Courier-Maildrop and Ldap
tom.f...@gmail.com
I've a mail server with Postfix / Courier-imap / Openldap based on a
ubuntu dapper drake distribution.
I try to use virtual user and it works fine with authentification but i
have a problem with courier-maildrop.
Indeed all of the part of my mail server work good but when i send a
message to to...@toto.net there is a line in my mail.info " Invalid
specified user" and in my Ldaplog there is a search of "mail" attribut
with no result :(
I seen that to try communication between maildrop and ldap we can use
this following command :
maildrop -V9 -d to...@toto.net
but this command return to me " Invalid specified user"
All my configuration seems good and i don't understand how i can
configure maildrop to use my LDAP server
If anybody knows a solution, or an info about courier-maildrop with
Ldap ????
Thanx a lot for help
and sorry for my chaotic english
thomas.
Greg Hackney
Personally I don't know anything about courier-maildrop, but I think the
LDAP configs are done in the authldaprc and authdaemonrc files.
Do a Google search on the string "courier maildrop ldap" and there's
some discussions.
--
Greg
tom.f...@gmail.com
You are right about ldap config files
here is my authdaemonrc and authldaprc :
all seems be good there is no difference between my version and the
howto's version :
######################################################
######################################################
AUTHDAEMONRC
######################################################
######################################################
##VERSION: $Id: authdaemonrc.in,v 1.8 2001/10/07 02:16:22 mrsam Exp $
#
# Copyright 2000-2001 Double Precision, Inc. See COPYING for
# distribution information.
#
# authdaemonrc created from authdaemonrc.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# This file configures authdaemond, the resident authentication daemon.
#
# Comments in this file are ignored. Although this file is intended to
# be sourced as a shell script, authdaemond parses it manually, so
# the acceptable syntax is a bit limited. Multiline variable contents,
# with the \ continuation character, are not allowed. Everything must
# fit on one line. Do not use any additional whitespace for
indentation,
# or anything else.
##NAME: authmodulelist:0
#
# The authentication modules that are linked into authdaemond. The
# default list is installed. You may selectively disable modules
simply
# by removing them from the following list. The available modules you
# can use are: authcustom authcram authuserdb authldap authpgsql
authmysql authpam
authmodulelist="authldap"
##NAME: authmodulelistorig:1
#
# This setting is used by Courier's webadmin module, and should be left
# alone
authmodulelistorig="authcustom authcram authuserdb authldap authpgsql
authmysql authpam"
##NAME: daemons:0
#
# The number of daemon processes that are started. authdaemon is
typically
# installed where authentication modules are relatively expensive: such
# as authldap, or authmysql, so it's better to have a number of them
running.
# PLEASE NOTE: Some platforms may experience a problem if there's more
than
# one daemon. Specifically, SystemV derived platforms that use TLI
with
# socket emulation. I'm suspicious of TLI's ability to handle multiple
# processes accepting connections on the same filesystem domain socket.
#
# You may need to increase daemons if as your system load increases.
Symptoms
# include sporadic authentication failures. If you start getting
# authentication failures, increase daemons. However, the default of 5
# SHOULD be sufficient. Bumping up daemon count is only a short-term
# solution. The permanent solution is to add more resources: RAM,
faster
# disks, faster CPUs...
daemons=5
##NAME: version:0
#
# When you have multiple versions of authdaemond.* installed,
authdaemond
# just picks the first one it finds. Set "version" to override that.
# For example: version=authdaemond.plain
version=""
##NAME: authdaemonvar:0
#
# authdaemonvar is here, but is not used directly by authdaemond. It's
# used by various configuration and build scripts, so don't touch it!
authdaemonvar=/var/run/courier/authdaemon
####################################################
####################################################
AUTHLDAPRC
####################################################
####################################################
##VERSION: $Id: authldaprc,v 1.21 2004/04/20 01:38:17 mrsam Exp $
#
# Copyright 2000-2004 Double Precision, Inc. See COPYING for
# distribution information.
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# authldaprc created from authldaprc.dist by sysconftool
