[dovecot-cvs] dovecot/doc dovecot-ldap.conf,1.15.2.1,1.15.2.2
tss at dovecot.org
tss at dovecot.org
Sat Nov 4 15:00:29 UTC 2006
- Previous message: [dovecot-cvs] dovecot/src/master login-process.c,1.87,1.88
- Next message: [dovecot-cvs] dovecot/src/auth db-ldap.c, 1.41.2.7, 1.41.2.8 db-ldap.h, 1.20.2.4, 1.20.2.5 passdb-ldap.c, 1.44.2.3, 1.44.2.4 userdb-ldap.c, 1.40, 1.40.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /var/lib/cvs/dovecot/doc
In directory talvi:/tmp/cvs-serv21169/doc
Modified Files:
Tag: branch_1_0
dovecot-ldap.conf
Log Message:
LDAP code changes: If auth binds are used, bind back to the default dn
before doing a search. Otherwise it could fail if user gave an invalid
password. Initial binding is now also done asynchronously. Reconnecting to
LDAP server wasn't working with auth binds. Use pass_attrs even with
auth_bind=yes since it may contain other non-password fields also. Updated
dovecot-ldap.conf to contain sasl_bind settings and reflect these changes.
Index: dovecot-ldap.conf
===================================================================
RCS file: /var/lib/cvs/dovecot/doc/dovecot-ldap.conf,v
retrieving revision 1.15.2.1
retrieving revision 1.15.2.2
diff -u -d -r1.15.2.1 -r1.15.2.2
--- dovecot-ldap.conf 11 Sep 2006 19:13:02 -0000 1.15.2.1
+++ dovecot-ldap.conf 4 Nov 2006 15:00:27 -0000 1.15.2.2
@@ -22,15 +22,37 @@
# Password for LDAP server
#dnpass =
+# Use SASL binding instead of the simple binding. Note that this changes
+# ldap_version automatically to be 3 if it's lower. Also note that SASL binds
+# and auth_bind=yes don't work together.
+#sasl_bind = no
+# SASL mechanism name to use.
+#sasl_mech =
+# SASL realm to use.
+#sasl_realm =
+# SASL authorization ID, ie. the dnpass is for this "master user", but the
+# dn is still the logged in user. Normally you want to keep this empty.
+#sasl_authz_id =
+
# Use authentication binding for verifying password's validity. This works by
# logging into LDAP server using the username and password given by client.
-# NOTE: pass_attrs option will (naturally) be ignored if you enable this.
+# The pass_filter is used to find the DN for the user. Note that the pass_attrs
+# is still used, only the password field is ignored in it. Before doing any
+# search, the binding is switched back to the default DN.
#auth_bind = no
# If authentication binding is used, you can save one LDAP request per login
# if users' DN can be specified with a common template. The template can use
-# the standard %variables (see user_filter). For example:
+# the standard %variables (see user_filter). Note that you can't
+# use any pass_attrs if you use this setting.
#
+# If you use this setting, it's a good idea to use a different
+# dovecot-ldap.conf for userdb (it can even be a symlink, just as long as the
+# filename is different in userdb's args). That way one connection is used only
+# for LDAP binds and another connection is used for user lookups. Otherwise
+# the binding is changed to the default DN before each user lookup.
+#
+# For example:
# auth_bind_userdn = cn=%u,ou=people,o=org
#
#auth_bind_userdn =
- Previous message: [dovecot-cvs] dovecot/src/master login-process.c,1.87,1.88
- Next message: [dovecot-cvs] dovecot/src/auth db-ldap.c, 1.41.2.7, 1.41.2.8 db-ldap.h, 1.20.2.4, 1.20.2.5 passdb-ldap.c, 1.44.2.3, 1.44.2.4 userdb-ldap.c, 1.40, 1.40.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dovecot-cvs
mailing list