maybe chmod 0644 './config-archive/etc/syslog-ng/syslog-ng.conf.dist.new'
maybe chmod 0600 './config-archive/etc/ulogd.conf'
maybe chmod 0600 './config-archive/etc/ulogd.conf.dist.new'
+maybe chown mail './courier'
+maybe chgrp mail './courier'
+maybe chmod 0755 './courier'
+maybe chown mail './courier/authlib'
+maybe chgrp mail './courier/authlib'
+maybe chmod 0755 './courier/authlib'
+maybe chmod 0644 './courier/authlib/.keep_net-libs_courier-authlib-0'
+maybe chown mail './courier/authlib/authdaemonrc'
+maybe chgrp mail './courier/authlib/authdaemonrc'
+maybe chmod 0660 './courier/authlib/authdaemonrc'
+maybe chown mail './courier/authlib/authdaemonrc.dist'
+maybe chgrp mail './courier/authlib/authdaemonrc.dist'
+maybe chmod 0660 './courier/authlib/authdaemonrc.dist'
+maybe chown mail './courier/authlib/authldaprc'
+maybe chgrp mail './courier/authlib/authldaprc'
+maybe chmod 0660 './courier/authlib/authldaprc'
+maybe chown mail './courier/authlib/authldaprc.dist'
+maybe chgrp mail './courier/authlib/authldaprc.dist'
+maybe chmod 0660 './courier/authlib/authldaprc.dist'
+maybe chown mail './courier/authlib/authmysqlrc'
+maybe chgrp mail './courier/authlib/authmysqlrc'
+maybe chmod 0660 './courier/authlib/authmysqlrc'
+maybe chown mail './courier/authlib/authmysqlrc.dist'
+maybe chgrp mail './courier/authlib/authmysqlrc.dist'
+maybe chmod 0660 './courier/authlib/authmysqlrc.dist'
maybe chmod 0755 './cron.d'
maybe chmod 0644 './cron.d/.keep_sys-process_vixie-cron-0'
maybe chmod 0750 './cron.daily'
maybe chmod 0755 './init.d/bootmisc'
maybe chmod 0755 './init.d/consolefont'
maybe chmod 0755 './init.d/consolekit'
+maybe chmod 0755 './init.d/courier-authlib'
maybe chmod 0755 './init.d/crypto-loop'
maybe chmod 0755 './init.d/cupsd'
maybe chmod 0755 './init.d/dbus'
maybe chmod 0644 './openldap/ldap.conf.default'
maybe chmod 0755 './openldap/schema'
maybe chmod 0444 './openldap/schema/README'
+maybe chmod 0644 './openldap/schema/authldap.schema'
maybe chmod 0444 './openldap/schema/collective.schema'
maybe chmod 0444 './openldap/schema/corba.schema'
maybe chmod 0444 './openldap/schema/core.ldif'
--- /dev/null
+##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $
+#
+# Copyright 2000-2005 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# authdaemonrc created from authdaemonrc.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# This file configures authdaemond, the resident authentication daemon.
+#
+# Comments in this file are ignored. Although this file is intended to
+# be sourced as a shell script, authdaemond parses it manually, so
+# the acceptable syntax is a bit limited. Multiline variable contents,
+# with the \ continuation character, are not allowed. Everything must
+# fit on one line. Do not use any additional whitespace for indentation,
+# or anything else.
+
+##NAME: authmodulelist:2
+#
+# The authentication modules that are linked into authdaemond. The
+# default list is installed. You may selectively disable modules simply
+# by removing them from the following list. The available modules you
+# can use are: authuserdb authpam authshadow authldap authmysql authcustom authpipe
+
+authmodulelist="authmysql "
+
+##NAME: authmodulelistorig:3
+#
+# This setting is used by Courier's webadmin module, and should be left
+# alone
+
+authmodulelistorig="authuserdb authpam authshadow authldap authmysql authcustom authpipe"
+
+##NAME: daemons:0
+#
+# The number of daemon processes that are started. authdaemon is typically
+# installed where authentication modules are relatively expensive: such
+# as authldap, or authmysql, so it's better to have a number of them running.
+# PLEASE NOTE: Some platforms may experience a problem if there's more than
+# one daemon. Specifically, SystemV derived platforms that use TLI with
+# socket emulation. I'm suspicious of TLI's ability to handle multiple
+# processes accepting connections on the same filesystem domain socket.
+#
+# You may need to increase daemons if as your system load increases. Symptoms
+# include sporadic authentication failures. If you start getting
+# authentication failures, increase daemons. However, the default of 5
+# SHOULD be sufficient. Bumping up daemon count is only a short-term
+# solution. The permanent solution is to add more resources: RAM, faster
+# disks, faster CPUs...
+
+daemons=5
+
+##NAME: authdaemonvar:2
+#
+# authdaemonvar is here, but is not used directly by authdaemond. It's
+# used by various configuration and build scripts, so don't touch it!
+
+authdaemonvar=/var/lib/courier/authdaemon
+
+##NAME: DEBUG_LOGIN:0
+#
+# Dump additional diagnostics to syslog
+#
+# DEBUG_LOGIN=0 - turn off debugging
+# DEBUG_LOGIN=1 - turn on debugging
+# DEBUG_LOGIN=2 - turn on debugging + log passwords too
+#
+# ** YES ** - DEBUG_LOGIN=2 places passwords into syslog.
+#
+# Note that most information is sent to syslog at level 'debug', so
+# you may need to modify your /etc/syslog.conf to be able to see it.
+
+DEBUG_LOGIN=0
+
+##NAME: DEFAULTOPTIONS:0
+#
+# A comma-separated list of option=value pairs. Each option is applied
+# to an account if the account does not have its own specific value for
+# that option. So for example, you can set
+# DEFAULTOPTIONS="disablewebmail=1,disableimap=1"
+# and then enable webmail and/or imap on individual accounts by setting
+# disablewebmail=0 and/or disableimap=0 on the account.
+
+DEFAULTOPTIONS=""
+
+##NAME: LOGGEROPTS:0
+#
+# courierlogger(1) options, e.g. to set syslog facility
+#
+
+LOGGEROPTS=""
+
+##NAME: LDAP_TLS_OPTIONS:0
+#
+# Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'.
+# Examples:
+#
+#LDAPTLS_CACERT=/path/to/cacert.pem
+#LDAPTLS_REQCERT=demand
+#LDAPTLS_CERT=/path/to/clientcert.pem
+#LDAPTLS_KEY=/path/to/clientkey.pem
--- /dev/null
+##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $
+#
+# Copyright 2000-2005 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# authdaemonrc created from authdaemonrc.dist by sysconftool
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# This file configures authdaemond, the resident authentication daemon.
