On May 17, 2007, at 12:06 AM, Gavin Henry wrote:
<quote who="Bryan Vyhmeister">
Is anyone using LDAP along with Dovecot where mail is being accessed in the form of /var/vmail/${domain}/${user}? I have not figured out how to extract the domain from LDAP in order to make this work. I know this is sparse information but maybe there is an easy fix. If not, I can post more information.
What config have you tried?
Sorry, I should have given more detail. Right now, I have one server which is authenticating off of a passwd file from Dovecot. Postfix accesses Dovecot's auth socket interface for SMTP AUTH passwords and such. I use a virtual mailbox map and virtual alias map through Postfix to decide where to deliver mail. In Dovecot, I have mail_location set as follows:
mail_location = maildir:/var/vmail/domains/%d%n Hope you've got a "/" between the %d and %n that got dropped off ....
That allows it to work fine for finding my mailboxes. I have tried the default Dovecot LDAP file but I am not sure I really understand how it all works. I guess this also involves picking a logical way to setup my LDAP structure as well. LDAP is one of the biggest headaches you get into - despite the fact
Bryan Vyhmeister wrote: that lots of people seem to think it's THE solution for centralized user management. Google, read, google, read, curse, google, read, try, fail, google, read . . . get it working (still not understanding why), touch something, break it, curse, google, read, google, read, try again . . .
I think I could make this work by making the LDAP uid user@domain.com. I don't think this is the best way of setting it up though. All of my users login with user@domain.com and I want to keep it that way. It does not seem like LDAP was designed to authenticate this way quite as well.
uid should be . . . uid. One of the key items to understand about LDAP integration with most programs is there IS NO STANDARD. YOU define which fields are used. So you tell Dovecot, Postfix, or whatever which fields to search, and which fields to return, and what information is meaningful. Your login format will work just fine - but LDAP needs to have a field with that information stored (mail), and your LDAP-using servers need to be told which field to use.
The only key mail program I haven't been able to use with my setup is maildrop - I would have to store the mailfolder in LDAP, which I refuse to do. So I have a second database I need to maintain (for courier-authlib) for the couple users that use maildrop until I can come up with an alternative.
-- Daniel