G'day,

I am having some trouble or at least I am about to have some trouble and I am really looking for some advice rather than an answer as such.

I run a Gentoo box as our PDC with samba authenticating against LDAP. This works like a treat.

I have another box, soon to be decommissioned that is running qmail with courier-imap.

I have installed courier imap on the Gentoo box and it is all set to go authenticating against LDAP, but I have not managed to get the LDAP part working yet.

Ideally I want courier only to do authentification against the details already stored in LDAP (so that there NT password becomes there imap password)

I have no interest at this stage in virtual mailboxes or anything like that every user has a real username, home directory, etc. so all I want to do is authenticate.

I have tried to follow the postfix-courier-ldap howto but can't seem to get this to work with the existing auth data already in LDAP.

If anyone out there has a similar setup (the MTA is not important it is only imap and samba I need to get working together at this stage) I would love to hear how you did it.

ALternatively if there is some other better way of having common passwords then let me know, that is after all wahat I am trying to achieve.

Thanks in advance....

I got this working too except they pulled the plug on the e-mail side

You need to use the userPassword field for courier and also setup the account as a courier imap account objectClass. I even got it going with qmail authenticating and verifying users from ldap.

I have some links at work I'll post them on Monday if you are still having problems.

thanks for the reply,

so I don't have a userPassword attribute but I can easily add that, however I assume that the courier imap account abjectClass you are refering to is in a custom schema, it is not in any schema that I have.

I am new to ldap so maybe I am mis-understanding but as I understand it the objectClass's are defined in the schema's and presently I have the samba schema along with the the standard set that are included with openldap.

I noted on the ldap+postfix+courier-imap howto that their setup included a qmail.schema which I don't have but looking at references to this it does not possess a userPassword attribute and the only objectClass it specifies is qmailUser.

So I assume you have a schema that I don't and I would love to get my hands on that :-)

The other part of the equation that you can probably help me with is the actual management of these passwords. How do I use the existing lmpassword or ntpassword that lives in the ldap directory currently. Do I need to use a password tool that builds on the smbpasswd prog that I currently use to fill in a new userPassword field?

Most of the docs I have seen so far seem to refer to having a seperate set of leaves for the courier info but does that mean that the same password cannot be used for in each case. Or am I missing the point.

This is my first foray into ldap so any help you can provide is much appreciated.

Thanks again

Rich

Sorry I forgot the links but will post them tomorrow. You will need the courier schema and the qmail schema if you intend to use both bits of software.

no probs, thanks for the help

not fussed about the qmail part at this stage (no auth on smtp anyway so not an issue presently)

I had looked for a courier schema in the courier souce (stupidly by looking for courier rather than schema) which I have now found and copied a file called authldap.schema but am at a bit of a loss when it comes to populating these new fields.

Do i need to modify smbpasswd?

or am i better using a different method altogether, the ultimate aim is to provide the ability for the user to manage there own password. Haven't got that far.

a simple solution to this is instead of using NT password change your samba settings to authenticate unix users. convert all accounts to posixaccounts.

change your sysauth file to authenticate to ldap by this any services on your that linux box can authenticate to ldap