Re: Getting IMAP to work with OpenLDAP

[Matthew Schumacher <matt.s@aptalaska.net>]

This is not entirely true, whatever you have in your /etc/pam.d/imap is 
what is going to be used to authenticate users as long as your imap 
server was compiled to use pam.

This is one of the nice things about pam, you can tell it to 
authenticate local users one way, imap users another, and pop yet another.

The pam.d configuration file that the system uses to authenticate users 
is typically system-auth or login.  I like to leave those alone and only 
configure imap and pop to know about ldap that way you won't get locked 
out if your ldap server fails.  It also makes it impossible for your 
users to use ssh and other services simply because they are completely 
unaware of the directory altogether.

BTW, I have many, many thousands of users working against 
sendmail/uw-imap/qpopper without good success.  I must note though that 
I wrote a custom patch against uw-imap to cause it to store imap folders 
in a message store directory instead of the users home dir.

schu

tsg wrote:
> But IMAP uses normal unix password mechanism to identificate users. So if You 
> want to use IMAP with LDAP, the pam_ldap authentification should work for 
> normal users. So If I would do that I make pam_ldap working for normal users, 
> and than IMAP should work also.
> Best regards.
> PS. If Yoy are going to have thouthands of users, IMAP and thouthands users in 
> users You computer would be a headache. Consider using Cyrus or Courier