0

I have a server running qmail with about 300 user accounts on a ubuntu version 8 server. I would like to migrate qmail to a new mta such as exim4.x. I have a VM setup using redhat enterprise version 6 to test the mail migration process. On my VM I installed exim using YuM and also installed courier-imap version 4.x from source. Both services are running. Using the maildirmake command on the VM server I created the exact same list of all of the Maildir directories on the qmail ubuntu (current mail server). I am assuming I can rsync all of the e-mails from the qmail server mailboxes to the new exim system?. on the qmail server openldap is also installed and configured. how can I make the accounts on the new exim VM server authenticate through the openldap server that is currently configured on the qmail server? is this something I need to configure through courier-imap or the /etc/exim/exim.conf file?

I hope I make any sense here. Thanks for your help.

Lanz
  • 1
  • 2

1 Answers1

0

You can set up perdition as a front-end proxy, which will let you move accounts across one at a time; if you do this, you can minimise the downtime and also make sure that your test account gets moved first.

You'll need to configure both the IMAP server and Exim to handle lookups in LDAP.

For Exim, in the main section set:

ldap_default_servers = ldap.server.example.com

then write an "authenticator" which uses ${ldapauth{...}} to authenticate. For instance, changing slightly an example from The Exim Specification, we have:

plain:
  driver = plaintext
  public_name = PLAIN
  server_prompts = :
  server_advertise_condition = ${if def:tls_cipher}
  server_condition = ${if and{{ \
    !eq{}{$auth2} }{ \
    ldapauth{\
      user="uid=${quote_ldap_dn:$auth2},ou=people,o=example.org" \
      pass=${quote:$auth3} \
      ldap://ldap.example.org/} }} }
  server_set_id = uid=$auth2,ou=people,o=example.org

Changes were to use PLAIN instead of LOGIN and restrict to TLS-only. The ldap_default_servers is unused in this example; I think the URL can be dropped from inside ldapauth, and it's useful for some other queries to have it anyway.

I'm not expert in Courier, but I believe the documentation at http://www.courier-mta.org/authlib/README_authlib.html#authldap has what you need.

Phil P
  • 3,040
  • 1
  • 15
  • 19