+#
+# Comments in this file are ignored. Although this file is intended to
+# be sourced as a shell script, authdaemond parses it manually, so
+# the acceptable syntax is a bit limited. Multiline variable contents,
+# with the \ continuation character, are not allowed. Everything must
+# fit on one line. Do not use any additional whitespace for indentation,
+# or anything else.
+
+##NAME: authmodulelist:2
+#
+# The authentication modules that are linked into authdaemond. The
+# default list is installed. You may selectively disable modules simply
+# by removing them from the following list. The available modules you
+# can use are: authuserdb authpam authshadow authldap authmysql authcustom authpipe
+
+authmodulelist="authuserdb authpam authshadow authldap authmysql authcustom authpipe"
+
+##NAME: authmodulelistorig:3
+#
+# This setting is used by Courier's webadmin module, and should be left
+# alone
+
+authmodulelistorig="authuserdb authpam authshadow authldap authmysql authcustom authpipe"
+
+##NAME: daemons:0
+#
+# The number of daemon processes that are started. authdaemon is typically
+# installed where authentication modules are relatively expensive: such
+# as authldap, or authmysql, so it's better to have a number of them running.
+# PLEASE NOTE: Some platforms may experience a problem if there's more than
+# one daemon. Specifically, SystemV derived platforms that use TLI with
+# socket emulation. I'm suspicious of TLI's ability to handle multiple
+# processes accepting connections on the same filesystem domain socket.
+#
+# You may need to increase daemons if as your system load increases. Symptoms
+# include sporadic authentication failures. If you start getting
+# authentication failures, increase daemons. However, the default of 5
+# SHOULD be sufficient. Bumping up daemon count is only a short-term
+# solution. The permanent solution is to add more resources: RAM, faster
+# disks, faster CPUs...
+
+daemons=5
+
+##NAME: authdaemonvar:2
+#
+# authdaemonvar is here, but is not used directly by authdaemond. It's
+# used by various configuration and build scripts, so don't touch it!
+
+authdaemonvar=/var/lib/courier/authdaemon
+
+##NAME: DEBUG_LOGIN:0
+#
+# Dump additional diagnostics to syslog
+#
+# DEBUG_LOGIN=0 - turn off debugging
+# DEBUG_LOGIN=1 - turn on debugging
+# DEBUG_LOGIN=2 - turn on debugging + log passwords too
+#
+# ** YES ** - DEBUG_LOGIN=2 places passwords into syslog.
+#
+# Note that most information is sent to syslog at level 'debug', so
+# you may need to modify your /etc/syslog.conf to be able to see it.
+
+DEBUG_LOGIN=0
+
+##NAME: DEFAULTOPTIONS:0
+#
+# A comma-separated list of option=value pairs. Each option is applied
+# to an account if the account does not have its own specific value for
+# that option. So for example, you can set
+# DEFAULTOPTIONS="disablewebmail=1,disableimap=1"
+# and then enable webmail and/or imap on individual accounts by setting
+# disablewebmail=0 and/or disableimap=0 on the account.
+
+DEFAULTOPTIONS=""
+
+##NAME: LOGGEROPTS:0
+#
+# courierlogger(1) options, e.g. to set syslog facility
+#
+
+LOGGEROPTS=""
+
+##NAME: LDAP_TLS_OPTIONS:0
+#
+# Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'.
+# Examples:
+#
+#LDAPTLS_CACERT=/path/to/cacert.pem
+#LDAPTLS_REQCERT=demand
+#LDAPTLS_CERT=/path/to/clientcert.pem
+#LDAPTLS_KEY=/path/to/clientkey.pem
--- /dev/null
+##VERSION: $Id: authldaprc,v 1.25 2005/10/05 00:07:32 mrsam Exp $
+#
+# Copyright 2000-2004 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# authldaprc created from authldaprc.dist by sysconftool
+#
+# DO NOT INSTALL THIS FILE with world read permissions. This file
+# might contain the LDAP admin password!
+#
+# This configuration file specifies LDAP authentication parameters
+#
+# The format of this file must be as follows:
+#
+# field[spaces|tabs]value
+#
+# That is, the name of the field, followed by spaces or tabs, followed by
+# field value. No trailing spaces.
+#
+# Here are the fields:
+
+##NAME: LOCATION:1
+#
+# Location of your LDAP server(s). If you have multiple LDAP servers,
+# you can list them separated by commas and spaces, and they will be tried in
+# turn.
+
+LDAP_URI ldaps://ldap.example.com, ldaps://backup.example.com
+
+##NAME: LDAP_PROTOCOL_VERSION:0
+#
+# Which version of LDAP protocol to use
+
+LDAP_PROTOCOL_VERSION 3
+
+##NAME: LDAP_BASEDN:0
+#
+# Look for authentication here:
+
+LDAP_BASEDN o=example, c=com
+
+##NAME: LDAP_BINDDN:0
+#
+# You may or may not need to specify the following. Because you've got
+# a password here, authldaprc should not be world-readable!!!
+
+LDAP_BINDDN cn=administrator, o=example, c=com
+LDAP_BINDPW toto
+
+##NAME: LDAP_TIMEOUT:0
+#
+# Timeout for LDAP search and connection
+
+LDAP_TIMEOUT 5
+
+##NAME: LDAP_AUTHBIND:0
+#
+# Define this to have the ldap server authenticate passwords. If LDAP_AUTHBIND
+# the password is validated by rebinding with the supplied userid and password.
+# If rebind succeeds, this is considered to be an authenticated request. This
+# does not support CRAM-MD5 authentication, which requires clearPassword.
+# Additionally, if LDAP_AUTHBIND is 1 then password changes are done under
+# the credentials of the user themselves, not LDAP_BINDDN/BINDPW
+#
+# LDAP_AUTHBIND 1
+
+##NAME: LDAP_MAIL:0
+#
+# Here's the field on which we query
+
+LDAP_MAIL mail
+
+##NAME: LDAP_FILTER:0
+#
+# This LDAP filter will be ANDed with the query for the field defined above
+# in LDAP_MAIL. So if you are querying for mail, and you have LDAP_FILTER
+# defined to be "(objectClass=CourierMailAccount)" the query that is performed
+# will be "(&(objectClass=CourierMailAccount)(mail=<someAccount>))"
+#
+# LDAP_FILTER (objectClass=CourierMailAccount)
+
+##NAME: LDAP_DOMAIN:0
+#
+# The following default domain will be appended, if not explicitly specified.
+#
+# LDAP_DOMAIN example.com
+
+##NAME: LDAP_GLOB_IDS:0
+#
+# The following two variables can be used to set everybody's uid and gid.
