55 messages in net.sourceforge.lists.courier-usersRe: [courier-users] in authldaprc, an...
FromSent OnAttachments
Sergey MikhaylovJan 16, 2001 1:28 am 
Martin KokešJan 16, 2001 1:52 am 
Sergey MikhaylovJan 16, 2001 2:39 am 
Alexei Batyr'Jan 16, 2001 4:12 am 
Sam VarshavchikJan 16, 2001 4:58 am 
John Edward MillerJan 16, 2001 10:59 am 
Patrick PriceJan 16, 2001 1:00 pm 
Patrick PriceJan 16, 2001 1:20 pm 
Sam VarshavchikJan 16, 2001 2:36 pm 
Sam VarshavchikJan 16, 2001 2:45 pm 
Patrick PriceJan 16, 2001 2:52 pm 
Sam VarshavchikJan 16, 2001 3:32 pm 
Chad Leigh, Shire.Net LLCJan 16, 2001 3:35 pm 
Sam VarshavchikJan 16, 2001 4:32 pm 
Patrick PriceJan 16, 2001 4:43 pm 
Daniel BiddleJan 16, 2001 5:05 pm 
Sam VarshavchikJan 16, 2001 5:23 pm 
Patrick PriceJan 16, 2001 8:33 pm 
Sam VarshavchikJan 16, 2001 8:59 pm 
Patrick PriceJan 16, 2001 9:42 pm 
Chris MeadorsJan 16, 2001 9:51 pm 
Patrick PriceJan 16, 2001 10:51 pm 
Daniel BiddleJan 16, 2001 11:49 pm 
Sam VarshavchikJan 17, 2001 4:54 am 
Steve UnderwoodJan 17, 2001 7:39 am 
Patrick PriceJan 17, 2001 9:50 am 
Chris MeadorsJan 17, 2001 10:21 am 
Patrick PriceJan 17, 2001 10:57 am 
Patrick PriceJan 17, 2001 11:34 am 
Tomas FasthJan 17, 2001 1:51 pm 
Chad Leigh, Shire.Net LLCJan 17, 2001 2:09 pm 
Brian CandlerJan 17, 2001 2:40 pm 
Sam VarshavchikJan 17, 2001 2:43 pm 
Sam VarshavchikJan 17, 2001 2:44 pm 
Sam VarshavchikJan 17, 2001 2:44 pm 
Chad Leigh, Shire.Net LLCJan 17, 2001 2:52 pm 
Patrick PriceJan 17, 2001 3:07 pm 
Sam VarshavchikJan 17, 2001 3:17 pm 
Sam VarshavchikJan 17, 2001 3:29 pm 
Patrick PriceJan 17, 2001 3:36 pm 
Sam VarshavchikJan 17, 2001 4:25 pm 
Chad Leigh, Shire.Net LLCJan 17, 2001 6:54 pm 
Sam VarshavchikJan 17, 2001 7:25 pm 
Peter PeltonenJan 18, 2001 2:06 am 
Brian CandlerJan 18, 2001 2:32 am 
Anand BuddhdevJan 18, 2001 4:43 am 
Sam VarshavchikJan 18, 2001 4:59 am 
Chris MeadorsJan 18, 2001 5:23 am 
Marc HaberJan 19, 2001 1:48 am 
Chad Leigh, Shire.Net LLCJan 21, 2001 12:29 pm 
John MillerJan 21, 2001 4:10 pm 
Tabor J. WellsJan 21, 2001 4:11 pm 
Chad Leigh, Shire.Net LLCJan 21, 2001 5:41 pm 
Larry MooreJan 21, 2001 7:33 pm 
Tomas FasthJan 22, 2001 5:54 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [courier-users] in authldaprc, any way to use expressions with email address? (imap)Actions...
From:Brian Candler (B.Ca@pobox.com)
Date:Jan 17, 2001 2:40:45 pm
List:net.sourceforge.lists.courier-users

On Wed, Jan 17, 2001 at 05:10:15PM -0500, Chad Leigh, Shire.Net LLC wrote:

Hi

I am trying to implement my own LDAP based virtual domain system. I have the LDAP setup the way I would like to hav eit and the MTA (exim) also set up to deliver just fine, but courier-imap needs a little bit more flexibility to do what I want, it seems (obervation, not a flame). But I thought I would ask to make sure I am not missing something.

I have the LDAP hierarchy so:

base is

dc=mydomain,dc=net # the ISP main domain name

next comes

domain=virtualdomain.com (,dc=mydomain,dc=net)

next comes

accountname=account (,domain=virtualdomain.com,dc=mydomain,dc=net)

accountname could be just the account (ie john) or be fully qualified (ie, jo@virtualdomain.com), I don't care. Fully qualified would only make the one following need a real need since it could query LDAP with the fully qualified name still.

In authldaprc I need to be able to specify something like

LDAP_BASEDN domain=$domain,dc=mydomain,dc=net

with $domain being a variable that the authldaprc processor could get from the passed in mail address it is trying to authenticate.

No, that is not the way to do what you want. It is not good practice to hardcode any sort of DN or DN hierarchy - any LDAP reference book will advise you against it.

You can use whatever hierarchy you like, but instead you need to put an attribute _within_ the LDAP entry with the E-mail address (or POP3/IMAP username) for that person.

e.g.

[dn: accountname=fred, domain=example.com, dc=mydomain, dc=net]

mail: fr@example.com maildrop: /users/e/x/a/example/

You then configure Courier with a basedn of 'dc=mydomain, dc=net' and LDAP_MAIL attribute of 'mail'

When fr@example.com logs in, Courier will do a search on the LDAP tree for "(mail=fr@example.com)", and find the entry above. It then extracts the other parameters from this search (e.g. home directory, maildir, quota)

Optionally, you can configure Courier to do an LDAP bind to authenticate. In this case, rather than reading the password from a field in the entry, it will rebind to the LDAP server (using the DN of the record it just found in the search - so still no need to hardcode the DN format - plus the password supplied by the user)

Something you might want to do with virtual domains is have all mail for <anyone>@example.com going to one maildir. In my case I modified OpenLDAP, but in fact you could get Exim to do two LDAP lookups: first lookup "(mail=$local_part@$domain)", and if that fails, lookup "(mail=*@$domain)"

Then the LDAP database can have an entries like this:

mail: fr@example.com maildrop: /users/e/x/a/example/

mail: *@example.com maildrop: /users/e/x/a/example2/

Then mail to 'fr@example.com' will hit the first maildir, but ji@example.com and bo@example.com will hit the second. There's lots of flexibility to play with here. In my case I use a different LDAP attribute for the E-mail address (which Exim uses) and the POP3/IMAP username (which Courier uses), since our users historically don't use their full E-mail address as their POP3 login.

HTH,

Brian.