@%@UCRWARNING=# @%@

auth sufficient pam_unix.so
@!@
from univention.lib.misc import getLDAPServersCommaList
auth  = "auth requisite pam_univentionmailcyrus.so"
auth += " ldap_host=%s" % getLDAPServersCommaList(configRegistry)
auth += " ldap_base=%s" % configRegistry.get("ldap/base")
auth += " from_attr=mailPrimaryAddress to_attr=uid"
auth += " binddn=%s " % configRegistry.get("ldap/hostdn")
auth += " pwfile=/etc/machine.secret"
auth += " ldap_port=%s" % configRegistry.get("ldap/server/port", "7389")
print auth
if configRegistry.is_true('mail/cyrus/imap/quota', True):
	print "auth [success=1 default=ignore] pam_ldap.so use_first_pass"
	print "auth [success=ok default=die] pam_krb5.so use_first_pass"
	print "auth required pam_runasroot.so program=/usr/sbin/univention-cyrus-set-quota"
else:
	print "auth sufficient pam_ldap.so use_first_pass"
	print "auth required pam_krb5.so use_first_pass"
@!@

account sufficient pam_unix.so
account required pam_ldap.so

