fr den 25.08.2006 Klokka 23:34 (+0200) skreiv Josselin Dulac (I.U.FM.): [...]
Apart from the fact that IMHO a Posix 1003 UID should never be multi- valued and a multi-valued UID will give rise to problems, the following advice works on our sites for virtual users: > LDAP_SERVER localhost > LDAP_PORT 389 > LDAP_PROTOCOL_VERSION 3 > LDAP_BASEDN dc=lyon,dc=iufm,dc=fr > LDAP_TIMEOUT 5 > LDAP_AUTHBIND 1 #My encryption method (SSHA) is only supported > with Bind Authentication (and I find it more secure) > LDAP_MAIL uid Not good. For virtual users, if you use a schema such as qmail.schema and objectclass qmailuser, you can use attribute mailmessagestore for this; point it to the LDAP_GLOB_UID/UID's home directory. > LDAP_DOMAIN > LDAP_GLOB_UID courier #As I use courier uid, it seems that > homeDirectory value is not used : all mailboxes are build in > /home/courier/{$mail} Ok > LDAP_GLOB_GID courier > LDAP_HOMEDIR homeDirectory Point this to the same as LDAP_MAIL, i.e. mailmessagestore. > LDAP_MAILDIR mail #I use the mail attribute to generate > mailboxes names (as uid isMULTI-VALUED in my LDAP base, I cannot use uid > for that) Point this to the same as LDAP_HOMEDIR. > LDAP_FULLNAME displayName > LDAP_CRYPTPW userPassword #As I use a Bind authentication > method, this information shouldn't be needed. It's just a rest of my tests. > LDAP_DEREF never > LDAP_TLS 0 Ok. > #Here is the part of the configuration that is a bit dark to me > LDAP_EMAILMAP ([EMAIL PROTECTED]@)) > LDAP_EMAILMAP_BASEDN dc=lyon,dc=iufm,dc=fr > LDAP_EMAILMAP_ATTRIBUTE uid > LDAP_EMAILMAP_MAIL mail Do not set any of these. > Here is my syslog file after a login attempt (warning about maildirmake > seems ok as it's not my 1st login attempt and mailboxes has been build > on1st login) ----------------------------------------------------- > Aug 25 23:31:57 localhost imapd: Connection, ip=[::ffff:127.0.0.1] > Aug 25 23:31:57 localhost imapd: LOGIN: DEBUG: ip=[::ffff:127.0.0.1], > command=LOGIN > Aug 25 23:31:57 localhost imapd: LOGIN: DEBUG: ip=[::ffff:127.0.0.1], > username=j.dulac > Aug 25 23:31:57 localhost imapd: LOGIN: DEBUG: ip=[::ffff:127.0.0.1], > password=¤¤¤¤¤¤ > Aug 25 23:31:57 localhost imapd: authdaemon: starting client module > Aug 25 23:31:57 localhost authdaemond.ldap: received auth request, > service=imap, authtype=login > Aug 25 23:31:57 localhost authdaemond.ldap: authldap: trying this module > Aug 25 23:31:57 localhost authdaemond.ldap: using search filter: > (uid=j.dulac) > Aug 25 23:31:57 localhost authdaemond.ldap: one entry returned, DN: > uid=PR08766,ou=People,dc=lyon,dc=iufm,dc=fr > Aug 25 23:31:57 localhost authdaemond.ldap: raw ldap entry returned: > Aug 25 23:31:57 localhost authdaemond.ldap: | displayName: Josselin DULAC > Aug 25 23:31:57 localhost authdaemond.ldap: | mail: > [EMAIL PROTECTED] > Aug 25 23:31:57 localhost authdaemond.ldap: | uid: PR08766 > Aug 25 23:31:57 localhost authdaemond.ldap: | uid: j.dulac > Aug 25 23:31:57 localhost authdaemond.ldap: | uid: Josselin > Aug 25 23:31:57 localhost authdaemond.ldap: | homeDirectory: /home/PR08766/ As stated, for virtual UID/GIDs, Courier IMAP expects LDAP_HOMEDIR to be the same as LDAP_MAILDIR and writes its configuration files to this. > Aug 25 23:31:57 localhost authdaemond.ldap: authldaplib: > sysusername=j.dulac, sysuserid=500, sysgroupid=500, > homedir=/home/PR08766/, address=j.dulac, fullname=Josselin DULAC, > [EMAIL PROTECTED], quota=<null>, options=<null> > Aug 25 23:31:57 localhost authdaemond.ldap: authldaplib: > clearpasswd=<null>, passwd=<null> > Aug 25 23:31:57 localhost authdaemond.ldap: rebinding with DN > 'uid=PR08766,ou=People,dc=lyon,dc=iufm,dc=fr' to validate password > Aug 25 23:31:57 localhost authdaemond.ldap: authentication bind successful > Aug 25 23:31:57 localhost authdaemond.ldap: authldap: ACCEPT, username > j.dulac > Aug 25 23:31:57 localhost imapd: authdaemon: ACCEPT, username j.dulac > Aug 25 23:31:57 localhost imapd: maildirmake: File exists It probably does, yes. Test as root with Courier authdaemon's authtest - it will point to your maildir, using both Home Directory and Maildir attributes. --Tonni -- Tony Earnshaw reservebergenser :) ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap