This message does not contain a bug report or any issues. It is a summary of my experiences with Postfix, Dovecot, and Ldap.
Do not use Dovecot 0.99, even if it's what your vendor has packaged. 1a. ... When you upgrade past 0.99, you'll get some double mail because of UIDL's.
Do not use PAM and Ldap and then let dovecot talk to pam. It is bad. Don't do it. 2a. Unless you like users digging around in random mailboxes. 2b. NSCD is broken and should not be trusted.
Dovecot+Ldap works, and works well. 3a. If you don't do "Auth Binds", it cuts the work on the ldap server in half. 3b. User Prefetch cuts that in half again.
Postfix+Ldap works, and works well. 4a. If your server is underspec'd, you may get the occassional "Temporary lookup failure" 400 error during periods of heavy load, specifically when backups are running.
OpenLdap works.
5a. When you run as ldap, the config files need to be owned by ldap. 5b. ... And the database 5c. ... And the schema 5d. Adding slapd_db_recover to the init script isn't a bad idea.Don't be dumb. 6a. ... Like me. 6b. If you are using ldap to lookup the attribute mail, index the mail attribute. 6c. If you add an index to Openldap, you have to reindex the database with slapindex 6d. ... Or you bounce a lot of mail before you figure it out. 6e. Make sure you can login to the console and/or ssh if the ldap server dies. 6f. ... Be Really sure. 6g. The convert plugin can switch users between maildirs and mboxes.
Ejay Hire IT Manager, Confidential Business Resources 615-665-5555 (office) 615-456-9813 (mobile)