Re: [courier-users] Semi-virtual users in LDAP

Hi Misty,

I am not sure about your LDAP-problem, but I hope you have
courier-authlib-ldap installed ?!

However, you can use the standard setup and disallow Samba users to
view/enter the Maildir ( smb.conf: veto files = /.*/Maildir/ ). This is my
current setup and it works perfect !

Good luck, Alfred.

----- Original Message -----
From: "Misty Stanley-Jones" <misty@borkholder.com>
To: < >
Sent: Monday, March 07, 2005 10:01 PM
Subject: [courier-users] Semi-virtual users in LDAP


> Hi all,
>
> We are phasing out the system that the mail server is on, because the box
> is
> dying. I use Courier-IMAP and currently authenticate via PAM/LDAP. The
> system that I want to move the server onto also authenticates via
> PAM/LDAP.
> There is only one problem. That system already has home directories
> in /home, for the Samba users on it. For that reason, I don't want
> Courier-IMAP to store mail in /home/$USER/Maildir like the default.
> Basically I want Courier to ignore the homeDirectory attributes of my
> users,
> and instead look for maildirs in /mail/$USER/Maildir.
>
> To that end I have configured authldaprc like this:
>
> LDAP_SERVER ldap.mycompany.com
> LDAP_PORT 389
>
> LDAP_PROTOCOL_VERSION 3
>
> LDAP_BASEDN ou=corp,dc=mycompany,dc=com
> LDAP_BINDDN cn=Manager,dc=mycompany,dc=com
> LDAP_BINDPW supersecret
>
>
> LDAP_TIMEOUT 5
>
> LDAP_MAIL uid
> LDAP_FILTER (objectClass=posixAccount)
> LDAP_DOMAIN mycompany.com
>
> LDAP_HOMEDIR LDAP_MAILROOT/$user
> LDAP_MAILROOT /mail
> LDAP_MAILDIR mailbox
>
> LDAP_DEFAULTDELIVERY defaultDelivery
>
> LDAP_FULLNAME cn
> LDAP_CRYPTPW userPassword
> LDAP_UID uidNumber
> LDAP_GID gidNumber
> LDAP_DEREF never
> LDAP_TLS 0
>
> Then I make a directory structure /mail/test/Maildir/[cur,tmp,new] and I
> make
> it readable by user 'test'. I try to log in as user 'test' and here is
> what
> I get:
>
> Mar 7 15:50:15 furnsrv authdaemond: received auth request, service=imap,
> authtype=logi
> n
> Mar 7 15:50:15 furnsrv authdaemond: authldap: trying this module
> Mar 7 15:50:15 furnsrv authdaemond: selected ldap protocol version 3
> Mar 7 15:50:15 furnsrv authdaemond: binding to LDAP server as DN
> 'cn=Manager,dc=mycompany
> ,dc=com', password 'supersecret'
> Mar 7 15:50:15 furnsrv authdaemond: using search filter: (uid=test)
> Mar 7 15:50:15 furnsrv authdaemond: one entry returned, DN:
> uid=test,ou=People,ou=CORP
> ,dc=borkholder,dc=com
> Mar 7 15:50:15 furnsrv authdaemond: raw ldap entry returned:
> Mar 7 15:50:15 furnsrv authdaemond: | cn: test
> Mar 7 15:50:15 furnsrv authdaemond: | uid: test
> Mar 7 15:50:15 furnsrv authdaemond: | userPassword: {SSHA}
> 3c4JKSytP5B5UhCOWJ2IiQYUgQox
> 2NeD
> Mar 7 15:50:15 furnsrv authdaemond: authldaplib: refuse to authenticate
> test:
> uid=0, g
> id=0 (zero uid or gid not permitted)
> Mar 7 15:50:15 furnsrv authdaemond: authldaplib: sysusername=<null>,
> sysuserid=0, sysg
> roupid=0, homedir=, address=test, fullname=test, maildir=<null>,
> quota=<null>,
> options=
> <null>
> Mar 7 15:50:15 furnsrv authdaemond: authldaplib: clearpasswd=<null>,
> passwd={SSHA}3c4J
> KSytP5B5UhCOWJ2IiQYUgQox2NeD
> Mar 7 15:50:15 furnsrv authdaemond: supplied password 'test' does not
> match
> encrypted
> password '{SSHA}3c4JKSytP5B5UhCOWJ2IiQYUgQox2NeD'
> Mar 7 15:50:15 furnsrv authdaemond: authldap: REJECT - try next module
> Mar 7 15:50:15 furnsrv authdaemond: FAIL, all modules rejected
> Mar 7 15:50:15 furnsrv imapd: LOGIN FAILED, user=test,
> ip=[::ffff:192.168.1.105]
> Mar 7 15:50:20 furnsrv imapd: Disconnected, ip=[::ffff:192.168.1.105],
> time=5
>
> Now, in LDAP the uidNumber of 'test' is 1127 and gidNumber is 513. I am
> not
> sure why it thinks that the uid and gid are both 0 for the entry 'test.'
>
> Can someone please tell me what I am doing wrong and/or if there is an
> easier
> way to accomplish what I am trying to do?
>
> Thanks!
> Misty
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> courier-users mailing list
> courier-users@lists.sourceforge.net
> Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users
>



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users