[Dovecot] Postfix+Dovecot+LDAP

Ejay Hire ehire at globaloptions.com
Tue Mar 13 23:41:03 EET 2007


This message does not contain a bug report or any issues.  It is a summary
of my experiences with Postfix, Dovecot, and Ldap.

1.  Do not use Dovecot 0.99, even if it's what your vendor has packaged.
1a.  ... When you upgrade past 0.99, you'll get some double mail because of
UIDL's.

2.  Do not use PAM and Ldap and then let dovecot talk to pam.  It is bad.
Don't do it.
2a.  Unless you like users digging around in random mailboxes.
2b.  NSCD is broken and should not be trusted.

3.  Dovecot+Ldap works, and works well.
3a.  If you don't do "Auth Binds", it cuts the work on the ldap server in
half.
3b.  User Prefetch cuts that in half again.

4.  Postfix+Ldap works, and works well.
4a.  If your server is underspec'd, you may get the occassional "Temporary
lookup failure" 400 error during periods of heavy load, specifically when
backups are running.

5.  OpenLdap works.  
5a.  When you run as ldap, the config files need to be owned by ldap.
5b.  ... And the database
5c.  ... And the schema
5d.  Adding slapd_db_recover to the init script isn't a bad idea.

6.  Don't be dumb.
6a.  ... Like me.
6b.  If you are using ldap to lookup the attribute mail, index the mail
attribute.
6c.  If you add an index to Openldap, you have to reindex the database with
slapindex
6d.  ... Or you bounce a lot of mail before you figure it out.
6e.  Make sure you can login to the console and/or ssh if the ldap server
dies.
6f.  ... Be Really sure.
6g.  The convert plugin can switch users between maildirs and mboxes.


Ejay Hire
IT Manager, Confidential Business Resources
615-665-5555 (office)
615-456-9813 (mobile) 



More information about the dovecot mailing list