 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
9 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Using LDAP with v...| From | Sent On | Attachments |
|---|---|---|
| Lloyd Zusman | May 28, 2005 12:38 pm | |
| Gordon Messmer | May 28, 2005 5:38 pm | |
| Lloyd Zusman | May 28, 2005 6:04 pm | |
| Gordon Messmer | May 28, 2005 8:30 pm | |
| Lloyd Zusman | May 29, 2005 7:04 am | |
| Sam Varshavchik | May 29, 2005 8:13 am | |
| Lloyd Zusman | May 29, 2005 9:19 am | |
| Sam Varshavchik | May 29, 2005 9:27 am | |
| Lloyd Zusman | May 29, 2005 9:59 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [courier-users] Using LDAP with virtual and normal accounts | Actions... |
|---|---|---|
| From: | Gordon Messmer (yiny...@eburg.com) | |
| Date: | May 28, 2005 5:38:35 pm | |
| List: | net.sourceforge.lists.courier-users | |
On May 28, 2005, at 12:36 PM, Lloyd Zusman wrote:
1. Is it indeed possible to manage both setups simultaneously using LDAP under Courier?
Yes. In such a setup, you have the option of using authpam for the "local" accounts and authldap for the "virtual" users, or using authldap for all of them.
2. If the answer to #1 is "yes", then I believe that the following settings are appropriate in the "authldaprc" file:
For the "normal" accounts:
Options in the authldaprc file are going to affect all users.
LDAP_HOMEDIR homeDirectory (to contain home directory) LDAP_UID uidNumber (to contain user's uid) LDAP_GID gidNumber (to contain user's gid)
If you're using ldap for all users, then those settings are fine. Make sure that all of your entries in LDAP, for both local users and virtual users, have those attributes defined with appropriate values.
For the "virtual" accounts:
LDAP_MAILROOT /var/vmail LDAP_GLOB_UID vmail LDAP_GLOB_GID vmail
If you're using ldap for all users, then you can't use LDAP_GLOB_UID/ GID, and it's just as easy to leave the first setting off and make sure that your virtual users' home directories are fully qualified in the homeDirectory attribute.
If you're using authpam for local users, and authldap only for the virtual users, then you can set the GLOB values, but you would comment out LDAP_UID and LDAP_GID in that case.
However, even with these settings, I don't know what to put into the LDAP database in order to indicate that a given email address is "virtual" instead of "normal", and that it therefore should use one of the /var/vmail Maildirs.
If you're using LDAP for all users, then you can add the 'posixAccount' to the objectclass for local users, while the virtual accounts use the 'CourierMailAccount' value. Set up that way, you can also use LDAP instead of the system password files.
Whatever you decide, I think it's easiest to specify the full path to the user's home directory in the homeDirectory attribute.
However, for the "qua...@abc.com" user, what do I put into the same LDAP database to indicate that it's not a normal account, but rather, one of the virtual accounts that lives under /var/vmail and whose Maildir is "/var/vmail/qua...@abc.com/Maildir"?
Put '/var/vmail/qua...@abc.com/' in that entry's homeDirectory attribute.