#
# DO NOT INSTALL THIS FILE with world read permissions. This file
# might contain the LDAP admin password!
#
# This configuration file specifies LDAP authentication parameters
#
# The format of this file must be as follows:
#
# field[spaces|tabs]value
#
# That is, the name of the field, followed by spaces or tabs, followed
by
# field value. No trailing spaces.
#
# Here are the fields:
##NAME: LOCATION:0
#
# Location of your LDAP server:
LDAP_SERVER localhost
LDAP_PORT 389
##NAME: LDAP_PROTOCOL_VERSION:0
#
# Which version of LDAP protocol to use
LDAP_PROTOCOL_VERSION 3
##NAME: LDAP_BASEDN:0
#
# Look for authentication here:
LDAP_BASEDN dc=immaculee,dc=net
##NAME: LDAP_BINDDN:0
#
# You may or may not need to specify the following. Because you've got
# a password here, authldaprc should not be world-readable!!!
LDAP_BINDDN cn=adminro, dc=immaculee, dc=net
LDAP_BINDPW thomas
##NAME: LDAP_TIMEOUT:0
#
# Timeout for LDAP search
LDAP_TIMEOUT 5
##NAME: LDAP_AUTHBIND:0
#
# Define this to have the ldap server authenticate passwords. If
LDAP_AUTHBIND
# the password is validated by rebinding with the supplied userid and
password.
# If rebind succeeds, this is considered to be an authenticated
request. This
# does not support CRAM-MD5 authentication, which requires
userPassword.
#
# LDAP_AUTHBIND 1
##NAME: LDAP_MAIL:0
#
# Here's the field on which we query
LDAP_MAIL mail
##NAME: LDAP_FILTER:0
#
# This LDAP filter will be ANDed with the query for the field defined
above
# in LDAP_MAIL. So if you are querying for mail, and you have
LDAP_FILTER
# defined to be "(objectClass=CourierMailAccount)" the query that is
performed
# will be "(&(objectClass=CourierMailAccount)(mail=<someAccount>))"
#
# LDAP_FILTER (objectClass=CourierMailAccount)
##NAME: LDAP_DOMAIN:0
#
# The following default domain will be appended, if not explicitly
specified.
#
LDAP_DOMAIN immaculee.net
##NAME: LDAP_GLOB_IDS:0
#
# The following two variables can be used to set everybody's uid and
gid.
