[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Complex Group ACL "selfwrite" question

On Fri, 11 Feb 2000, Kurt D. Zeilenga wrote:

Thanks for the response...

> At 02:38 PM 2/9/00 -0700, Leslie M. Barstow III wrote:
> >I am hoping someone can help with this...

> >The one feature is the ability to use LDAP with Sendmail.  This appears to
> >work fine with the 8.10 betas (I need alias support...).

> >In conjunction with that, we have a couple of mail aliases which we would
> >like to make open to subscription by users (they would be able to add and
> >remove themselves from the group).  This I can't figure out - it seems
> >that specifying:

> >access to ".*,ou=Aliases,o=VR-1 Inc.,c=US" attr=entry,member
> > by dnattr=member selfwrite

> >per the Admin Guide exaples will only get me the full DN of the user

> Yes, that's how refer to users.  Applications can use the DN to
> obtain the values of attributes stored in the referenced entry.

> >(and what I really need is to validate vs. their mail attr, and add/remove the
> >mail attribute without the leading "mail=").

> Basically, the application needs to be coded to understand LDAP
> group mechanisms (which there actually a couple varients).

> Well, if the application doesn't already support it, you'd have
> to hack.

Ack.  Not hack!  Do you know if the Sendmail 8.10 code supports groups
properly?  The vague information I've been able to glean from the Sendmail
guide and from the FAQ-O-Matic pointers on OpenLDAP.org don't lend me to
believe that it does...

I suppose I could create a ruleset which parses returns and
continues the lookup... (ick!)  Anyone out there quicker than I am at
Sendmail rulesets? (hint - it wouldn't be much of a contest...)

Leslie M. Barstow III  | http://www.faerealm.com/phoenix
phoenix@faerealm.com   |    Linux and Apple][GS links:    computers/
PGP key at www.pgp.com |    Fight junk e-mail abuse!:     computers/spam/
Wow!  It all fits.     |