-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 23 Jun 2015, Steffen Kaiser wrote:

On Tue, 23 Jun 2015, lejeczek wrote:

...

I wonder if it is safe (and wise) to have two passw-user databases for the same one user. I'm thinking, mail to me via pam mail to me@this.domain via ldap

the first passdb wins. No problem.

...

whole Maildir would be essentially the same one storage target, I see permissions have to be mangled, available to write for both vmail and actual uid.

again, the first userdb wins. Your users can auth agains pam, but the data may come from LDAP or a static userdb. If you auth agains PAM successfully, does _not_ mean that you automatically use system users or Dovecot changes uids or something. All such information come from the userdb. If both users match the same userdb entry, they appear the same for Dovecot.

To make it more clear:

you can have

passdb { driver = pam } passdb { driver = ldap ... }

userdb { driver = ldap .... }

you do not need no userdb { driver = passwd }, unless you require user data from this source. Or use userdb { driver = static } instead the LDAP one, because you do not use LDAP attributes anyway.

Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVYlwA3z1H7kL/d9rAQLL6Af/SsS6K2oHv1X6DdNhCMPJrURf+IWWJQx0 pmmOHVPMLsuw3A6cQaMfxm7i3K4OdQA4CLPq2SER3Zxp98LigTLUdsHvPVfdD3x7 KHkIZ689emmmQZxJ1DXtAcu4ICu+0zdicpqaL8iOm7qlbYjLmB4TF2jTWvPpb3g4 GqiDgCrjzgyRKx0ppBRqdXMIuhtsmOyUX7qUc+TbE5C4dWs9gOllUp6haW+Am7pX cTVA/tAxCs+mqbCbOJSEGBC8xVD0gCfyg7DevYjZSOlbCLnR+tYZxIVQt5/KSIwg Ak0e64k9sy5wc95pZ8V49o2yaVyxkQdzEHbqlfUAuOahDTsx72yVpA== =UvLB -----END PGP SIGNATURE-----

On 23/06/15 15:34, Steffen Kaiser wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On Tue, 23 Jun 2015, lejeczek wrote:

...

I wonder if it is safe (and wise) to have two passw-user databases for the same one user. I'm thinking, mail to me via pam mail to me@this.domain via ldap

the first passdb wins. No problem.

...

whole Maildir would be essentially the same one storage target, I see permissions have to be mangled, available to write for both vmail and actual uid.

again, the first userdb wins. Your users can auth agains pam, but the data may come from LDAP or a static userdb. If you auth agains PAM successfully, does _not_ mean that you automatically use system users or Dovecot changes uids or something. All such information come from the userdb. If both users match the same userdb entry, they appear the same for Dovecot. my working setup as above brakes if the target storage misses o=rwx (very weird again) Even if I stick an ACL to it with vmail=rwX it still fails and quite silently leaving one clueless. me via pam = actual UID me@this.domain via ldap = vmail UID and that shared storage target seems must have o=rwx ??? (Or I still got it wrong somewhere?)

• -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEVAwUBVYluhnz1H7kL/d9rAQI4gAgAy1K6C96H/L26Jb67AElPtOZ/2YUZQdqA

IZQP6aD+WVEfy1brpwEkOs4EOYBRNGTN3ifTQSyKu5lcDffFIOEloXSc3PLuqR/e

oc0l/g9qBzuCdITPHvDer+37pPn/lg70Ye/Aqc8EIiuNNNtt1EXnF0TMZYOLv/Uj

SgWlCkW31iJBq83DJ/hRDQQO1CvDA/3pPl33vLRBXepICZXiPJhvMkzeqsy2wAEL

VanIWuPRVhautE23ko7u/hjzIDKHEkFmXQgDQxVR9/bT5D0BGW6Ma+13EIGnnKZe

/8aYu3l+TTzIcnyK3rXdW2tME0nqhGAg5bX/FgnBJ5uHGldg63zDjg== =QLx9 -----END PGP SIGNATURE-----