LDAP + Cyrus IMAP + Postfix on FC4
John Francis
john.francis at gmail.com
Sun Dec 18 00:31:05 UTC 2005
On 18/12/05, Alexander Dalloz <ad+lists at uni-x.org> wrote:
> Am Sa, den 17.12.2005 schrieb John Francis um 4:14:
>
> No HTML list postings please.
>
Oops. Didn't realise GMail did that.
> > Does anyone have any tips or best practice pointers regarding setting
> > up a mailserver system on an FC4 box.
> >
> > I would like to use Postfix as my MTA, Cyrus IMAP as the IMAP or POP
> > server and I would like all authentication done through LDAP. I will
> > be using the Fedora Directory Server for LDAP.
>
> Recently did that myself. Though it is a hosting server running CentOS
> 4.2 and OpenLDAP instead of FDS.
>
> > I have done some reading and fiddling around but haven't been able to
> > get it going yet. I am new to PAM concepts as well as Cyrus IMAP so
> > any help in those areas in particular would be appreciated.
>
> Why PAM?
After doing some research I was pointed in the direction of
/etc/pam.d/imap and /etc/pam.d/smtp.
>
> > John Francis
>
> I suspect you have the FDS already running and all required user data
> put into it. Means, querying the FDS by hand does provide you the
> requested data.
Yes and no. I do have user data in FDS but I'm not sure whether or
not that data is sufficient for my purposes. For example, how do I
handle aliases, virtual domains, etc.
>
> You don't need PAM for the mailserver part (Postfix and Cyrus-IMAPd).
> What you need in FDS is a user which plays a special role: a proxy auth
> user. That user must be able to authorize as any other user who shall
> get authorization to mail and to get mail. Within OpenLDAP (so far I
> have not investigated the FDS) you would give that permissions to a
> specific user by following ldif entries:
>
> dn: uid=proxyuser,ou=admins,o=hosting,dc=domain,dc=tld
> saslAuthzTo: uid=cyrus,ou=admins,o=hosting,dc=domain,dc=tld
> saslAuthzTo:
> uid=(.*),ou=users,hostingDomain=(.*),o=hosting,dc=domain,dc=tld
>
> A few other settings are required/recommended for this to work in
> /etc/openldap/slapd.conf.
>
> Now about Postfix and Cyrus-IMAPd. Both can directly handle the ldapdb
> plugin of SASLv2.
>
> Postfix:
> /usr/lib[64]/sasl2/smtpd.conf
>
> pwcheck_method: auxprop
> auxprop_plugin: ldapdb
> ldapdb_uri: ldap://127.0.0.1
> ldapdb_id:<proxyuser_userid>
> ldapdb_pw:<proxyuser_password>
> ldapdb_mech: login plain digest-md5
>
> Of course you too need the common SMTP AUTH settings in main.cf
>
> Cyrus-IMAPd:
> /etc/imapd.conf
>
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: ldapdb
> sasl_ldapdb_uri: ldap://127.0.0.1
> sasl_ldapdb_id:<proxyuser_userid>
> sasl_ldapdb_pw:<proxyuser_password>
> sasl_ldapdb_mech: login plain digest-md5
>
> As you have stored authentication information inside the 2 configuration
> files in cleartext you have to take care that the permission for both
> files are set properly so that only root and in case of imapd.conf only
> cyrus can read the files.
>
> Alexander
>
>
> --
> Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
> legal statement: http://www.uni-x.org/legal.html
> Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
> Serendipity 15:47:01 up 12 days, 20:24, load average: 0.46, 0.20, 0.08
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQBDpCyeEEG6lbNmp3MRAoNXAJ0RcW1B/kTtgPOi8ace0aZZz2F1tgCglthX
> ygXlu31wlVEGQEpC3/T/4FA=
> =pFQj
> -----END PGP SIGNATURE-----
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
>
--
Kind regards,
John Francis
More information about the fedora-list
mailing list