the moment I'm assuming I'll just have to keep LDAP addressbooks hidden, but it would be nice to have them work this way...
 
Thanks,
 
Nathanael Bettridge
Prodigy Communications



Archive powered by MHonArc 2.6.16.

Top of page