+# This is convenient if your LDAP specifies a bunch of virtual mail accounts
+# The values can be usernames or userids:
+#
+# LDAP_GLOB_UID vmail
+# LDAP_GLOB_GID vmail
+
+##NAME: LDAP_HOMEDIR:0
+#
+# We will retrieve the following attributes
+#
+# The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it
+
+LDAP_HOMEDIR homeDirectory
+
+##NAME: LDAP_MAILROOT:0
+#
+# If homeDirectory is not an absolute path, define the root of the
+# relative paths in LDAP_MAILROOT
+#
+# LDAP_MAILROOT /var/mail
+
+
+##NAME: LDAP_MAILDIR:0
+#
+# The MAILDIR attribute is OPTIONAL, and specifies the location of the
+# mail directory. If not specified, ./Maildir will be used
+
+LDAP_MAILDIR mailbox
+
+##NAME: LDAP_DEFAULTDELIVERY:0
+#
+# Courier mail server only: optional attribute specifies custom mail delivery
+# instructions for this account (if defined) -- essentially overrides
+# DEFAULTDELIVERY from ${sysconfdir}/courierd
+
+LDAP_DEFAULTDELIVERY defaultDelivery
+
+##NAME: LDAP_MAILDIRQUOTA:0
+#
+# The following variable, if defined, specifies the field containing the
+# maildir quota, see README.maildirquota for more information
+#
+# LDAP_MAILDIRQUOTA quota
+
+
+##NAME: LDAP_FULLNAME:0
+#
+# FULLNAME is optional, specifies the user's full name
+
+LDAP_FULLNAME cn
+
+##NAME: LDAP_PW:0
+#
+# CLEARPW is the clear text password. CRYPT is the crypted password.
+# ONE OF THESE TWO ATTRIBUTES IS REQUIRED. If CLEARPW is provided, and
+# libhmac.a is available, CRAM authentication will be possible!
+
+LDAP_CLEARPW clearPassword
+LDAP_CRYPTPW userPassword
+
+##NAME: LDAP_IDS:0
+#
+# Uncomment the following, and modify as appropriate, if your LDAP database
+# stores individual userids and groupids. Otherwise, you must uncomment
+# LDAP_GLOB_UID and LDAP_GLOB_GID above. LDAP_GLOB_UID and LDAP_GLOB_GID
+# specify a uid/gid for everyone. Otherwise, LDAP_UID and LDAP_GID must
+# be defined as attributes for everyone.
+#
+# LDAP_UID uidNumber
+# LDAP_GID gidNumber
+
+
+##NAME: LDAP_AUXOPTIONS:0
+#
+# Auxiliary options. The LDAP_AUXOPTIONS setting should contain a list of
+# comma-separated "ATTRIBUTE=NAME" pairs. These names are additional
+# attributes that define various per-account "options", as given in
+# INSTALL's description of the OPTIONS setting.
+#
+# Each ATTRIBUTE specifies an LDAP attribute name. If it is present,
+# the attribute value gets placed in the OPTIONS variable, with the name
+# NAME. For example:
+#
+# LDAP_AUXOPTIONS shared=sharedgroup,disableimap=disableimap
+#
+# Then, if an LDAP record contains the following attributes:
+#
+# shared: domain1
+# disableimap: 0
+#
+# Then authldap will initialize OPTIONS to "sharedgroup=domain1,disableimap=0"
+#
+# NOTE: ** no spaces in this setting **, the above example has exactly
+# one tab character after LDAP_AUXOPTIONS
+
+
+##NAME: LDAP_ENUMERATE_FILTER:0
+#
+# {EXPERIMENTAL}
+# Optional custom filter used when enumerating accounts for authenumerate,
+# in order to compile a list of accounts for shared folders. If present,
+# this filter will be used instead of LDAP_FILTER.
+#
+# LDAP_ENUMERATE_FILTER (&(objectClass=CourierMailAccount)(!(disableshared=1)))
+
+
+##NAME: LDAP_DEREF:0
+#
+# Determines how aliases are handled during a search. This option is available
+# only with OpenLDAP 2.0
+#
+# LDAP_DEREF can be one of the following values:
+# never, searching, finding, always. If not specified, aliases are
+# never dereferenced.
+
+LDAP_DEREF never
+
+##NAME: LDAP_TLS:0
+#
+# Set LDAP_TLS to 1 to use the Start TLS extension (RFC 2830). This is
+# when the server accepts a normal LDAP connection on port 389 which
+# the client then requests 'upgrading' to TLS, and is equivalent to the
+# -ZZ flag to ldapsearch. If you are using an ldaps:// URI then do not
+# set this option.
+#
+# For additional LDAP-related options, see the authdaemonrc config file.
+
+LDAP_TLS 0
+
+##NAME: LDAP_EMAILMAP:0
+#
+# The following optional settings, if enabled, result in an extra LDAP
+# lookup to first locate a handle for an E-mail address, then a second lookup
+# on that handle to get the actual authentication record. You'll need
+# to uncomment these settings to enable an email handle lookup.
+#
+# The E-mail address must be of the form user@realm, and this is plugged
+# into the following search string. "@user@" and "@realm@" are placeholders
+# for the user and the realm portions of the login ID.
+#
+# LDAP_EMAILMAP (&(userid=@user@)(realm=@realm@))
+
+##NAME: LDAP_EMAILMAP_BASEDN:0
+#
+# Specify the basedn for the email lookup. The default is LDAP_BASEDN.
+#
+# LDAP_EMAILMAP_BASEDN o=emailmap, c=com
+
+
+##NAME: LDAP_EMAILMAP_ATTRIBUTE:0
+#
+# The attribute which holds the handle. The contents of this attribute
+# are then plugged into the regular authentication lookup, and you must set
+# LDAP_EMAILMAP_MAIL to the name of this attribute in the authentication
+# records (which may be the same as LDAP_MAIL).
+# You MUST also leave LDAP_DOMAIN undefined. This enables authenticating
+# by handles only.
+#
+# Here's an example:
+#
+# dn: userid=john, realm=example.com, o=emailmap, c=com # LDAP_EMAILMAP_BASEDN
+# userid: john # LDAP_EMAILMAP search
+# realm: example.com # LDAP_EMAILMAP search
+# handle: cc223344 # LDAP_EMAILMAP_ATTRIBUTE
+#
+#
+# dn: controlHandle=cc223344, o=example, c=com # LDAP_BASEDN
+# controlHandle: cc223344 # LDAP_EMAILMAP_MAIL set to "controlHandle"
+# uid: ...
+# gid: ...
+# [ etc... ]
+#
+# LDAP_EMAILMAP_ATTRIBUTE handle
+
+##NAME: LDAP_EMAILMAP_MAIL:0
+#
+# After reading LDAP_EMAIL_ATTRIBUTE, the second query will go against
+# LDAP_BASEDN, but will key against LDAP_EMAILMAP_MAIL instead of LDAP_MAIL.
