On Thu, Nov 13, 2008 at 10:32 PM, MacShane, Tracy <[EMAIL PROTECTED]> wrote: > I'm sorry, why do you need to sync passwords to relay mail to your > Exchange servers? To do relay recipient validation, you just need to do > a simple LDAP lookup to the AD to verify valid email addresses. Since > you only have a single Exchange server, you don't even need to do > anything out of the ordinary with LDAP queries to specify the > destination relay server for your recipients.
Actually there won't be an Exchange server any more; I'm replacing it with Postfix. It's a small environment and there isn't a dedicated server for Exchange available; it's been sharing a server with AD which is a bad idea in the first place. Since the users aren't using any of Exchange's extra features such as calendaring, there is no reason for why they couldn't access mail via IMAP on Postfix/Dovecot. I was aware of the possibility of exporting the user names (without authentication information) from AD to the front end, but it's not sufficient for login if the mail access takes also place on the Postfix server. > If you want AD users to logon to *nix boxes (which is nothing to do with > mail services), enable Services for Unix on the AD, and setup LDAP > authentication for the specified users in PAM. Perhaps this mechanism could be used for the mail authentication as well in the above scenario. Postfix/Dovecot should be able to do LDAP authentication via PAM (http://www.dovecot.org/list/dovecot/2006-April/012454.html, http://www.lxtreme.nl/index.pl/docs/linux/dovecot_postfix_pam). Ville
