YALQ (Yet another LDAP Question)
I've seen variations on this posted, and never seen any answers (Bret Martin, you still there?) I am tasked to try and implement the following. Qmail mail system, utilising one large NFS storage for mail, which is served by a farm of satellite linux boxes taking in mail and running IMAP and POP services, both insecure and secure, utilising separate passwords for the secure and insecure services, all users have actual accounts but are held in an LDAP database. So I have pam_ldap and nss_ldap setup with two sets of libraries and config files, one for secure and one for insecure services. I have hacked the UW IMAP server further to allow me to have two different servers, using different PAM config files to allow lookups in different LDAP branches (secure and insecure), all this works, and then I discovered qmail seems to use some odd lookup mechanism for users. It won't use nss_ldap and doesn't see any of the users. I've now played with qmail_ldap, but fail to see that I can implement it in the same structure as everything else, as it seems primarily geared toward 'virtual users'. Help. herbie __ This is an email, an electronic Post-It note. Keep your Inbox tidy and dispose of it in a timely fashion.
Re: YALQ (Yet another LDAP Question)
Andrew J Herbert wrote: I've now played with qmail_ldap, but fail to see that I can implement it in the same structure as everything else, as it seems primarily geared toward 'virtual users'. You want qmail-ldap. If these are mail servers, why do users need to have a system account? They aren't administrators. I run several qmail-ldap servers, with only system accounts for the IT staff. Even if they need a system account, you can store their mail in /var/qmail/maildirs owned and grouped to the qmail-ldap daemons, and make them use pine over IMAP or pop. UW-Imap is a resource HOG. You have to patch it twice to get it to work in your setup, and you have to recompile it when you make configuration changes. Low tech. Courier Imap has native support for ldap authentication and maildirs, has low memory requirements, and can be reconfigured without recompiling. Regards, Mike
Re: YALQ (Yet another LDAP Question)
It's a nice idea, and we did consider it, and play with it but it doesn't work for a few reasons. 1. We use Eudora as a mail client, it's not my choice unfortunately, and it thrashes Courier, whilst UW doesn't break a sweat, due to the odd way Eudora implements mail filters (using UID's). 2. We have to have people having logons in the system, this isn't just email we're talking about, hence why I said I want to use real users, and not virtual users. Also we run a web based front end to procmail for mail filtering that has to be 'grannied' in. Anyone know how to get qmail-ldap compliant with RFC2307? How does qmail look up local users anyway? Why won't it work with nss_ldap? herbie __ This is an email, an electronic Post-It note. Keep your Inbox tidy and dispose of it in a timely fashion. On Mon, 25 Jun 2001, Mike Jackson wrote: Andrew J Herbert wrote: I've now played with qmail_ldap, but fail to see that I can implement it in the same structure as everything else, as it seems primarily geared toward 'virtual users'. You want qmail-ldap. If these are mail servers, why do users need to have a system account? They aren't administrators. I run several qmail-ldap servers, with only system accounts for the IT staff. Even if they need a system account, you can store their mail in /var/qmail/maildirs owned and grouped to the qmail-ldap daemons, and make them use pine over IMAP or pop. UW-Imap is a resource HOG. You have to patch it twice to get it to work in your setup, and you have to recompile it when you make configuration changes. Low tech. Courier Imap has native support for ldap authentication and maildirs, has low memory requirements, and can be reconfigured without recompiling. Regards, Mike
Re: YALQ (Yet another LDAP Question)
Andrew J Herbert [EMAIL PROTECTED] wrote: How does qmail look up local users anyway? Why won't it work with nss_ldap? If the qmail-users mechanism is configured, that's used -- `man qmail-users` for details. Fallback is qmail-getpw, which relies on the system's implementation of the getpwnam() function. stock qmail doesn't know anything about LDAP. I don't know if LDAP-patched qmail gets user information in a different way. If not, you could dump your LDAP users information through qmail-pw2u and qmail-newu to use the qmail-users mechanism. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
Re: YALQ (Yet another LDAP Question)
Andrew J Herbert wrote: 1. We use Eudora as a mail client, it's not my choice unfortunately, and it thrashes Courier, whilst UW doesn't break a sweat, due to the odd way Eudora implements mail filters (using UID's). Yes, I have encountered this with 2-3 of my users who just refuse to leave Eudora. It's not a problem with this number, but if everybody used it then it would be. 2. We have to have people having logons in the system, this isn't just email we're talking about, hence why I said I want to use real users, and not virtual users. Also we run a web based front end to procmail for mail filtering that has to be 'grannied' in. Fine if people log on then, but they don't need to have their maildir stored in their home directory. Set your global pine configuration to use IMAP instead of accessing an mbox. This takes away fast text grepping, but provides alot of ease for administration. Qmail-LDAP will work in this environment. Regards, Mike
Re: YALQ (Yet another LDAP Question)
Aah, now this is an interesting thing, I can run qmail-getpw from the command line, and it finds all the correct information, using the LDAP lookup (this is using regular qmail with nss_ldap), the permissions on the users home directory look OK (owned by user 700) as does the Maildir and there is a .qmail file (owned by user 644) which contains ./Maildir/ so why isn't mail being delivered? Suggestions anyone? herbie __ This is an email, an electronic Post-It note. Keep your Inbox tidy and dispose of it in a timely fashion. On Mon, 25 Jun 2001, Charles Cazabon wrote: Andrew J Herbert [EMAIL PROTECTED] wrote: How does qmail look up local users anyway? Why won't it work with nss_ldap? If the qmail-users mechanism is configured, that's used -- `man qmail-users` for details. Fallback is qmail-getpw, which relies on the system's implementation of the getpwnam() function. stock qmail doesn't know anything about LDAP. I don't know if LDAP-patched qmail gets user information in a different way. If not, you could dump your LDAP users information through qmail-pw2u and qmail-newu to use the qmail-users mechanism. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ ---
