setting up LDAP objects for mail server


What should I do to setup LDAP objects on oes to setup a mail server?


  • Erol wrote:
    > Hi,
    > What should I do to setup LDAP objects on oes to setup a mail server?
    > Thanks

    Need some more information please:

    OpenLDAP or eDirectory?
    What kind of access do you want? (POP3, IMAP, Webmail)

    For most mailservers, you don't need to do any fancy LDAP setup. I
    usually recommend Postfix for the MTA (which comes by default on OES).
    An MTA is the part that accepts the messages via SMTP and delivers the
    mail locally (or reroutes it/rewrites it, postfix is very powerful). You
    can also later integrate spamassassin and clamav (or your favorites) for
    spam and antivirus filtering via amavis-new.

    For mail retrieval, I usually go with Dovecot for POP3/IMAP access, and
    IMP from the horde package ( for webmail.

    Postfix can generally handle the local delivery for you (I recommend
    Maildir format to home dirs if small scale, otherwise a dedicated
    directory on a SAN-mounted disk or database storage to

    On OES, assuming you're using eDirectory and not OpenLDAP, you really
    don't need to touch the LDAP objects unless you have more than 65,000
    individual users on a single machine. Just set up the users for Linux
    User Management (LUM) and they'll show up as local users in PAM, and you
    just set up the package as if you had created them all locally.

    Let me know if you have a more specific reason why you need to use LDAP.

    Justin Grote
    Network Architect
    JWG Networks
  • We have a problem with Dovecot server cooperation with the LUM service ( We have tried different configurations in the /etc/pam.d/dovecot file without success - the user login to the server ends with the error: "AUTHENTICATION FAILED".
    If your Dovecot server works with the LUM service, I would like to know the correct entries in the file /etc/pam.d/dovecot and dovecot.conf.
Reply Children
  • I just struggled through making dovecot work with LUM on OES 2018 SP3. Two issues prevent LUM user authentication from working:


    1. Apparmor breaks dovecot authentication, as it prevents dovecot from authenticating any credentials (as well as from logging to a dedicated logfile).
    2. /etc/pam.d/dovecot is not configured correctly.


    1. in /etc/apparmor.d/
      add "flags=(complain)" to config, e.g. "/usr/lib/dovecot/auth flags=(complain) {"
    2. in /etc/pam.d/dovecot add references to at the top. The following configuration works for both local and eDirectory users:
      auth     sufficient      use_first_pass
      account  sufficient
      password sufficient
      session  optional
      auth     optional
      auth     include        common-auth
      account  optional
      account  include        common-account
      password include        common-password
      session  optional
      session  include        common-session
    3. in /etc/dovecot/conf.d/auth-system.conf.ext I also added
      args = session=yes failure_show_msg=yes dovecot
      to the passdb entry. However this may not be necessary, but helped with debugging.

    You may also have to adjust permissions and/or group memberships for the dovecot user as needed