Mitya said:
Our Courier installation (SMTP/IMAP/POP3) provides mail services for
several domains. There exists a LDAP database, served by OpenLDAP, that
contains information about domains and user accounts, but (historically)
Courier performs authentication against its own userdb (that completely
duplicates LDAP). LDAP is used actively by a wide range of services
(Jabber, Apache etc.) Seems like Courier's time has come.
The problem is that LDAP directory stores information under different
base DNs (serves multiple bases). Typical DNs look like:
cn=John,ou=People,dc=foo,dc=com cn=Mary,ou=People,dc=bar,dc=com
and we should use different base DNs ("dc=foo,dc=com" and "dc=bar,dc=com",
respectively) while trying to search for John and Mary. I know that
authdaemond.ldap instance is able to operate only a single base DN.
It would be great if someone gives me general recommendations on how to
perform this migration. Now I see two ways:
1. to hook (via LDAP referrals) every domain, say, to
ou=Domains,dc=foo,dc=com; 2. to chain multiple authdaemond.ldap instances
with different configs.
Can't figure out now which one is more simple and/or efficient, and
asking for help.
Easiest way is to use the lowest common subtree of all the domains. In
your example that would be dc=com and have LDAP search subtrees
recursively. I know that subtree recursion is the default in Novell's
eDirectory LDAP which is what I use for LDAP but I do not believe it is
for OpenLDAP. Check the man pages/newsgroups/Google to figure out how to
get LDAP to search further down the tree than just the current context.
Jay
3 messages in net.sourceforge.lists.courier-usersRe: [courier-users] LDAP auth against...
