9 messages in net.sourceforge.lists.courier-users[courier-users] Re: Using LDAP with v...
FromSent OnAttachments
Lloyd ZusmanMay 28, 2005 12:38 pm 
Gordon MessmerMay 28, 2005 5:38 pm 
Lloyd ZusmanMay 28, 2005 6:04 pm 
Gordon MessmerMay 28, 2005 8:30 pm 
Lloyd ZusmanMay 29, 2005 7:04 am 
Sam VarshavchikMay 29, 2005 8:13 am 
Lloyd ZusmanMay 29, 2005 9:19 am 
Sam VarshavchikMay 29, 2005 9:27 am 
Lloyd ZusmanMay 29, 2005 9:59 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:[courier-users] Re: Using LDAP with virtual and normal accountsActions...
From:Lloyd Zusman (lj@asfast.com)
Date:May 29, 2005 9:59:58 am
List:net.sourceforge.lists.courier-users

Sam Varshavchik <mrs@courier-mta.com> writes:

Lloyd Zusman writes:

Sam Varshavchik <mrs@courier-mta.com> writes:

Lloyd Zusman writes:

I have another authldap question: Assume the following setup for a user with a "virtual" account: LDAP_HOMEDIR (homeDirectory): /var/vmail/whoe@virtual.com LDAP_UID (uidNumber): owner of /var/vmail tree LDAP_GID (gidNumber): group of /var/vmail tree LDAP_MAIL (mail): whoe@virtual.com virtual.com is in "hosteddomains". This works fine for the delivery of email to "whoe@virtual.com", which properly ends up under "/var/vmail/whoe@virtual.com/Maildir". Also, the user can retrieve email via IMAP as long as he/she logs in as "whoe@virtual.com". However, I want the user to log using simply "whoever", not "whoe@virtual.com". How do I enable this capability via authldap?

Add a second 'mail' attribute to the LDAP record.

Aha! Thanks. Previously, the record looked like this: mail=whoe@virtual.com homeDirectory=/var/vmail/whoe@virtual.com cn=Virtual User uidNumber=[owner of /var/vmail tree] gidNumber=[group of /var/vmail tree] userPassword=[encrypted password] So, I presume that it should now look like this: mail=whoe@virtual.com mail=whoever homeDirectory=/var/vmail/whoe@virtual.com cn=Virtual User uidNumber=[owner of /var/vmail tree] gidNumber=[group of /var/vmail tree] userPassword=[encrypted password] However, I'm having trouble adding such a record to LDAP, but perhaps that's just a bug in the LDAP client software that I'm using. If this version with two "mail" attributes is indeed correct (please confirm), then I'll start debugging the LDAP client.

This is correct.

It's possible that your LDAP schema prohibits duplicate attributes in a record. It's a simple matter of changing your schema definition.

Well, it turns out that my schema does indeed allow duplicate attributes (I'm using openldap with the standard "authldap.schema" that comes with Courier-authlib). The bug was something different: I was incorrectly having the LDAP client add the above record (with two "mail" attributes) using the following key:

mail=whoe@virtual.com,mail=whoever,ou=Authentication,cd=host,cd=com

When I changed the key to this ...

mail=whoe@virtual.com,ou=Authentication,cd=host,cd=com

... I was then able to successfully add this dual-mail-attribute record under this key.

And everything works fine now.

I'm using phpldapadmin as my LDAP client, and I have made a custom template for adding courier mail accounts. What I now do in this template is this:

accept the "mail" attribute from the user and store it into the variable $mail

put mail=$mail into the list of attributes in the record that will be added

if specified "mail" attribute contains a "@", then

take the part of $mail that appears to the left of the "@" and store it in the variable $mailfirst

put mail=$mailfirst into to the list of attributes in the record that will be added

endif

put the other attributes into the LDAP record

set the key to be "mail=$mail,ou=Authentication,dc=host,dc=com" (with only a single "mail" attribute, the one specified)

add the record to LDAP using this key

Thanks.

-- Lloyd Zusman lj@asfast.com God bless you.