aki.tu...@dovecot.fi wrote:
> As mentioned before, you can use ldap as userdb instead of static userdb.
> Username matching in AD environment should be done against userPrincipalName
> attribute.
Do you see any problem with my continuing to use:
userdb {
driver = passwd
}
... with gssapi? (providing I get other configs correct)
--Mark
-----Original Message-----
> Date: Tue, 28 Jun 2016 00:19:45 +0300 (EEST)
> From: aki.tu...@dovecot.fi
> To: dovecot@dovecot.org
> Subject: Re: Looking for GSSAPI config [was: Looking for NTLM config example]
>
> > On June 28, 2016 at 12:02 AM Jan Jurkus <j.jur...@gcecad-service.nl> wrote:
> >
> >
> > Hi,
> >
> > I'm not entirely happy with the static userdb, because of the
> > limitations with kerberos/pam, but this can of course be changed rather
> > easily. The hardest part is to get the SSO working.
> > One of the limitiations is stated here:
> > http://wiki.dovecot.org/UserDatabase/Static
> >
> > Postfix SMTP auth is using LMTP, reading from my notes.
> >
> > I hope you can get a clearer picture with this rather long and chaotic
> > reply.
> >
>
> As mentioned before, you can use ldap as userdb instead of static userdb.
> Username matching in AD environment should be done against userPrincipalName
> attribute.
>
> This should let you get rid of pam as well.
>
> ---
> Aki Tuomi
> Dovecot oy
>
> > --
> > Jan Jurkus | ICT Beheerder | GCE cad-service B.V.
> > Postbus 12, 3220 AA Hellevoetsluis
> > Daltonweg 9, 3225 LR Hellevoetsluis
> > tel: 0181-336955 | fax: 0181-311899
> > j.jur...@gcecad-service.nl | www.gcecad-service.nl
