[Dovecot] Samba AD and Dovecot

[Timo Sirainen]

Ccing mailing list, since I'm not all-knowing..

On Oct 7, 2009, at 12:49 AM, Trever L. Adams wrote:

> Timo Sirainen wrote:
>> On Oct 7, 2009, at 12:36 AM, Trever L. Adams wrote:
>>> 1) I have seen how to configure for LDAP and Kerberos. AD uses both
>>> together. All user information is in AD/LDAP and authentication is
>>> AD/Kerberos. How can I configure Dovecot to use both appropriately?
>> You could forget about the Kerberos part and just use AD as an LDAP
>> server.
> I really want to use kerberos/SPNEGO everywhere I can for various
> reasons. The LDAP would be for the configuration.

Do you actually want the IMAP/POP3 clients to use Kerberos? For  
plaintext auth I don't see any benefit in Dovecot using Kerberos  
rather than LDAP (and it doesn't support that, except via pam_kerberos  
or whatever I guess). But for clients to use Kerberos (GSSAPI) and  
authenticate against AD while Dovecot is in the middle... I've no  
idea. I guess that's possible somehow.

>>> 2) For example if I have a directory /var/mail/domain/user. Can
>>> I have Dovecot auto create (with proper permissions) the domain/user
>>> part? These would be used for maildir.
>> If you're using the same UNIX UID for all users, there's really
>> nothing you need to do. Dovecot tries to create missing directories
>> automatically.
> No, I will be using the new Samba IDMAP stuff that hashes all the  
> parts
> of the windows ID to a 32 bit UID. Anyway to do to this, or will I  
> need
> to find another solution (not for mailing, but for directory  
> creation)?

There's no great way to do this.. A couple of kludgy ways. Like chmod  
01777 /var/mail. Or override mail_executable setting to a script that  
still runs as root and can create the directory with proper  
permissions. http://wiki.dovecot.org/PostLoginScripting