On Wed, 10 Nov 2004, Fernando Maior wrote:
> Andreas,
>
> I am a bit worried about using courier-imap auth daemon. There are
> some issues about that:
>
> 1) One must explicitly declare the number of daemons to run at startup;
> I prefer to have that the way tcpserver usually does, limiting the
> connections instead of the number of daemons.
>
> 2) I have a feeling that courier is more memory-hunger then auth_imap,
> takes more time and resources.
>
> 3) I think that, if it is so easy to use auth_imap, instead of the
> courier, lets use that :)
Yes, as I have said before on this list, I use courier imap, but I don't
use their auth mechanism -- I don't even start courier-authdaemon. I use
the auth_imap program that the qmail-ldap folks have made. To do this, I
had to modify the /etc/init.d/courier-imap startup script (I just use
this, and use stunnel for IMAPS service.
changed this line in the startup script
$PORT ${libexecdir}/courier/imaplogin $AUTHMODULELIST
to:
$PORT ${libexecdir}/courier/imaplogin /var/qmail/bin/auth_imap
So, then I have:
mail0:/etc/init.d# ps axuww |grep couriertcpd
root 755 0.0 0.0 2464 736 ? S 10:57 0:00
/usr/sbin/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger
-maxprocs=500 -maxperip=100 -pid=/var/run/courier/imapd.pid -nodnslookup
-noidentlookup 143 /usr/lib/courier/courier/imaplogin
/var/qmail/bin/auth_imap /usr/bin/imapd Maildir
and do not run courier-authdaemon at all. Works perfectly, I don't have
the worries you list above at all, just have to make sure my LDAP servers
(slaves for auth) are able to respond quickly enough, so far this has not
been a problem, I get around 30-40,000 IMAP logins per server per day, and
its been running fine.
>
> Command ps -aux shows:
>
> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
> root 14350 0.0 0.0 3276 988 ? S 16:05 0:00 authdaemond.ldap
>
> What about auth_imap?
>
> Also, courier authdaemon sometimes just loses connection with ldap
> service and do not reconnects.
>
> I would like you please show me the configuration for auth_ldap.
> Do you run it from tcpserver? What about files like run, log/run
> and other?
>
> You see, on courier we must set the authdaemonrc and authldaprc
> files in order to get info from ldap. There is a huge number of
> variables. AFAIK, we do not need conf files for auth_ldap, is it?
auth_ldap uses the ldap server configured in
/var/qmail/control/ldapserver, so its the same config as the rest of the
server. As you can tell, I prefer auth_imap to courier's authdaemon.
Andreas
