- Do not use PAM and Ldap and then let dovecot talk to pam. It is bad. Don't do it. 2a. Unless you like users digging around in random mailboxes. 2b. NSCD is broken and should not be trusted.
Erm... since I'm running precisely this kind of setup, could you please add some detail? I'd be very interested. Feel free to reply directly to me, but I think it should be useful also for ML archives ;)
For Me, When I was using Dovecot Pam->nss_ldap on 0.99, and 1.0rc1 and rc2, it caused heavy system load. When I turned on nscd, the system load went down (Yeah!) but 8 of my 170ish users managed to POP mail out of the wrong mboxes. (I checked all the obvious things)
When I reconfigured Dovecot to talk directly to Ldap (Without Pam), the universe returned to the normal level of entropy.
I posted to the mailing list http://dovecot.org/list/dovecot/2006-October/016720.html
and got a link to another person with the same behavior. http://dovecot.org/list/dovecot/2006-September/016454.html
The general consensus was that nss_ldap has some emotional problems and dovecot seems to annoy it.... Kind of like poking an angry snapping turtle with a stick.