[Dovecot] LDAP Authentication - Home Directory Creation
Timo Sirainen
tss at iki.fi
Fri Dec 2 01:10:28 EET 2011
On 2.12.2011, at 1.03, Sven Hartge wrote:
> Timo Sirainen <tss at iki.fi> wrote:
>> On 2.12.2011, at 0.41, Sven Hartge wrote:
>
>>> Or switch to a virtual setup, where the users don't get real users on
>>> the imap server (they can't log in, so they don't need any real user
>>> on that server) and every mail is owned by your virtual mail user.
>
>> Well, it of course makes things easier, but from security point of
>> view it's worse..
>
> Of course. But using real users only works if every user is a PosixUser
> in LDAP (i.e. has a uidNumber and gidNumber). If this is not the case,
> then you are forced to use a virtual mail user setup.
Currently at least. This could be automated in a few ways.. Like simplest: uid = 1000 + md5sum(username) mod 64000. That won't necessarily be unique of course, but it's still better than mod 1. :)
>> I hope some day there won't be any problems with Dovecot using
>> multiple UIDs.
>
> Meaning?
There are different problems with multiple UIDs that are more difficult to solve than with a single UID. How to manage them, how to handle shared mailboxes, how to create home dirs automatically, probably other things. There are ways to solve these problems in one way or another.
More information about the dovecot
mailing list