General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] LDAP Address Book Indirect Bind


Chronological Thread 
  • From: Dennis Petschull < >
  • To: Nathanael Bettridge < >
  • Cc:
  • Subject: Re: [SOGo] LDAP Address Book Indirect Bind
  • Date: Sun, 5 Dec 2010 15:47:55 +0100
  • Organization: two4.IT

Hi Nathanael,

Why not use a different subtree search for each of your domains, e.g.
domainOU=testX.local,o=hosting,dc=my,dc=domain?

Cheers,
Dennis

--
two4.IT
http://www.two4.it


On Sunday 05 December 2010 14:42:25 Nathanael Bettridge wrote:
> Hi folks,
>
> I'm setting up a multi-tenant mail system at the moment, SOGo works a treat
> with it all, however there's one quirk.
> We're segregating different mail domains/organizations in LDAP within
> different OUs (for example
>
> ,ou=users,domainOU=test1.local,o=hosting,dc=my,dc=dom
> ain and
>
> ,ou=users,domainOU=test2.local,o=hosting,dc=my,dc=dom
> ain ) with each UID only having read permissions to it's own domainOU and
> below.
> Address books use a subtree search from o=hosting,dc=my,dc=domain - ACLs
> screen out unwanted entries.
> When directly listing addresses from LDAP bound as a hosted user
>
> (
> for instance), it can only see cards from within
> domainOU=test1.local, o=hos...
> From within SOGo however, the user sees *all* configured domains' users,
> not just his own. LDAP debugging indicates queries are made only as the DN
> written into the defaults file (not the logged-in user)
> It would be nice if the LDAP addressbooks could be enumerated based on an
> indirect bind. Is there any way to get SOGo to do this, or is it into
> patch territory? For the moment I'm assuming I'll just have to keep LDAP
> addressbooks hidden, but it would be nice to have them work this way...
> Thanks,
>
> Nathanael Bettridge
> Prodigy Communications--
>
> https://inverse.ca/sogo/lists
>



Archive powered by MHonArc 2.6.16.

Top of page