+#
+# LDAP_EMAILMAP_MAIL mail
--- /dev/null
+##VERSION: $Id: authldaprc,v 1.25 2005/10/05 00:07:32 mrsam Exp $
+#
+# Copyright 2000-2004 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# authldaprc created from authldaprc.dist by sysconftool
+#
+# DO NOT INSTALL THIS FILE with world read permissions. This file
+# might contain the LDAP admin password!
+#
+# This configuration file specifies LDAP authentication parameters
+#
+# The format of this file must be as follows:
+#
+# field[spaces|tabs]value
+#
+# That is, the name of the field, followed by spaces or tabs, followed by
+# field value. No trailing spaces.
+#
+# Here are the fields:
+
+##NAME: LOCATION:1
+#
+# Location of your LDAP server(s). If you have multiple LDAP servers,
+# you can list them separated by commas and spaces, and they will be tried in
+# turn.
+
+LDAP_URI ldaps://ldap.example.com, ldaps://backup.example.com
+
+##NAME: LDAP_PROTOCOL_VERSION:0
+#
+# Which version of LDAP protocol to use
+
+LDAP_PROTOCOL_VERSION 3
+
+##NAME: LDAP_BASEDN:0
+#
+# Look for authentication here:
+
+LDAP_BASEDN o=example, c=com
+
+##NAME: LDAP_BINDDN:0
+#
+# You may or may not need to specify the following. Because you've got
+# a password here, authldaprc should not be world-readable!!!
+
+LDAP_BINDDN cn=administrator, o=example, c=com
+LDAP_BINDPW toto
+
+##NAME: LDAP_TIMEOUT:0
+#
+# Timeout for LDAP search and connection
+
+LDAP_TIMEOUT 5
+
+##NAME: LDAP_AUTHBIND:0
+#
+# Define this to have the ldap server authenticate passwords. If LDAP_AUTHBIND
+# the password is validated by rebinding with the supplied userid and password.
+# If rebind succeeds, this is considered to be an authenticated request. This
+# does not support CRAM-MD5 authentication, which requires clearPassword.
+# Additionally, if LDAP_AUTHBIND is 1 then password changes are done under
+# the credentials of the user themselves, not LDAP_BINDDN/BINDPW
+#
+# LDAP_AUTHBIND 1
+
+##NAME: LDAP_MAIL:0
+#
+# Here's the field on which we query
+
+LDAP_MAIL mail
+
+##NAME: LDAP_FILTER:0
+#
+# This LDAP filter will be ANDed with the query for the field defined above
+# in LDAP_MAIL. So if you are querying for mail, and you have LDAP_FILTER
+# defined to be "(objectClass=CourierMailAccount)" the query that is performed
+# will be "(&(objectClass=CourierMailAccount)(mail=<someAccount>))"
+#
+# LDAP_FILTER (objectClass=CourierMailAccount)
+
+##NAME: LDAP_DOMAIN:0
+#
+# The following default domain will be appended, if not explicitly specified.
+#
+# LDAP_DOMAIN example.com
+
+##NAME: LDAP_GLOB_IDS:0
+#
+# The following two variables can be used to set everybody's uid and gid.
+# This is convenient if your LDAP specifies a bunch of virtual mail accounts
+# The values can be usernames or userids:
+#
+# LDAP_GLOB_UID vmail
+# LDAP_GLOB_GID vmail
+
+##NAME: LDAP_HOMEDIR:0
+#
+# We will retrieve the following attributes
+#
+# The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it
+
+LDAP_HOMEDIR homeDirectory
+
+##NAME: LDAP_MAILROOT:0
+#
+# If homeDirectory is not an absolute path, define the root of the
+# relative paths in LDAP_MAILROOT
+#
+# LDAP_MAILROOT /var/mail
+
+
+##NAME: LDAP_MAILDIR:0
+#
+# The MAILDIR attribute is OPTIONAL, and specifies the location of the
+# mail directory. If not specified, ./Maildir will be used
+
+LDAP_MAILDIR mailbox
+
+##NAME: LDAP_DEFAULTDELIVERY:0
+#
+# Courier mail server only: optional attribute specifies custom mail delivery
+# instructions for this account (if defined) -- essentially overrides
+# DEFAULTDELIVERY from ${sysconfdir}/courierd
+
+LDAP_DEFAULTDELIVERY defaultDelivery
+
+##NAME: LDAP_MAILDIRQUOTA:0
+#
+# The following variable, if defined, specifies the field containing the
+# maildir quota, see README.maildirquota for more information
+#
+# LDAP_MAILDIRQUOTA quota
+
+
+##NAME: LDAP_FULLNAME:0
+#
+# FULLNAME is optional, specifies the user's full name
+
+LDAP_FULLNAME cn
+
+##NAME: LDAP_PW:0
+#
+# CLEARPW is the clear text password. CRYPT is the crypted password.
+# ONE OF THESE TWO ATTRIBUTES IS REQUIRED. If CLEARPW is provided, and
+# libhmac.a is available, CRAM authentication will be possible!
+
+LDAP_CLEARPW clearPassword
+LDAP_CRYPTPW userPassword
+
+##NAME: LDAP_IDS:0
+#
+# Uncomment the following, and modify as appropriate, if your LDAP database
+# stores individual userids and groupids. Otherwise, you must uncomment
+# LDAP_GLOB_UID and LDAP_GLOB_GID above. LDAP_GLOB_UID and LDAP_GLOB_GID
+# specify a uid/gid for everyone. Otherwise, LDAP_UID and LDAP_GID must
+# be defined as attributes for everyone.
+#
+# LDAP_UID uidNumber
+# LDAP_GID gidNumber
+
+
+##NAME: LDAP_AUXOPTIONS:0
+#
+# Auxiliary options. The LDAP_AUXOPTIONS setting should contain a list of
+# comma-separated "ATTRIBUTE=NAME" pairs. These names are additional
+# attributes that define various per-account "options", as given in
+# INSTALL's description of the OPTIONS setting.
+#
+# Each ATTRIBUTE specifies an LDAP attribute name. If it is present,
+# the attribute value gets placed in the OPTIONS variable, with the name
+# NAME. For example:
+#
+# LDAP_AUXOPTIONS shared=sharedgroup,disableimap=disableimap
+#
+# Then, if an LDAP record contains the following attributes:
+#
+# shared: domain1
+# disableimap: 0
+#
+# Then authldap will initialize OPTIONS to "sharedgroup=domain1,disableimap=0"
+#
+# NOTE: ** no spaces in this setting **, the above example has exactly
+# one tab character after LDAP_AUXOPTIONS
+
+
+##NAME: LDAP_ENUMERATE_FILTER:0
+#
+# {EXPERIMENTAL}
+# Optional custom filter used when enumerating accounts for authenumerate,
+# in order to compile a list of accounts for shared folders. If present,
+# this filter will be used instead of LDAP_FILTER.
