Oops! Thought I'd CC'd this to the list. Sorry, Oliver!
Chris
-------- Original Message -------- Date: Wed, 13 Jul 2005 20:09:35 +0100 From: Chris Wakelin c.d.wakelin@reading.ac.uk To: Jeroen Scheerder Jeroen.Scheerder@phil.uu.nl CC: Chris Wakelin c.d.wakelin@reading.ac.uk Subject: Re: [Dovecot] Dovecot and ActiveDirectory
Jeroen Scheerder wrote:
Chris Wakelin (13/7/05 16:08 +0100) [Re: [Dovecot] Dovecot and ActiveDirectory]:
I've got it working via PAM and pam_ldap on Solaris. [..]
That's exactly what I'm striving to do.
I've never set up LDAP authentication for Solaris itself, and actually never used PAM before.
If I may be so bold, could I bother you for details about your configuration in these respects?
/opt/RDGpldap/etc/ldap.conf:
host xxx.rdg.ac.uk base dc=xxxxx,dc=ad,dc=rdg,dc=ac,dc=uk binddn cn=xxxuser,cn=users,dc=xxxxx,dc=ad,dc=rdg,dc=ac,dc=uk bindpw xxxpasswd nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_attribute uid sAMAccountName nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute shadowLastChange pwdLastSet nss_map_objectclass posixGroup group nss_map_attribute uniqueMember member pam_login_attribute sAMAccountName pam_filter objectclass=User pam_password ad
xxxuser is a read-only account in the AD.
/etc/pam.conf:
... dovecot auth required /opt/RDGpldap/lib/pam_ldap.so dovecot account required /opt/RDGpldap/lib/pam_ldap.so dovecot session required /opt/RDGpldap/lib/pam_ldap.so
dovecot.conf:
auth_username_translation = AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
auth default { mechanisms = plain login passdb = pam userdb = passwd user = root }
The auth_username_translation is because AD users are case-insensitive but UNIX ones aren't! We have users in both AD and UNIX (but could use something like "userdb=static uid=xxxx gid=yyyy home=/var/mail/%Lu" assuming xxxx:yyyy has appropriate permissions on the spool files)
pam_ldap-178 was configured with
./configure --prefix=/opt/RDGpldap
--with-ldap-conf-file=/opt/RDGpldap/etc/ldap.conf
Hope this helps, Chris
-- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094