[courier-users] Re: Using LDAP with virtual and normal accounts

Sam Varshavchik <mrsam@courier-mta.com> writes:

> Lloyd Zusman writes:
>
>> Sam Varshavchik <mrsam@courier-mta.com> writes:
>>
>>> Lloyd Zusman writes:
>>>
>>>> I have another authldap question:
>>>> Assume the following setup for a user with a "virtual" account:
>>>> LDAP_HOMEDIR (homeDirectory): /var/vmail/whoever@virtual.com
>>>> LDAP_UID (uidNumber): owner of /var/vmail tree
>>>> LDAP_GID (gidNumber): group of /var/vmail tree
>>>> LDAP_MAIL (mail): whoever@virtual.com
>>>> virtual.com is in "hosteddomains".
>>>> This works fine for the delivery of email to "whoever@virtual.com",
>>>> which properly ends up under "/var/vmail/whoever@virtual.com/Maildir".
>>>> Also, the user can retrieve email via IMAP as long as he/she logs in as
>>>> "whoever@virtual.com".
>>>> However, I want the user to log using simply "whoever", not
>>>> "whoever@virtual.com". How do I enable this capability via authldap?
>>>
>>> Add a second 'mail' attribute to the LDAP record.
>> Aha! Thanks.
>> Previously, the record looked like this:
>> mail=whoever@virtual.com
>> homeDirectory=/var/vmail/whoever@virtual.com
>> cn=Virtual User
>> uidNumber=[owner of /var/vmail tree]
>> gidNumber=[group of /var/vmail tree]
>> userPassword=[encrypted password]
>> So, I presume that it should now look like this:
>> mail=whoever@virtual.com
>> mail=whoever
>> homeDirectory=/var/vmail/whoever@virtual.com
>> cn=Virtual User
>> uidNumber=[owner of /var/vmail tree]
>> gidNumber=[group of /var/vmail tree]
>> userPassword=[encrypted password]
>> However, I'm having trouble adding such a record to LDAP, but perhaps
>> that's just a bug in the LDAP client software that I'm using. If this
>> version with two "mail" attributes is indeed correct (please confirm),
>> then I'll start debugging the LDAP client.
>
> This is correct.
>
> It's possible that your LDAP schema prohibits duplicate attributes in a
> record. It's a simple matter of changing your schema definition.

Well, it turns out that my schema does indeed allow duplicate attributes
(I'm using openldap with the standard "authldap.schema" that comes with
Courier-authlib). The bug was something different: I was incorrectly
having the LDAP client add the above record (with two "mail" attributes)
using the following key:

mail=whoever@virtual.com,mail=whoever,ou=Authentic ation,cd=host,cd=com

When I changed the key to this ...

mail=whoever@virtual.com,ou=Authentication,cd=host ,cd=com

.... I was then able to successfully add this dual-mail-attribute record
under this key.

And everything works fine now.

I'm using phpldapadmin as my LDAP client, and I have made a custom
template for adding courier mail accounts. What I now do in this
template is this:

accept the "mail" attribute from the user and store it into
the variable $mail

put mail=$mail into the list of attributes in the record that
will be added

if specified "mail" attribute contains a "@", then

take the part of $mail that appears to the left of the "@"
and store it in the variable $mailfirst

put mail=$mailfirst into to the list of attributes in the
record that will be added

endif

put the other attributes into the LDAP record

set the key to be "mail=$mail,ou=Authentication,dc=host,dc=com"
(with only a single "mail" attribute, the one specified)

add the record to LDAP using this key


Thanks.


--
Lloyd Zusman
ljz@asfast.com
God bless you.



-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users