>> 2. Do not use PAM and Ldap and then let dovecot talk to pam. It is bad. >> Don't do it. >> 2a. Unless you like users digging around in random mailboxes. >> 2b. NSCD is broken and should not be trusted. > > Erm... since I'm running precisely this kind of setup, could you > please add some detail? I'd be very interested. > Feel free to reply directly to me, but I think it should be useful > also for ML archives ;)
For Me, When I was using Dovecot Pam->nss_ldap on 0.99, and 1.0rc1 and rc2, it caused heavy system load. When I turned on nscd, the system load went down (Yeah!) but 8 of my 170ish users managed to POP mail out of the wrong mboxes. (I checked all the obvious things) When I reconfigured Dovecot to talk directly to Ldap (Without Pam), the universe returned to the normal level of entropy. I posted to the mailing list http://dovecot.org/list/dovecot/2006-October/016720.html and got a link to another person with the same behavior. http://dovecot.org/list/dovecot/2006-September/016454.html The general consensus was that nss_ldap has some emotional problems and dovecot seems to annoy it.... Kind of like poking an angry snapping turtle with a stick.
