WARNING: This server is unstable and will be retired in the next days.
If you want to keep this forum available, please request immediately a migration
on the Nabble Support forum.
Forums that don't receive any migration request will be deleted forever.
The mail is bit lengthy to explain the complete scenario :)
I am setting up a mail server with LDAP backend to manage user accounts. Currently i am using some custom schema along with shadowAccount. shadowAccount is mainly used for implementing password policy. This setup is working fine and with horde webmail all the functionalities are working including the password policy. The problem is in getting the password policy working with clients directly using pop3/imap.
Currently when a user authenticates, the default filter in the log appears as below:
Dec 4 06:55:54 mail slapd: conn=23 op=1 SRCH base="dc=company,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=testuser))"
Dec 4 06:55:54 mail slapd: conn=23 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass
As can be seen in the log, pam_ldap is passing posixAccount by default and i am not using posixAccount thus failing the authentication.
Now, is there a way to pass a custom filter like (&(objectClass=shadowAccount)(objectClass=penguinMailUser)(accountStatus=active)(uid=testuser))
I tried setting pam_filter, but nothing i set is getting passed to ldap.