This document explains how to enable JAMES to use an LDAP directory as a Users Repository.
We have tried to make the LDAP implementation of UsersRepository as
flexible a possible, recognising that each installation will have a unique
directory schema.
We assume that all users that a James Mailserver will handle fall
within one single-rooted tree. The root of this tree, ie the lowest node
in the directory which is an ancestor for all users served by this
mailserver and the mailserver, is called the LDAPRoot. (See diagram)
It is entirely possible that an organization may have more than one
mail server. Consequently, the fact that a user is in the Directory does
not imply that this mailserver should handle mail for them.
This implementation of UsersRepository creates one node (object) for
each set of mail users. The set called 'LocalUsers' is the set of users
whose mail is handled by this server. Other sets include any mail-lists
handled by the server. Each member of a set is recorded as an attribute
of these objects. These nodes are child nodes of the mailserver.
The mailserver will accept mail for local delivery if the user part of
the email address matches a member of LocalUsers and if the domain/host
part of the email address matches the first servername .
(Set servernames autodetect to false and enter the domain served as the
first servername, e.g. apache.org).
For POP3 authentication, the mailserver first finds the user entry in
the directory, underLDAPRoot, whose attribute, specified as
MailAttribute in conf, matches user@domain. The mailserver authenticates
the POP3 user if it can bind to the directory as that user entry with
the offered password.
This implementation does not set passwords in the directory. Use a dummy
password when invoking adduser in RemoteManger.
If ManageGroupAttribute is set to TRUE (as it is by default), then the
RemoteManger will add/remove the full DN of the email group to/from the
user entry. This facilty allows users to ask the directory what is my
mailserver and what email lists am I subscribed to?
Root of Directory
Example: dc=org May not be referenced in conf.xml | | |
||||||||||||||||
------------------------------------------------------------------------------------------------- | ||||||||||||||||
|
Subtree not served by James e.g.: dc=w3c, dc=org |
|
Subtree served by James e.g.: dc=apache, dc=org "LDAPRoot" | |
|
Subtree not served by James e.g.: dc=xml, dc=org |
||||||||||||||
|
Six entries in JAMES.conf.xml must be set for this to work: