aki.tuomi@dovecot.fi wrote:
As mentioned before, you can use ldap as userdb instead of static userdb. Username matching in AD environment should be done against userPrincipalName attribute.
Do you see any problem with my continuing to use:
userdb { driver = passwd }
... with gssapi? (providing I get other configs correct)
--Mark
-----Original Message-----
Date: Tue, 28 Jun 2016 00:19:45 +0300 (EEST) From: aki.tuomi@dovecot.fi To: dovecot@dovecot.org Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example]
On June 28, 2016 at 12:02 AM Jan Jurkus j.jurkus@gcecad-service.nl wrote:
Hi,
I'm not entirely happy with the static userdb, because of the limitations with kerberos/pam, but this can of course be changed rather easily. The hardest part is to get the SSO working. One of the limitiations is stated here: http://wiki.dovecot.org/UserDatabase/Static
Postfix SMTP auth is using LMTP, reading from my notes.
I hope you can get a clearer picture with this rather long and chaotic reply.
As mentioned before, you can use ldap as userdb instead of static userdb. Username matching in AD environment should be done against userPrincipalName attribute.
This should let you get rid of pam as well.
Aki Tuomi Dovecot oy
-- Jan Jurkus | ICT Beheerder | GCE cad-service B.V. Postbus 12, 3220 AA Hellevoetsluis Daltonweg 9, 3225 LR Hellevoetsluis tel: 0181-336955 | fax: 0181-311899 j.jurkus@gcecad-service.nl | www.gcecad-service.nl