+#
+# LDAP_ENUMERATE_FILTER (&(objectClass=CourierMailAccount)(!(disableshared=1)))
+
+
+##NAME: LDAP_DEREF:0
+#
+# Determines how aliases are handled during a search. This option is available
+# only with OpenLDAP 2.0
+#
+# LDAP_DEREF can be one of the following values:
+# never, searching, finding, always. If not specified, aliases are
+# never dereferenced.
+
+LDAP_DEREF never
+
+##NAME: LDAP_TLS:0
+#
+# Set LDAP_TLS to 1 to use the Start TLS extension (RFC 2830). This is
+# when the server accepts a normal LDAP connection on port 389 which
+# the client then requests 'upgrading' to TLS, and is equivalent to the
+# -ZZ flag to ldapsearch. If you are using an ldaps:// URI then do not
+# set this option.
+#
+# For additional LDAP-related options, see the authdaemonrc config file.
+
+LDAP_TLS 0
+
+##NAME: LDAP_EMAILMAP:0
+#
+# The following optional settings, if enabled, result in an extra LDAP
+# lookup to first locate a handle for an E-mail address, then a second lookup
+# on that handle to get the actual authentication record. You'll need
+# to uncomment these settings to enable an email handle lookup.
+#
+# The E-mail address must be of the form user@realm, and this is plugged
+# into the following search string. "@user@" and "@realm@" are placeholders
+# for the user and the realm portions of the login ID.
+#
+# LDAP_EMAILMAP (&(userid=@user@)(realm=@realm@))
+
+##NAME: LDAP_EMAILMAP_BASEDN:0
+#
+# Specify the basedn for the email lookup. The default is LDAP_BASEDN.
+#
+# LDAP_EMAILMAP_BASEDN o=emailmap, c=com
+
+
+##NAME: LDAP_EMAILMAP_ATTRIBUTE:0
+#
+# The attribute which holds the handle. The contents of this attribute
+# are then plugged into the regular authentication lookup, and you must set
+# LDAP_EMAILMAP_MAIL to the name of this attribute in the authentication
+# records (which may be the same as LDAP_MAIL).
+# You MUST also leave LDAP_DOMAIN undefined. This enables authenticating
+# by handles only.
+#
+# Here's an example:
+#
+# dn: userid=john, realm=example.com, o=emailmap, c=com # LDAP_EMAILMAP_BASEDN
+# userid: john # LDAP_EMAILMAP search
+# realm: example.com # LDAP_EMAILMAP search
+# handle: cc223344 # LDAP_EMAILMAP_ATTRIBUTE
+#
+#
+# dn: controlHandle=cc223344, o=example, c=com # LDAP_BASEDN
+# controlHandle: cc223344 # LDAP_EMAILMAP_MAIL set to "controlHandle"
+# uid: ...
+# gid: ...
+# [ etc... ]
+#
+# LDAP_EMAILMAP_ATTRIBUTE handle
+
+##NAME: LDAP_EMAILMAP_MAIL:0
+#
+# After reading LDAP_EMAIL_ATTRIBUTE, the second query will go against
+# LDAP_BASEDN, but will key against LDAP_EMAILMAP_MAIL instead of LDAP_MAIL.
+#
+# LDAP_EMAILMAP_MAIL mail
--- /dev/null
+##VERSION: $Id: authmysqlrc,v 1.20 2007/10/07 02:50:45 mrsam Exp $
+#
+# Copyright 2000-2007 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# authmysqlrc created from authmysqlrc.dist by sysconftool
+#
+# DO NOT INSTALL THIS FILE with world read permissions. This file
+# might contain the MySQL admin password!
+#
+# Each line in this file must follow the following format:
+#
+# field[spaces|tabs]value
+#
+# That is, the name of the field, followed by spaces or tabs, followed by
+# field value. Trailing spaces are prohibited.
+
+
+##NAME: LOCATION:0
+#
+# The server name, userid, and password used to log in.
+
+MYSQL_SERVER mysql.example.com
+MYSQL_USERNAME admin
+MYSQL_PASSWORD admin
+
+##NAME: SSLINFO:0
+#
+# The SSL information.
+#
+# To use SSL-encrypted connections, define the following variables (available
+# in MySQL 4.0, or higher):
+#
+#
+# MYSQL_SSL_KEY /path/to/file
+# MYSQL_SSL_CERT /path/to/file
+# MYSQL_SSL_CACERT /path/to/file
+# MYSQL_SSL_CAPATH /path/to/file
+# MYSQL_SSL_CIPHERS ALL:!DES
+
+##NAME: MYSQL_SOCKET:0
+#
+# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the
+# filesystem pipe used for the connection
+#
+# MYSQL_SOCKET /var/mysql/mysql.sock
+
+##NAME: MYSQL_PORT:0
+#
+# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to
+# connect to.
+
+MYSQL_PORT 0
+
+##NAME: MYSQL_OPT:0
+#
+# Leave MYSQL_OPT as 0, unless you know what you're doing.
+
+MYSQL_OPT 0
+
+##NAME: MYSQL_DATABASE:0
+#
+# The name of the MySQL database we will open:
+
+MYSQL_DATABASE mysql
+
+#NAME: MYSQL_CHARACTER_SET:0
+#
+# This is optional. MYSQL_CHARACTER_SET installs a character set. This option
+# can be used with MySQL version 4.1 or later. MySQL supports 70+ collations
+# for 30+ character sets. See MySQL documentations for more detalis.
+#
+# MYSQL_CHARACTER_SET latin1
+
+##NAME: MYSQL_USER_TABLE:0
+#
+# The name of the table containing your user data. See README.authmysqlrc
+# for the required fields in this table.
+
+MYSQL_USER_TABLE passwd
+
+##NAME: MYSQL_CRYPT_PWFIELD:0
+#
+# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both
+# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext
+# passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow
+# CRAM-MD5 authentication to be implemented.
+
+MYSQL_CRYPT_PWFIELD crypt
+
+##NAME: MYSQL_CLEAR_PWFIELD:0
+#
+#
+# MYSQL_CLEAR_PWFIELD clear
+
+##NAME: MYSQL_DEFAULT_DOMAIN:0
+#
+# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
+# we will look up 'user@DEFAULT_DOMAIN' instead.
