Ccing mailing list, since I'm not all-knowing..
On Oct 7, 2009, at 12:49 AM, Trever L. Adams wrote:
Timo Sirainen wrote:
On Oct 7, 2009, at 12:36 AM, Trever L. Adams wrote:
1) I have seen how to configure for LDAP and Kerberos. AD uses both
together. All user information is in AD/LDAP and authentication is
AD/Kerberos. How can I configure Dovecot to use both appropriately?
You could forget about the Kerberos part and just use AD as an LDAP
server.
I really want to use kerberos/SPNEGO everywhere I can for various
reasons. The LDAP would be for the configuration.
Do you actually want the IMAP/POP3 clients to use Kerberos? For
plaintext auth I don't see any benefit in Dovecot using Kerberos
rather than LDAP (and it doesn't support that, except via pam_kerberos
or whatever I guess). But for clients to use Kerberos (GSSAPI) and
authenticate against AD while Dovecot is in the middle... I've no
idea. I guess that's possible somehow.
2) For example if I have a directory /var/mail/domain/user. Can
I have Dovecot auto create (with proper permissions) the domain/user
part? These would be used for maildir.
If you're using the same UNIX UID for all users, there's really
nothing you need to do. Dovecot tries to create missing directories
automatically.
No, I will be using the new Samba IDMAP stuff that hashes all the
parts
of the windows ID to a 32 bit UID. Anyway to do to this, or will I
need
to find another solution (not for mailing, but for directory
creation)?
There's no great way to do this.. A couple of kludgy ways. Like chmod
01777 /var/mail. Or override mail_executable setting to a script that
still runs as root and can create the directory with proper
permissions. http://wiki.dovecot.org/PostLoginScripting
