29 Sep
2006
29 Sep
'06
7:50 p.m.
If all of your users reside in LDAP, it would be safest to bypass nss_ldap and pam_ldap all together and have dovecot talk directly to the LDAP database.
We've had nothing but success since we made the change on our end. Not only did it eliminate the problems that we were seeing, it also makes the authentication path a bit more efficient (why have a 'monkey in the middle' when you can talk right to LDAP?).
IMHO, I've always seen pam_ldap/nss_ldap as a band-aid type of hack.. :)
-Rich