[imp] [horde imp] Active directory and imap

Parag Godkar paragg at konark.ncst.ernet.in
Fri Mar 14 17:17:32 PST 2003 

>
> Hi,
>
> I wonder if the following is posible with Horde and IMP, and I'm looking
for a way to accomplisch this;
>
> User authentication thru LDAP to a windows 2000 Active Directory in
combination with a mail store like IMAP on my Linux redhat (8.0). Users
login into IMP thru their Active Directory account, and after the login they
get their IMAP mailbox from the Linux.
>

This is very much possible. Infact we do it. Our users authenticate
against Active Directory and access mails from red hat linux 8.0.
But we use kerberos - ie: our redhat linux is a kerberos client for
windows 2000 server ( Windows 2000 server is a kerberos server
by default ). And if  I am not wrong,  kerberos is the only way this
can be achieved, although I am not very sure.

> Some design problem in my head:  how do i manage to create the mailboxes
on my IMAP automaticly syncing with the Active Directory users...
>

At least we were not able to achieve this. We have to create an
account on linux server for every user - only thing he does not have
a password there. So the two accounts are to be maintained
separately.
You may have a look at "Windows Services for Unix"
which allows you to change the schema of Active Directory to
suit that of unix accounts and then you can have common accounts
for windows and for unix. Although I have never tried this,
it works. Check these links out -
Active Directory and Linux - notes on integrating Active Directory (AD) and
nss_ldap.
Linux-AD Integration - another article AD and nss_ldap.
Active Directory and nss_ldap - another article on AD and nss_ldap.


> Can you point me out to some things. I'm a newby to LDAP, but do know the
basics.
>

If you wish to go the kerberos way, LDAP does not
come into picture. But, then you may not like to keep separate
accounts. In our environment, people login to windows desktops
and then ssh or telnet to unix servers ( and we do not want all windows
users to have accounts on unix servers ), so we have to maintain
accounts at both places.

> (PS, i don't want to make use of Microsoft Exchange)
>

Yes no need to use MS Exchange.

Regards,
Parag Godkar
Assistant Manager,
National Centre for Software Technology,
India.

More information about the imp mailing list