+#
+#
+# DEFAULT_DOMAIN example.com
+
+##NAME: MYSQL_UID_FIELD:0
+#
+# Other fields in the mysql table:
+#
+# MYSQL_UID_FIELD - contains the numerical userid of the account
+#
+MYSQL_UID_FIELD uid
+
+##NAME: MYSQL_GID_FIELD:0
+#
+# Numerical groupid of the account
+
+MYSQL_GID_FIELD gid
+
+##NAME: MYSQL_LOGIN_FIELD:0
+#
+# The login id, default is id. Basically the query is:
+#
+# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'
+#
+
+MYSQL_LOGIN_FIELD id
+
+##NAME: MYSQL_HOME_FIELD:0
+#
+
+MYSQL_HOME_FIELD home
+
+##NAME: MYSQL_NAME_FIELD:0
+#
+# The user's name (optional)
+
+MYSQL_NAME_FIELD name
+
+##NAME: MYSQL_MAILDIR_FIELD:0
+#
+# This is an optional field, and can be used to specify an arbitrary
+# location of the maildir for the account, which normally defaults to
+# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).
+#
+# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this
+# out.
+#
+# MYSQL_MAILDIR_FIELD maildir
+
+##NAME: MYSQL_DEFAULTDELIVERY:0
+#
+# Courier mail server only: optional field specifies custom mail delivery
+# instructions for this account (if defined) -- essentially overrides
+# DEFAULTDELIVERY from ${sysconfdir}/courierd
+#
+# MYSQL_DEFAULTDELIVERY defaultdelivery
+
+##NAME: MYSQL_QUOTA_FIELD:0
+#
+# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally
+# specify a maildir quota. See README.maildirquota for more information
+#
+# MYSQL_QUOTA_FIELD quota
+
+##NAME: MYSQL_AUXOPTIONS:0
+#
+# Auxiliary options. The MYSQL_AUXOPTIONS field should be a char field that
+# contains a single string consisting of comma-separated "ATTRIBUTE=NAME"
+# pairs. These names are additional attributes that define various per-account
+# "options", as given in INSTALL's description of the "Account OPTIONS"
+# setting.
+#
+# MYSQL_AUXOPTIONS_FIELD auxoptions
+#
+# You might want to try something like this, if you'd like to use a bunch
+# of individual fields, instead of a single text blob:
+#
+# MYSQL_AUXOPTIONS_FIELD CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup)
+#
+# This will let you define fields called "disableimap", etc, with the end result
+# being something that the OPTIONS parser understands.
+
+
+##NAME: MYSQL_WHERE_CLAUSE:0
+#
+# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary
+# fixed string that is appended to the WHERE clause of our query
+#
+# MYSQL_WHERE_CLAUSE server='mailhost.example.com'
+
+##NAME: MYSQL_SELECT_CLAUSE:0
+#
+# (EXPERIMENTAL)
+# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database,
+# which is structuraly different from proposed. The fixed string will
+# be used to do a SELECT operation on database, which should return fields
+# in order specified bellow:
+#
+# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options
+#
+# The username field should include the domain (see example below).
+#
+# Enabling this option causes ignorance of any other field-related
+# options, excluding default domain.
+#
+# There are two variables, which you can use. Substitution will be made
+# for them, so you can put entered username (local part) and domain name
+# in the right place of your query. These variables are:
+# $(local_part), $(domain), $(service)
+#
+# If a $(domain) is empty (not given by the remote user) the default domain
+# name is used in its place.
+#
+# $(service) will expand out to the service being authenticated: imap, imaps,
+# pop3 or pop3s. Courier mail server only: service will also expand out to
+# "courier", when searching for local mail account's location. In this case,
+# if the "maildir" field is not empty it will be used in place of
+# DEFAULTDELIVERY. Courier mail server will also use esmtp when doing
+# authenticated ESMTP.
+#
+# This example is a little bit modified adaptation of vmail-sql
+# database scheme:
+#
+# MYSQL_SELECT_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name), \
+# CONCAT('{MD5}', popbox.password_hash), \
+# popbox.clearpw, \
+# domain.uid, \
+# domain.gid, \
+# CONCAT(domain.path, '/', popbox.mbox_name), \
+# '', \
+# domain.quota, \
+# '', \
+# CONCAT("disableimap=",disableimap,",disablepop3=", \
+# disablepop3,",disablewebmail=",disablewebmail, \
+# ",sharedgroup=",sharedgroup) \
+# FROM popbox, domain \
+# WHERE popbox.local_part = '$(local_part)' \
+# AND popbox.domain_name = '$(domain)' \
+# AND popbox.domain_name = domain.domain_name
+
+
+##NAME: MYSQL_ENUMERATE_CLAUSE:1
+#
+# {EXPERIMENTAL}
+# Optional custom SQL query used to enumerate accounts for authenumerate,
+# in order to compile a list of accounts for shared folders. The query
+# should return the following fields: name, uid, gid, homedir, maildir, options
+#
+# Example:
+# MYSQL_ENUMERATE_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name), \
+# domain.uid, \
+# domain.gid, \
+# CONCAT(domain.path, '/', popbox.mbox_name), \
+# '', \
+# CONCAT('sharedgroup=', sharedgroup) \
+# FROM popbox, domain \
+# WHERE popbox.local_part = '$(local_part)' \
+# AND popbox.domain_name = '$(domain)' \
+# AND popbox.domain_name = domain.domain_name
+
+
+
+##NAME: MYSQL_CHPASS_CLAUSE:0
+#
+# (EXPERIMENTAL)
+# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database,
+# which is structuraly different from proposed. The fixed string will
+# be used to do an UPDATE operation on database. In other words, it is
+# used, when changing password.
+#
+# There are four variables, which you can use. Substitution will be made
+# for them, so you can put entered username (local part) and domain name
+# in the right place of your query. There variables are:
+# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
+#
+# If a $(domain) is empty (not given by the remote user) the default domain
+# name is used in its place.
+# $(newpass) contains plain password
+# $(newpass_crypt) contains its crypted form
+#
+# MYSQL_CHPASS_CLAUSE UPDATE popbox \
+# SET clearpw='$(newpass)', \
+# password_hash='$(newpass_crypt)' \
+# WHERE local_part='$(local_part)' \
+# AND domain_name='$(domain)'
+#
--- /dev/null
+##VERSION: $Id: authmysqlrc,v 1.20 2007/10/07 02:50:45 mrsam Exp $
+#
+# Copyright 2000-2007 Double Precision, Inc. See COPYING for
+# distribution information.
+#
+# Do not alter lines that begin with ##, they are used when upgrading
+# this configuration.
+#
+# authmysqlrc created from authmysqlrc.dist by sysconftool
+#
+# DO NOT INSTALL THIS FILE with world read permissions. This file
+# might contain the MySQL admin password!
+#
+# Each line in this file must follow the following format:
+#
+# field[spaces|tabs]value
+#
+# That is, the name of the field, followed by spaces or tabs, followed by
+# field value. Trailing spaces are prohibited.
+
+
+##NAME: LOCATION:0
+#
+# The server name, userid, and password used to log in.
+
+MYSQL_SERVER mysql.example.com
+MYSQL_USERNAME admin
+MYSQL_PASSWORD admin
+
+##NAME: SSLINFO:0
+#
+# The SSL information.
+#
+# To use SSL-encrypted connections, define the following variables (available
+# in MySQL 4.0, or higher):
+#
+#
+# MYSQL_SSL_KEY /path/to/file
+# MYSQL_SSL_CERT /path/to/file
+# MYSQL_SSL_CACERT /path/to/file
+# MYSQL_SSL_CAPATH /path/to/file
+# MYSQL_SSL_CIPHERS ALL:!DES
+
+##NAME: MYSQL_SOCKET:0
+#
+# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the
+# filesystem pipe used for the connection
+#
+# MYSQL_SOCKET /var/mysql/mysql.sock
+
+##NAME: MYSQL_PORT:0
+#
+# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to
+# connect to.
+
+MYSQL_PORT 0
+
+##NAME: MYSQL_OPT:0
+#
+# Leave MYSQL_OPT as 0, unless you know what you're doing.
+
+MYSQL_OPT 0
+
+##NAME: MYSQL_DATABASE:0
+#
+# The name of the MySQL database we will open:
+
+MYSQL_DATABASE mysql
+
+#NAME: MYSQL_CHARACTER_SET:0
+#
+# This is optional. MYSQL_CHARACTER_SET installs a character set. This option
+# can be used with MySQL version 4.1 or later. MySQL supports 70+ collations
+# for 30+ character sets. See MySQL documentations for more detalis.
+#
+# MYSQL_CHARACTER_SET latin1
+
+##NAME: MYSQL_USER_TABLE:0
+#
+# The name of the table containing your user data. See README.authmysqlrc
+# for the required fields in this table.
+
+MYSQL_USER_TABLE passwd
+
+##NAME: MYSQL_CRYPT_PWFIELD:0
+#
+# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both
+# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext
+# passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow
+# CRAM-MD5 authentication to be implemented.
+
+MYSQL_CRYPT_PWFIELD crypt
+
+##NAME: MYSQL_CLEAR_PWFIELD:0
+#
+#
+# MYSQL_CLEAR_PWFIELD clear
+
+##NAME: MYSQL_DEFAULT_DOMAIN:0
+#
+# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
+# we will look up 'user@DEFAULT_DOMAIN' instead.
+#
+#
+# DEFAULT_DOMAIN example.com
+
+##NAME: MYSQL_UID_FIELD:0
+#
+# Other fields in the mysql table:
+#
+# MYSQL_UID_FIELD - contains the numerical userid of the account
+#
+MYSQL_UID_FIELD uid
+
+##NAME: MYSQL_GID_FIELD:0
+#
+# Numerical groupid of the account
+
+MYSQL_GID_FIELD gid
+
+##NAME: MYSQL_LOGIN_FIELD:0
+#
+# The login id, default is id. Basically the query is:
+#
+# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'
+#
+
+MYSQL_LOGIN_FIELD id
+
+##NAME: MYSQL_HOME_FIELD:0
+#
+
+MYSQL_HOME_FIELD home
+
+##NAME: MYSQL_NAME_FIELD:0
+#
+# The user's name (optional)
+
+MYSQL_NAME_FIELD name
+
+##NAME: MYSQL_MAILDIR_FIELD:0
+#
+# This is an optional field, and can be used to specify an arbitrary
+# location of the maildir for the account, which normally defaults to
+# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).
+#
+# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this
+# out.
+#
+# MYSQL_MAILDIR_FIELD maildir
+
+##NAME: MYSQL_DEFAULTDELIVERY:0
+#
+# Courier mail server only: optional field specifies custom mail delivery
+# instructions for this account (if defined) -- essentially overrides
+# DEFAULTDELIVERY from ${sysconfdir}/courierd
+#
+# MYSQL_DEFAULTDELIVERY defaultdelivery
+
+##NAME: MYSQL_QUOTA_FIELD:0
+#
+# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally
+# specify a maildir quota. See README.maildirquota for more information
+#
+# MYSQL_QUOTA_FIELD quota
+
+##NAME: MYSQL_AUXOPTIONS:0
+#
+# Auxiliary options. The MYSQL_AUXOPTIONS field should be a char field that
+# contains a single string consisting of comma-separated "ATTRIBUTE=NAME"
+# pairs. These names are additional attributes that define various per-account
+# "options", as given in INSTALL's description of the "Account OPTIONS"
+# setting.
+#
+# MYSQL_AUXOPTIONS_FIELD auxoptions
+#
+# You might want to try something like this, if you'd like to use a bunch
+# of individual fields, instead of a single text blob:
+#
+# MYSQL_AUXOPTIONS_FIELD CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup)
+#
+# This will let you define fields called "disableimap", etc, with the end result
+# being something that the OPTIONS parser understands.
+
+
+##NAME: MYSQL_WHERE_CLAUSE:0
+#
+# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary
+# fixed string that is appended to the WHERE clause of our query
+#
+# MYSQL_WHERE_CLAUSE server='mailhost.example.com'
+
+##NAME: MYSQL_SELECT_CLAUSE:0
+#
+# (EXPERIMENTAL)
+# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database,
+# which is structuraly different from proposed. The fixed string will
+# be used to do a SELECT operation on database, which should return fields
+# in order specified bellow:
+#
+# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options
+#
+# The username field should include the domain (see example below).
+#
+# Enabling this option causes ignorance of any other field-related
+# options, excluding default domain.
+#
+# There are two variables, which you can use. Substitution will be made
+# for them, so you can put entered username (local part) and domain name
+# in the right place of your query. These variables are:
+# $(local_part), $(domain), $(service)
+#
+# If a $(domain) is empty (not given by the remote user) the default domain
+# name is used in its place.
+#
+# $(service) will expand out to the service being authenticated: imap, imaps,
+# pop3 or pop3s. Courier mail server only: service will also expand out to
+# "courier", when searching for local mail account's location. In this case,
+# if the "maildir" field is not empty it will be used in place of
+# DEFAULTDELIVERY. Courier mail server will also use esmtp when doing
+# authenticated ESMTP.
