Erol wrote:
> Hi,
>
> What should I do to setup LDAP objects on oes to setup a mail server?
>
> Thanks

Need some more information please:

OpenLDAP or eDirectory?
What kind of access do you want? (POP3, IMAP, Webmail)


For most mailservers, you don't need to do any fancy LDAP setup. I
usually recommend Postfix for the MTA (which comes by default on OES).
An MTA is the part that accepts the messages via SMTP and delivers the
mail locally (or reroutes it/rewrites it, postfix is very powerful). You
can also later integrate spamassassin and clamav (or your favorites) for
spam and antivirus filtering via amavis-new.

For mail retrieval, I usually go with Dovecot for POP3/IMAP access, and
IMP from the horde package (horde.org) for webmail.

Postfix can generally handle the local delivery for you (I recommend
Maildir format to home dirs if small scale, otherwise a dedicated
directory on a SAN-mounted disk or database storage to
MySQL/PostGre/Oracle).

On OES, assuming you're using eDirectory and not OpenLDAP, you really
don't need to touch the LDAP objects unless you have more than 65,000
individual users on a single machine. Just set up the users for Linux
User Management (LUM) and they'll show up as local users in PAM, and you
just set up the package as if you had created them all locally.

Let me know if you have a more specific reason why you need to use LDAP.

--
Justin Grote
Network Architect
JWG Networks

I just struggled through making dovecot work with LUM on OES 2018 SP3. Two issues prevent LUM user authentication from working:

Problem

1. Apparmor breaks dovecot authentication, as it prevents dovecot from authenticating any credentials (as well as from logging to a dedicated logfile).
2. /etc/pam.d/dovecot is not configured correctly.

Solution

1. in /etc/apparmor.d/
usr.lib.dovecot.auth
usr.lib.dovecot.imap
usr.lib.dovecot.imap-login
usr.lib.dovecot.log
usr.lib.dovecot.pop3
usr.lib.dovecot.pop3-login
usr.sbin.dovecot
   add "flags=(complain)" to config, e.g. "/usr/lib/dovecot/auth flags=(complain) {"
2. in /etc/pam.d/dovecot add references to pam_nam.so at the top. The following configuration works for both local and eDirectory users:
   #%PAM-1.0
auth     sufficient     pam_nam.so      use_first_pass
account  sufficient     pam_nam.so
password sufficient     pam_nam.so
session  optional       pam_nam.so
auth     optional       pam_shells.so
auth     include        common-auth
account  optional       pam_nologin.so
account  include        common-account
password include        common-password
session  optional       pam_loginuid.so
session  include        common-session
3. in /etc/dovecot/conf.d/auth-system.conf.ext I also added
   args = session=yes failure_show_msg=yes dovecot
   to the passdb entry. However this may not be necessary, but helped with debugging.

You may also have to adjust permissions and/or group memberships for the dovecot user as needed