Bryan Vyhmeister wrote:
On May 17, 2007, at 12:06 AM, Gavin Henry wrote:
<quote who="Bryan Vyhmeister">
Is anyone using LDAP along with Dovecot where mail is being accessed
in the form of /var/vmail/${domain}/${user}? I have not figured out
how to extract the domain from LDAP in order to make this work. I
know this is sparse information but maybe there is an easy fix. If
not, I can post more information.
What config have you tried?
Sorry, I should have given more detail. Right now, I have one server
which is authenticating off of a passwd file from Dovecot. Postfix
accesses Dovecot's auth socket interface for SMTP AUTH passwords and
such. I use a virtual mailbox map and virtual alias map through
Postfix to decide where to deliver mail. In Dovecot, I have
mail_location set as follows:
mail_location = maildir:/var/vmail/domains/%d%n
Hope you've got a "/" between the %d and %n that got dropped off ....
That allows it to work fine for finding my mailboxes. I have tried the
default Dovecot LDAP file but I am not sure I really understand how it
all works. I guess this also involves picking a logical way to setup
my LDAP structure as well.
LDAP is one of the biggest headaches you get into - despite the fact
that lots of people seem to think it's THE solution for centralized user
management. Google, read, google, read, curse, google, read, try, fail,
google, read . . . get it working (still not understanding why), touch
something, break it, curse, google, read, google, read, try again . . .
I think I could make this work by making the LDAP uid [EMAIL PROTECTED]
I don't think this is the best way of setting it up though. All of my
users login with [EMAIL PROTECTED] and I want to keep it that way. It
does not seem like LDAP was designed to authenticate this way quite as
well.
uid should be . . . uid. One of the key items to understand about LDAP
integration with most programs is there IS NO STANDARD. YOU define
which fields are used. So you tell Dovecot, Postfix, or whatever which
fields to search, and which fields to return, and what information is
meaningful. Your login format will work just fine - but LDAP needs to
have a field with that information stored (mail), and your LDAP-using
servers need to be told which field to use.
The only key mail program I haven't been able to use with my setup is
maildrop - I would have to store the mailfolder in LDAP, which I refuse
to do. So I have a second database I need to maintain (for
courier-authlib) for the couple users that use maildrop until I can come
up with an alternative.
--
Daniel