# This is convenient if your LDAP specifies a bunch of virtual mail
accounts
# The values can be usernames or userids:
#
#
LDAP_GLOB_UID vmail
LDAP_GLOB_GID vmail
##NAME: LDAP_HOMEDIR:0
#
# We will retrieve the following attributes
#
# The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it
LDAP_HOMEDIR homeDirectory
##NAME: LDAP_MAILROOT:0
#
# If homeDirectory is not an absolute path, define the root of the
# relative paths in LDAP_MAILROOT
#
# LDAP_MAILROOT /var/mail
##NAME: LDAP_MAILDIR:0
#
# The MAILDIR attribute is OPTIONAL, and specifies the location of the
# mail directory. If not specified, ./Maildir will be used
LDAP_MAILDIR mailbox
##NAME: LDAP_DEFAULTDELIVERY:0
#
# Courier mail server only: optional attribute specifies custom mail
delivery
# instructions for this account (if defined) -- essentially overrides
# DEFAULTDELIVERY from ${sysconfdir}/courierd
LDAP_DEFAULTDELIVERY defaultDelivery
##NAME: LDAP_MAILDIRQUOTA:0
#
# The following variable, if defined, specifies the field containing
the
# maildir quota, see README.maildirquota for more information
#
# LDAP_MAILDIRQUOTA quota
##NAME: LDAP_FULLNAME:0
#
# FULLNAME is optional, specifies the user's full name
LDAP_FULLNAME cn
##NAME: LDAP_PW:0
#
# CLEARPW is the clear text password. CRYPT is the crypted password.
# ONE OF THESE TWO ATTRIBUTES IS REQUIRED. If CLEARPW is provided, and
# libhmac.a is available, CRAM authentication will be possible!
#LDAP_CLEARPW clearPassword
LDAP_CRYPTPW userPassword
##NAME: LDAP_IDS:0
#
# Uncomment the following, and modify as appropriate, if your LDAP
database
# stores individual userids and groupids. Otherwise, you must
uncomment
# LDAP_GLOB_UID and LDAP_GLOB_GID above. LDAP_GLOB_UID and
LDAP_GLOB_GID
# specify a uid/gid for everyone. Otherwise, LDAP_UID and LDAP_GID
must
# be defined as attributes for everyone.
#
# LDAP_UID uidNumber
# LDAP_GID gidNumber
##NAME: LDAP_AUXOPTIONS:0
#
# Auxiliary options. The LDAP_AUXOPTIONS setting should contain a list
of
# comma-separated "ATTRIBUTE=NAME" pairs. These names are additional
# attributes that define various per-account "options", as given in
# INSTALL's description of the OPTIONS setting.
#
# Each ATTRIBUTE specifies an LDAP attribute name. If it is present,
# the attribute value gets placed in the OPTIONS variable, with the
name
# NAME. For example:
#
# LDAP_AUXOPTIONS shared=sharedgroup,disableimap=disableimap
#
# Then, if an LDAP record contains the following attributes:
#
# shared: domain1
# disableimap: 0
#
# Then authldap will initialize OPTIONS to
"sharedgroup=domain1,disableimap=0"
#
# NOTE: ** no spaces in this setting **, the above example has exactly
# one tab character after LDAP_AUXOPTIONS
##NAME: LDAP_DEREF:0
#
# Determines how aliases are handled during a search. This option is
available
# only with OpenLDAP 2.0
#
# LDAP_DEREF can be one of the following values:
# never, searching, finding, always. If not specified, aliases are
# never dereferenced.
LDAP_DEREF never
##NAME: LDAP_TLS:0
#
# Set LDAP_TLS to 1 to enable LDAP over SSL/TLS. Experimental setting.
# Requires OpenLDAP 2.0
#
LDAP_TLS 0
##NAME: LDAP_EMAILMAP:0
#
# The following optional settings, if enabled, result in an extra LDAP
# lookup to first locate a handle for an E-mail address, then a second
lookup
# on that handle to get the actual authentication record. You'll need
# to uncomment these settings to enable an email handle lookup.
#
# The E-mail address must be of the form user@realm, and this is
plugged
# into the following search string. "@user@" and "@realm@" are
placeholders
# for the user and the realm portions of the login ID.
#
# LDAP_EMAILMAP (&(userid=@user@)(realm=@realm@))
##NAME: LDAP_EMAILMAP_BASEDN:0
#
# Specify the basedn for the email lookup. The default is LDAP_BASEDN.
#
# LDAP_EMAILMAP_BASEDN o=emailmap, c=com
##NAME: LDAP_EMAILMAP_ATTRIBUTE:0
#
# The attribute which holds the handle. The contents of this attribute
# are then plugged into the regular authentication lookup, and you must
set
# LDAP_EMAILMAP_MAIL to the name of this attribute in the
authentication
# records (which may be the same as LDAP_MAIL).
# You MUST also leave LDAP_DOMAIN undefined. This enables
authenticating
# by handles only.
#
# Here's an example:
#
# dn: userid=john, realm=example.com, o=emailmap, c=com #
LDAP_EMAILMAP_BASEDN
# userid: john # LDAP_EMAILMAP search
# realm: example.com # LDAP_EMAILMAP search
# handle: cc223344 # LDAP_EMAILMAP_ATTRIBUTE
#
#
# dn: controlHandle=cc223344, o=example, c=com # LDAP_BASEDN
# controlHandle: cc223344 # LDAP_EMAILMAP_MAIL set to
"controlHandle"
# uid: ...
# gid: ...
# [ etc... ]
#
# LDAP_EMAILMAP_ATTRIBUTE handle
##NAME: LDAP_EMAILMAP_MAIL:0
#
# After reading LDAP_EMAIL_ATTRIBUTE, the second query will go against
# LDAP_BASEDN, but will key against LDAP_EMAILMAP_MAIL instead of
LDAP_MAIL.
#
# LDAP_EMAILMAP_MAIL mail
#RAJOUTER PAR MES SOINS
LDAP_URI ldap://127.0.0.1