+#
+# This example is a little bit modified adaptation of vmail-sql
+# database scheme:
+#
+# MYSQL_SELECT_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name), \
+# CONCAT('{MD5}', popbox.password_hash), \
+# popbox.clearpw, \
+# domain.uid, \
+# domain.gid, \
+# CONCAT(domain.path, '/', popbox.mbox_name), \
+# '', \
+# domain.quota, \
+# '', \
+# CONCAT("disableimap=",disableimap,",disablepop3=", \
+# disablepop3,",disablewebmail=",disablewebmail, \
+# ",sharedgroup=",sharedgroup) \
+# FROM popbox, domain \
+# WHERE popbox.local_part = '$(local_part)' \
+# AND popbox.domain_name = '$(domain)' \
+# AND popbox.domain_name = domain.domain_name
+
+
+##NAME: MYSQL_ENUMERATE_CLAUSE:1
+#
+# {EXPERIMENTAL}
+# Optional custom SQL query used to enumerate accounts for authenumerate,
+# in order to compile a list of accounts for shared folders. The query
+# should return the following fields: name, uid, gid, homedir, maildir, options
+#
+# Example:
+# MYSQL_ENUMERATE_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name), \
+# domain.uid, \
+# domain.gid, \
+# CONCAT(domain.path, '/', popbox.mbox_name), \
+# '', \
+# CONCAT('sharedgroup=', sharedgroup) \
+# FROM popbox, domain \
+# WHERE popbox.local_part = '$(local_part)' \
+# AND popbox.domain_name = '$(domain)' \
+# AND popbox.domain_name = domain.domain_name
+
+
+
+##NAME: MYSQL_CHPASS_CLAUSE:0
+#
+# (EXPERIMENTAL)
+# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database,
+# which is structuraly different from proposed. The fixed string will
+# be used to do an UPDATE operation on database. In other words, it is
+# used, when changing password.
+#
+# There are four variables, which you can use. Substitution will be made
+# for them, so you can put entered username (local part) and domain name
+# in the right place of your query. There variables are:
+# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
+#
+# If a $(domain) is empty (not given by the remote user) the default domain
+# name is used in its place.
+# $(newpass) contains plain password
+# $(newpass_crypt) contains its crypted form
+#
+# MYSQL_CHPASS_CLAUSE UPDATE popbox \
+# SET clearpw='$(newpass)', \
+# password_hash='$(newpass_crypt)' \
+# WHERE local_part='$(local_part)' \
+# AND domain_name='$(domain)'
+#
--- /dev/null
+#!/sbin/runscript
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-libs/courier-authlib/files/courier-authlib-r1,v 1.1 2010/10/10 18:35:37 hanno Exp $
+
+depend() {
+ need net
+ provide authdaemond
+}
+
+checkconfig() {
+ if [ ! -e /etc/courier/authlib/authdaemonrc ] ; then
+ eerror "You need an /etc/courier/authlib/authdaemonrc file to run authdaemon"
+ return 1
+ fi
+}
+
+setauth() {
+ . /etc/courier/authlib/authdaemonrc
+ AUTHLIB="/usr/lib/courier/courier-authlib"
+ AUTHDAEMOND="authdaemond"
+ pidfile="/var/run/authdaemon.pid"
+ logger="/usr/sbin/courierlogger"
+ export DEBUG_LOGIN DEFAULTOPTIONS LOGGEROPTS
+}
+
+start() {
+ checkconfig || return 1
+ setauth
+ ebegin "Starting courier-authlib: ${AUTHDAEMOND}"
+ start-stop-daemon --quiet --start --pidfile "${pidfile}" --exec \
+ /usr/bin/env ${logger} -- ${LOGGEROPTS} -pid="${pidfile}" -start "${AUTHLIB}/${AUTHDAEMOND}"
+ eend $?
+}
+
+stop() {
+ setauth
+ ebegin "Stopping courier-authlib: ${AUTHDAEMOND}"
+ start-stop-daemon --quiet --stop --pidfile "${pidfile}"
+ eend $?
+}
--- /dev/null
+#$Id: authldap.schema,v 1.9 2009/12/18 04:24:20 mrsam Exp $
+#
+# OID prefix: 1.3.6.1.4.1.10018
+#
+# Attributes: 1.3.6.1.4.1.10018.1.1
+#
+# Depends on: nis.schema, which depends on cosine.schema
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox'
+ DESC 'The absolute path to the mailbox for a mail account in a non-default location'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.2 NAME 'quota'
+ DESC 'A string that represents the quota on a mailbox'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.3 NAME 'clearPassword'
+ DESC 'A separate text that stores the mail account password in clear text'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.4 NAME 'maildrop'
+ DESC 'RFC822 Mailbox - mail alias'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.5 NAME 'mailsource'
+ DESC 'Message source'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.6 NAME 'virtualdomain'
+ DESC 'A mail domain that is mapped to a single mail account'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.7 NAME 'virtualdomainuser'
+ DESC 'Mailbox that receives mail for a mail domain'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.8 NAME 'defaultdelivery'
+ DESC 'Default mail delivery instructions'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.9 NAME 'disableimap'
+ DESC 'Set this attribute to 1 to disable IMAP access'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.10 NAME 'disablepop3'
+ DESC 'Set this attribute to 1 to disable POP3 access'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.11 NAME 'disablewebmail'
+ DESC 'Set this attribute to 1 to disable IMAP access'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.12 NAME 'sharedgroup'
+ DESC 'Virtual shared group'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.10018.1.1.13 NAME 'disableshared'
+ DESC 'Set this attribute to 1 to disable shared mailbox usage'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#attributetype ( 1.3.6.1.4.1.10018.1.1.14 NAME 'mailhost'
+# DESC 'Host to which incoming POP/IMAP connections should be proxied'
+# EQUALITY caseIgnoreIA5Match
+# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+#
+#
+# Objects: 1.3.6.1.4.1.10018.1.2
+#
+
+objectclass ( 1.3.6.1.4.1.10018.1.2.1 NAME 'CourierMailAccount'
+ DESC 'Mail account object as used by the Courier mail server'
+ SUP top AUXILIARY
+ MUST ( mail $ homeDirectory )
+ MAY ( uidNumber $ gidNumber $ mailbox $ uid $ cn $ gecos $ description $ loginShell $ quota $ userPassword $ clearPassword $ defaultdelivery $ disableimap $ disablepop3 $ disablewebmail $ sharedgroup $ disableshared $ mailhost ) )
+
+objectclass ( 1.3.6.1.4.1.10018.1.2.2 NAME 'CourierMailAlias'
+ DESC 'Mail aliasing/forwarding entry'
+ SUP top AUXILIARY
+ MUST ( mail $ maildrop )
+ MAY ( mailsource $ description ) )
+
+objectclass ( 1.3.6.1.4.1.10018.1.2.3 NAME 'CourierDomainAlias'
+ DESC 'Domain mail aliasing/forwarding entry'
+ SUP top AUXILIARY
+ MUST ( virtualdomain $ virtualdomainuser )
+ MAY ( mailsource $ description ) )