Hi.
I want to allow members of the openLDAP group "remoteusers" to use smtp relaying.
So I have defined an authentication backend LDAP based on uid which works fine,
meaning password checking works.
Now I configured Mail-Relaying "Allow authenticated relaying" with an allowed group
"remotegroup".
The problem is the definition of this group.
So we go to Users-Groups, add a new group "remotegroup".
group type backend membership, backend LDAP.
When I omit "Check an LDAP attribute", every user with valid credentials is accepted,
I suppose this is the intended behaviour, cause the user is proven as member of the
backend.
But I want to restrict the usage to users belonging to LDAP group "remoteusers".
The attribute check I can define in the group definition intends to check if the
user has a attribute with a certain value in LDAP.
I could not verify this working, even with a very simple attribute as Givenname.
I could see the LDAP query in wireshark with the expected result, but group
membership was never recognised.
What may be wrong, if attribute is "givenName" and value "Paul"?
But: this mechanism would only works if the group membership can be checked
with an attribute in the user object, such as "memberOf" or "GroupMembership" from
the help example.
But what, if membership is stored in LDAP in a different way?
I have an OU=users and an OU=groups
And only the group object lists the members of the group, with an attribute
memberUid.
Any suggestion how I could check in this scenario the group membership in LDAP
backend?
Best regards
Paul
This thread was automatically locked due to age.
