[courier-users] Re: Using LDAP with virtual and normal accounts
This is a discussion on [courier-users] Re: Using LDAP with virtual and normal accounts within the Courier-Imap forums, part of the Mail Servers and Related category; Gordon Messmer <yinyang@eburg.com> writes: > On May 28, 2005, at 12:36 PM, Lloyd Zusman wrote: &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-29-2005
|
|||
|
|||
[courier-users] Re: Using LDAP with virtual and normal accounts
Gordon Messmer <yinyang@eburg.com> writes:
> On May 28, 2005, at 12:36 PM, Lloyd Zusman wrote: > >> 1. Is it indeed possible to manage both setups simultaneously >> using LDAP under Courier? > > Yes. In such a setup, you have the option of using authpam for the > "local" accounts and authldap for the "virtual" users, or using > authldap for all of them. > > [ ... ] >> >> For the "virtual" accounts: >> >> LDAP_MAILROOT /var/vmail >> LDAP_GLOB_UID vmail >> LDAP_GLOB_GID vmail > > If you're using ldap for all users, then you can't use LDAP_GLOB_UID/ > GID, and it's just as easy to leave the first setting off and make sure > that your virtual users' home directories are fully qualified in the > homeDirectory attribute. OK. I think I understand. When you say "leave the first setting off", are you referring to the LDAP_MAILROOT setting? If so, then I think I understand what you're describing here. For handling both cases via authldap, I presume it goes like this ... - I don't use LDAP_MAILROOT, LDAP_GLOB_UID, or LDAP_GLOB_GID at all. - I use homeDirectory (from LDAP_HOMEDIR), uidNumber (from LDAP_UID), and gidNumber (from LDAP_GID) in both cases, as follows: For local users (assume "localuser@somedomain.com" and "somedomain.com" in my "locals" file) homeDirectory: /home/localuser uidNumber: uid for localuser gidNumber: gid for localuser For virtual users (assume "virtuser@otherdomain.com" and "otherdomain.com" in "my "hosteddomains" file): homeDirectory /var/vmail/virtuser@otherdomain.com uidNumber: uid for user "vmail" gidNumber: gid for user "vmail" (where the entire /var/vmail tree is owned by vmail:vmail) Is my understanding correct? > [ ... ] > > If you're using LDAP for all users, then you can add the 'posixAccount' > to the objectclass for local users, while the virtual accounts use the > 'CourierMailAccount' value. Set up that way, you can also use LDAP > instead of the system password files. Thanks. After I get more comfortable with using LDAP here for Courier, I'll then expand my use of it to replace the system password files, in the manner you have described. > [ ... ] > > Put '/var/vmail/quack@abc.com/' in that entry's homeDirectory attribute. One question: do I need the trailing slash for all homeDirectory values? Thanks a lot for your cogent and quite helpful explanations. -- Lloyd Zusman ljz@asfast.com God bless you. ------------------------------------------------------- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users 
|
Linear Mode
