[Dovecot] multiple users to same e-mail account with ldap authentication

Wed Nov 14 10:55:59 EET 2012

2012/11/13 Robert Schetterer <rs at sys4.de>:
> Am 13.11.2012 14:56, schrieb Marco Gatti:
>> 2012/11/13 Robert Schetterer <rs at sys4.de>:
>>> Am 13.11.2012 11:35, schrieb Marco Gatti:
>>>> Hi, I was looking for a particular case of dovecot configuration I
>>>> cannot find anywhere.
>>>> Is there a way dovecot can authenticate via ldap different windows
>>>> 2008 AD users that have access to the same e-mail account (like user
>>>> authorization in ms exchange)?
>>>> For example I want to extend AD schema to let users have 10 email
>>>> accounts (with multiple domain support). If they are private accounts
>>>> I think there is no problem at all. But if I want two or more users to
>>>> access the same mail account what happens? Can I do it with dovecot?
>>>> Or should I create AD groups and add members to that, to let user
>>>> access the same mail account?
>>>> Cheers
>>>>
>>>
>>> there may  more ways to goal this, for short looking one, way is
>>> described here
>>>
>>> http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm
>>>
>>> using ldap might be better
>>>
>>> look i.e
>>>
>>> http://blog.al-shami.net/2008/05/freebsd-postfix-dovecot-and-active-directory/
>>> http://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x
>>>
>>>
>>> for ideas
>>>
>>> Best Regards
>>> MfG Robert Schetterer
>>>
>>> --
>>> [*] sys4 AG
>>>
>>> http://sys4.de, +49 (89) 30 90 46 64
>>> Franziskanerstraße 15, 81669 München
>>>
>>> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
>>> Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
>>> Aufsichtsratsvorsitzender: Joerg Heidrich
>>
>>
>> Thank you Robert for the quick reply.
>> I'm aware of the links you sent me, however they don't give me a clue
>> if what I was asking may me done.
>> I'll try to give more details.
>> I have to build a multiple domain mail server with the use of windows
>> AD authentication.
>> I've managed to add some extra filed in the AD schema like this:
>>
>> mail1: account1 at example1.com
>> box1: /example1.com/account1/
>> enabled1: TRUE
>> quota1: 1000000
>>
>> mail2: account2 at example2.com
>> box2: /example2.com/account2/
>> enabled2: TRUE
>> quota2: 1000000
>>
>> There could be 10 or 50 of them for each AD user.
>> If I use NTLM or PAM authentication (after joining the AD) I have to
>> use AD usernames to login with dovecot and I don't know how then to
>> deal with different email addresses configured per user.
>> If I use LDAP lookup I have to use the email address as username but
>> then if different AD users have to access the same email account how
>> dovecot can manage it???
>> For example the LDAP configuration for user and password lookup may be
>> something like this:
>>
>> user_attrs = sAMAccountName=mail=maildir:/var/mail/%d/%n,=uid=102,=gid=10050
>> user_filter = (&(objectClass=person)(|(&(mail1=%u)(enabled1=TRUE))
>> (&(mail2=%u)(enabled2=TRUE))))
>> pass_attrs = userPassword=password
>> pass_filter = (&(objectClass=person)(|(&(mail1=%u)(enabled1=TRUE))
>> (&(mail2=%u)(enabled2=TRUE))))
>>
>> I think I may be missing something important in how dovecot works, but
>> cannot find any documentation about it.
>> Regards
>>
>
> hm thats complex, however i would not
> recommand trying change exchange/active dir schemas
> however the only reason i can think of for what you want is using
> dovecot as proxy?
>
> so what about this ?
>
> http://wiki2.dovecot.org/HowTo/ImapcProxy
> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy
> http://wiki2.dovecot.org/Director

Hmm I don't know honestly. I'll give it a try.

-- 
Marco