Hi all,

Our Courier installation (SMTP/IMAP/POP3) provides mail services for several domains. There exists a LDAP database, served by OpenLDAP, that contains information about domains and user accounts, but (historically) Courier performs authentication against its own userdb (that completely duplicates LDAP). LDAP is used actively by a wide range of services (Jabber, Apache etc.) Seems like Courier's time has come.

The problem is that LDAP directory stores information under different base DNs (serves multiple bases). Typical DNs look like:

cn=John,ou=People,dc=foo,dc=com cn=Mary,ou=People,dc=bar,dc=com

and we should use different base DNs ("dc=foo,dc=com" and "dc=bar,dc=com", respectively) while trying to search for John and Mary. I know that authdaemond.ldap instance is able to operate only a single base DN.

It would be great if someone gives me general recommendations on how to perform this migration. Now I see two ways:

1. to hook (via LDAP referrals) every domain, say, to ou=Domains,dc=foo,dc=com; 2. to chain multiple authdaemond.ldap instances with different configs.

Can't figure out now which one is more simple and/or efficient, and asking for help.

Thanks in advance, Dimitri