Re: [Nolug] More Email Questions

From: Mark A. Hershberger <mah_at_everybody.org>
Date: Wed, 30 Jul 2003 11:47:19 -0500
Message-ID: <87d6fs0xns.fsf@mah.mcdermott.com>

Craig Jackson <craig.jackson@wild.net> writes:

> Yes, I agree with you but am having a heck of a time setting up the
> exim+courier+ldap beast. I have read a few how tos but do not see
> exactly how this is done.

First: How is your directory set up?

Do you have exim delivering messages?

> I think this would make an excellent two or three part
> presentation.

    Part 1. Directory Structure for Email server with Virtual Domains.
    Part 2. Exim Configuration for Delivering Email to Virtual
            Domains Using an LDAP back end.
    Part 3. Courier Configuration, Webmail
    Part 4. Server Side Filtering with Preferences in LDAP.
    Part 5. Administration tools for managing virtual domains.

(I don't have part 4 complete yet. Haven't really gotten past cli
tools for part 5 yet -- but I have a good idea for an Emacs LDAP admin
interface.)

> The first error I get is a courier: login NO Error using plain port
> 143 login. Can't get past that.

So, I assume you have delivery working, right? For LDAP, Courier
really needs authdaemon. For the record, I'm using Debian's 0.39.1-1
package for this.

Relevent line from authdaemonrc is

    authmodulelist="authldap"

authldaprc has this:

    LDAP_SERVER = name
    LDAP_PORT = 389
    LDAP_BASEDN = o=top # You almost certainly need to change this
    LDAP_AUTHBIND = 1 # So it authenticates by binding as the user
    LDAP_MAIL = mail
    LDAP_DOMAIN = everybody.org # Change this
    LDAP_HOMEDIR = homeDirectory
    LDAP_MAILDIR = mailMessageStore
    LDAP_UID = uidNumber
    LDAP_GID = gidNumber
    LDAP_TLS = 1

Note, that for this to work, you have to have anonymous browsing
enabled at least for the mail attribute. That is,

    $ ldapsearch -x mail=test@example.com dn

should return the dn of the object containing the
mail=test@example.com. Authldap will use the dn to rebind with the dn
and password. Of course, this means that you have to have simple
(non-SASL) authentication enabled as well. (That's why I use TLS
there.)

Let me know how I can help,

Mark. 

-- 
As long as you have mystery you have health; when you destroy mystery
you create morbidity.			     -- G.K. Chesterson
___________________
Nolug mailing list
nolug@nolug.org
Received on 07/30/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST