I guess this would be a common case, I am hoping for some final clarification. a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to authenticated users, and these LDAPs are also is used by Samba, users start @ uid 1000. Boxes are in the same both DNS and Samba domains. Do I treat these users as system or virtual users from postfix/dovecot perspective? If it can be a matter of choice then which is better/best? many thanks.
On Jun 19, 2015 9:08 AM, "lejeczek" <peljasz at yahoo.co.uk> wrote:> > I guess this would be a common case, I am hoping for some finalclarification.> > a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses toauthenticated users, and these LDAPs are also is used by Samba, users start @ uid 1000.> Boxes are in the same both DNS and Samba domains. > > Do I treat these users as system or virtual users from postfix/dovecotperspective?> If it can be a matter of choice then which is better/best? >I would make them virtual users. This way you can abstract and scale things up. Also your normal users then would not need to have access to your mail servers; they only access the services.> many thanks.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 19 Jun 2015, lejeczek wrote:> a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to > authenticated users, and these LDAPs are also is used by Samba, users start @ > uid 1000. > Boxes are in the same both DNS and Samba domains. > > Do I treat these users as system or virtual users from postfix/dovecot > perspective? > If it can be a matter of choice then which is better/best?I used system users, but because I use a dedicated mail server and I needed IMAP ACLs and sharing of mailboxes, I switched to virtual users. Depending on security concerns virtual users are easier to manage, IMHO. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVYQkunz1H7kL/d9rAQL0DAf/f4syrrjKjDZxbyIE4f6QRI+NA3yMNwr/ uxpJbZUwo2K8NLlSiez96rsOJ1kSuF0ZL8/wjFZByIfrppO2oXFodCaNdkXcDB6H G4fkR0NcKgbKikO0ADpruHGcwiDD7q/jNLpNL96TgDZMnzq+6JNcG7eUfGAt+PKP GURIEtOoq0pqlU3kfylcEjju1ybczvLgXAA6w+pa7saIoWnGy+X/4CUy6i2KwBqZ SHB4fAZT5k0pIHeB7MMt+PoGSgT28ddAGlJWizLLkck6MADlhGZGK4vT4gbLgt/g 9XaxUg30Q+VfSJS+jxiiowlcmw3BPUCTJzj6BoYRaWwK/DWakg2CsA==3g4i -----END PGP SIGNATURE-----
On 19/06/15 15:13, Mauricio Tavares wrote:> On Jun 19, 2015 9:08 AM, "lejeczek" <peljasz at yahoo.co.uk> wrote: >> I guess this would be a common case, I am hoping for some final > clarification. >> a few Linux boxes share ldap (multi-master) backend that PAM/SSSD uses to > authenticated users, and these LDAPs are also is used by Samba, users start > @ uid 1000. >> Boxes are in the same both DNS and Samba domains. >> >> Do I treat these users as system or virtual users from postfix/dovecot > perspective? >> If it can be a matter of choice then which is better/best? >> > I would make them virtual users. This way you can abstract and scale > things up. Also your normal users then would not need to have access to > your mail servers; they only access the services. > >> many thanks.it can be a tricky for beginner to define those, in old days when one said system users thought of OS dedicated accounts for daemons/services etc. In this team of postfix+dovecot, which one decides whether user is canonical/system or virtual?