Re: [courier-users] Using LDAP with virtual and normal accounts

On May 28, 2005, at 12:36 PM, Lloyd Zusman wrote:

> 1. Is it indeed possible to manage both setups simultaneously
> using LDAP under Courier?

Yes. In such a setup, you have the option of using authpam for the
"local" accounts and authldap for the "virtual" users, or using
authldap for all of them.

> 2. If the answer to #1 is "yes", then I believe that the following
> settings are appropriate in the "authldaprc" file:
>
> For the "normal" accounts:

Options in the authldaprc file are going to affect all users.

> LDAP_HOMEDIR homeDirectory (to contain home directory)
> LDAP_UID uidNumber (to contain user's uid)
> LDAP_GID gidNumber (to contain user's gid)

If you're using ldap for all users, then those settings are fine.
Make sure that all of your entries in LDAP, for both local users and
virtual users, have those attributes defined with appropriate values.

> For the "virtual" accounts:
>
> LDAP_MAILROOT /var/vmail
> LDAP_GLOB_UID vmail
> LDAP_GLOB_GID vmail

If you're using ldap for all users, then you can't use LDAP_GLOB_UID/
GID, and it's just as easy to leave the first setting off and make
sure that your virtual users' home directories are fully qualified in
the homeDirectory attribute.

If you're using authpam for local users, and authldap only for the
virtual users, then you can set the GLOB values, but you would
comment out LDAP_UID and LDAP_GID in that case.

> However, even with these settings, I don't know what to put
> into the
> LDAP database in order to indicate that a given email address is
> "virtual" instead of "normal", and that it therefore should use
> one
> of the /var/vmail Maildirs.

If you're using LDAP for all users, then you can add the
'posixAccount' to the objectclass for local users, while the virtual
accounts use the 'CourierMailAccount' value. Set up that way, you
can also use LDAP instead of the system password files.

Whatever you decide, I think it's easiest to specify the full path to
the user's home directory in the homeDirectory attribute.

> However, for the "quack@abc.com" user, what do I put into the same
> LDAP database to indicate that it's not a normal account, but
> rather, one of the virtual accounts that lives under /var/vmail
> and
> whose Maildir is "/var/vmail/quack@abc.com/Maildir"?

Put '/var/vmail/quack@abc.com/' in that entry's homeDirectory attribute.



-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users