Hola lista, He instalado Postfix + Courier-IMAP con OpenLDAP para hacer virtual mail y autentificar a los usuarios. Resulta que Postfix funciona de maravilla, recibe y envia correo de los usuarios locales (usuarios reales del servidor, no virtuales), y recibe perfectamente el correo dirigido a usuarios virtuales. Pero Courier-IMAP no acaba de funcionar del todo, permite loguear, leer y enviar correo a los usuarios locales, pero no permite loguear a los usuarios virtuales. En el syslog aparece lo siguiente al intentar loguearme al IMAP:
Apr 28 11:53:49 sitscweb imapd-ssl: Connection, ip=[::ffff:192.168.1.5] Apr 28 11:53:56 sitscweb slapd[190]: connection_get(9) Apr 28 11:53:56 sitscweb slapd[368]: send_ldap_result: 0:: Apr 28 11:53:56 sitscweb slapd[190]: connection_get(9) Apr 28 11:53:56 sitscweb slapd[364]: SRCH "o=TUX,dc=dominio,dc=es" 2 0 Apr 28 11:53:56 sitscweb slapd[364]: 0 0 0 Apr 28 11:53:56 sitscweb slapd[364]: filter: (mail=baro) Apr 28 11:53:56 sitscweb slapd[364]: attrs: Apr 28 11:53:56 sitscweb slapd[364]: homeDirectory Apr 28 11:53:56 sitscweb slapd[364]: mailbox Apr 28 11:53:56 sitscweb slapd[364]: cn Apr 28 11:53:56 sitscweb slapd[364]: clearPassword Apr 28 11:53:56 sitscweb slapd[364]: userPassword Apr 28 11:53:56 sitscweb slapd[364]: mail Apr 28 11:53:56 sitscweb slapd[364]: Apr 28 11:54:01 sitscweb imapd-ssl: LOGIN FAILED, ip=[::ffff:192.168.1.5] Apr 28 11:54:12 sitscweb imapd-ssl: LOGOUT, ip=[::ffff:192.168.1.5] Gracias Quimi P.D.:A continuacion estan los ficheros de configuracion de COURIER-IMAP: AUTHDAEMONRC ##NAME: authmodulelist:0 # # The authentication modules that are linked into authdaemond. The # default list is installed. You may selectively disable modules simply # by removing them from the following list. The available modules you # can use are: authcustom authcram authuserdb authldap authmysql authpam authmodulelist="authldap authpam" ##NAME: authmodulelistorig:1 # # This setting is used by Courier's webadmin module, and should be left # alone authmodulelistorig="authcustom authcram authuserdb authldap authmysql authpam" ##NAME: daemons:0 # # The number of daemon processes that are started. authdaemon is typically # installed where authentication modules are relatively expensive: such # as authldap, or authmysql, so it's better to have a number of them running. # PLEASE NOTE: Some platforms may experience a problem if there's more than # one daemon. Specifically, SystemV derived platforms that use TLI with # socket emulation. I'm suspicious of TLI's ability to handle multiple # processes accepting connections on the same filesystem domain socket. # # You may need to increase daemons if as your system load increases. Symptoms # include sporadic authentication failures. If you start getting # authentication failures, increase daemons. However, the default of 5 # SHOULD be sufficient. Bumping up daemon count is only a short-term # solution. The permanent solution is to add more resources: RAM, faster # disks, faster CPUs... daemons=5 ##NAME: version:0 # # When you have multiple versions of authdaemond.* installed, authdaemond # just picks the first one it finds. Set "version" to override that. # For example: version=authdaemond.plain version="" ##NAME: authdaemonvar:0 # # authdaemonvar is here, but is not used directly by authdaemond. It's # used by various configuration and build scripts, so don't touch it! authdaemonvar=/var/run/courier/authdaemon AUTHLDAPRC ##NAME: LOCATION:0 # # Location of your LDAP server: LDAP_SERVER localhost LDAP_PORT 389 ##NAME: LDAP_BASEDN:0 # # Look for authentication here: LDAP_BASEDN o=TUX,dc=dominio,dc=es ##NAME: LDAP_TIMEOUT:0 # # Timeout for LDAP search LDAP_TIMEOUT 5 ##NAME: LDAP_AUTHBIND:0 # # Define this to have the ldap server authenticate passwords. If LDAP_AUTHBIND # the password is validated by rebinding with the supplied userid and password. # If rebind succeeds, this is considered to be an authenticated request. This # does not support CRAM-MD5 authentication, which requires userPassword. # # WARNING - as of the time this note is written, there are memory leaks in # OpenLDAP that affect this option, see ITS #1116 in openldap.org's bug # tracker. Avoid using this option until these leaks are plugged. # LDAP_AUTHBIND 1 ##NAME: LDAP_MAIL:0 # # Here's the field on which we query LDAP_MAIL mail ##NAME: LDAP_GLOB_IDS:0 # # The following two variables can be used to set everybody's uid and gid. # This is convenient if your LDAP specifies a bunch of virtual mail accounts # The values can be usernames or userids: # LDAP_GLOB_UID vmail LDAP_GLOB_GID vmail ##NAME: LDAP_HOMEDIR:0 # # We will retrieve the following attributes # # The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it LDAP_HOMEDIR homeDirectory ##NAME: LDAP_MAILDIR:0 # # The MAILDIR attribute is OPTIONAL, and specifies the location of the # mail directory. If not specified, ./Maildir will be used LDAP_MAILDIR mailbox ##NAME: LDAP_FULLNAME:0 # # FULLNAME is optional, specifies the user's full name LDAP_FULLNAME cn ##NAME: LDAP_PW:0 # # CLEARPW is the clear text password. CRYPT is the crypted password. # ONE OF THESE TWO ATTRIBUTES IS REQUIRED. If CLEARPW is provided, and # libhmac.a is available, CRAM authentication will be possible! #LDAP_CLEARPW clearPassword LDAP_CRYPTPW userPassword ##NAME: LDAP_DEREF:0 # # Determines how aliases are handled during a search. This option is available # only with OpenLDAP 2.0 # # LDAP_DEREF can be one of the following values: # never, searching, finding, always. If not specified, aliases are # never dereferenced. LDAP_DEREF never ##NAME: LDAP_TLS:0 # # Set LDAP_TLS to 1 to enable LDAP over SSL/TLS. Experimental setting. # Requires OpenLDAP 2.0 # LDAP_TLS 0