Nico Alberti wrote:
I would like use one single username/password combination for our MS domain users and their IMAP mail accounts on a Linux box, so I tried to set up the Courier-Imap LDAP authentication mechanism, without success.
I've set up my virtual mailboxes (Courier-MTA 0.45.5) with AD (under W2k3; AFAIK W2k will not accept LDAP binds without Kerberos pre-authentication by default).
Here's my authldaprc:
LDAP_SERVER w2k3.server
LDAP_PORT 389
LDAP_PROTOCOL_VERSION 3
LDAP_BASEDN ou=Dept,dc=w2k3,dc=server
LDAP_BINDDN [EMAIL PROTECTED]
LDAP_BINDPW CourierPassword
LDAP_TIMEOUT 5
LDAP_AUTHBIND 1
LDAP_MAIL mail
LDAP_FILTER (objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))
LDAP_DOMAIN my.domain
LDAP_GLOB_UID vuser
LDAP_GLOB_GID vgroup
LDAP_HOMEDIR sAMAccountName
LDAP_MAILROOT /var/virtual/mail
LDAP_MAILDIR mailbox
LDAP_DEFAULTDELIVERY defaultDelivery
LDAP_MAILDIRQUOTA info
LDAP_FULLNAME cn
LDAP_CLEARPW clearPassword
LDAP_CRYPTPW userPassword
LDAP_DEREF never
LDAP_TLS 0
That string MUST BE in /etc/openldap/ldap.conf to avoid anonymous binds when chasing referrals (without it authdaemond.ldap will not authenticate):
REFERRALS 0
That "strange" LDAP_FILTER option was made to not accept messages for disabled accounts.
AD account MUST HAVE non-empty field 'E-mail' at tab 'General' filled with user's e-mail. 'Notes' field at 'Telephones' tab can be used to store account's quota
-- System Administrator of Matrix Network Solutions (KSP2-RIPE)
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
