Hi Nathanael, Why not use a different subtree search for each of your domains, e.g. domainOU=testX.local,o=hosting,dc=my,dc=domain?
Cheers, Dennis -- two4.IT http://www.two4.it On Sunday 05 December 2010 14:42:25 Nathanael Bettridge wrote: > Hi folks, > > I'm setting up a multi-tenant mail system at the moment, SOGo works a treat > with it all, however there's one quirk. > We're segregating different mail domains/organizations in LDAP within > different OUs (for example > [email protected],ou=users,domainOU=test1.local,o=hosting,dc=my,dc=dom > ain and > [email protected],ou=users,domainOU=test2.local,o=hosting,dc=my,dc=dom > ain ) with each UID only having read permissions to it's own domainOU and > below. > Address books use a subtree search from o=hosting,dc=my,dc=domain - ACLs > screen out unwanted entries. > When directly listing addresses from LDAP bound as a hosted user > ([email protected] for instance), it can only see cards from within > domainOU=test1.local, o=hos... > From within SOGo however, the user sees *all* configured domains' users, > not just his own. LDAP debugging indicates queries are made only as the DN > written into the defaults file (not the logged-in user) > It would be nice if the LDAP addressbooks could be enumerated based on an > indirect bind. Is there any way to get SOGo to do this, or is it into > patch territory? For the moment I'm assuming I'll just have to keep LDAP > addressbooks hidden, but it would be nice to have them work this way... > Thanks, > > Nathanael Bettridge > Prodigy Communications-- > [email protected] > https://inverse.ca/sogo/lists > -- [email protected] https://inverse.ca/sogo/lists
