[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Getting IMAP to work with OpenLDAP



This is not entirely true, whatever you have in your /etc/pam.d/imap is what is going to be used to authenticate users as long as your imap server was compiled to use pam.

This is one of the nice things about pam, you can tell it to authenticate local users one way, imap users another, and pop yet another.

The pam.d configuration file that the system uses to authenticate users is typically system-auth or login. I like to leave those alone and only configure imap and pop to know about ldap that way you won't get locked out if your ldap server fails. It also makes it impossible for your users to use ssh and other services simply because they are completely unaware of the directory altogether.

BTW, I have many, many thousands of users working against sendmail/uw-imap/qpopper without good success. I must note though that I wrote a custom patch against uw-imap to cause it to store imap folders in a message store directory instead of the users home dir.

schu

tsg wrote:
But IMAP uses normal unix password mechanism to identificate users. So if You want to use IMAP with LDAP, the pam_ldap authentification should work for normal users. So If I would do that I make pam_ldap working for normal users, and than IMAP should work also.
Best regards.
PS. If Yoy are going to have thouthands of users, IMAP and thouthands users in users You computer would be a headache. Consider using Cyrus or Courier