citadel offers you the sendcommand program, to do single api calls to it. One of these api calls is QDIR You could use it to test whether an email would be deliverable on this host. for example (called as root)
sendcommand "QDIR email@example.com"
would check if someuser exists. (Note: the mail.aliases file isn't examined here for.)
If you have chosen not to use citadels internal accounting, citadel forks an extra deamon on start check whether an password is right on the system or not (it needs root privileges for that, and thus starts this before dropping the privileges). You can however check this with the citadels chkpw program (you have to be root… ) Given /etc/passwd contains a line like that:
(where 1000 is the UID, and 100 is the GID) chkpw would be called like that:
root:~# /usr/lib/citadel-server/chkpw ** host auth mode test utility ** Starting chkpwd daemon for host authentication mode Username: <you enter "someuser"> uid: 1000 Password:OpenSesame pass Username: <you enter "someuser"> uid: 1000 Password:WrongPassvoid fail <hit CTRL+C to stop it>
Hence it is not able to retrieve the UID you need to look for that. If password validation fails you need to trace this. This applies to ldap authentication too, since its done via pam.