让Sendmail和Dovecot使用AD进行用户认证

如果AD认证不通过则使用linux系统认证。

/etc/ldap.conf:

host 192.168.1.1
base dc=mycompany,dc=local
binddn ldap@mycompany.local
bindpw Thisisaveryhardpassword
ldap_version 3
port 389
pam_filter objectclass=User
pam_login_attribute sAMAccountName
pam_password ad
ssl no

/etc/pam.d/dovecot:

#%PAM-1.0
auth required pam_nologin.so
auth sufficient pam_ldap.so
auth required pam_stack.so service=system-auth
account sufficient pam_ldap.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth

/etc/pam.d/smtp:

#%PAM-1.0
auth sufficient pam_ldap.so
auth required pam_stack.so service=system-auth
account sufficient pam_ldap.so
account required pam_stack.so service=system-auth

/etc/sysconfig/saslauthd:

# Directory in which to place saslauthd's listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled to use.
#MECH=shadow
MECH=pam

# Additional flags to pass to saslauthd on the command line. See saslauthd(8)
# for the list of accepted flags.
FLAGS=

参考：

http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/ref-guide/s1-pam-modules.html