[Dovecot] LDAP for Virtual Domains

Daniel L. Miller dmiller at amfes.com
Fri May 18 17:49:40 EEST 2007 

Bryan Vyhmeister wrote:
> On May 17, 2007, at 12:06 AM, Gavin Henry wrote:
>
>> <quote who="Bryan Vyhmeister">
>>> Is anyone using LDAP along with Dovecot where mail is being accessed
>>> in the form of /var/vmail/${domain}/${user}? I have not figured out
>>> how to extract the domain from LDAP in order to make this work. I
>>> know this is sparse information but maybe there is an easy fix. If
>>> not, I can post more information.
>>
>> What config have you tried?
>
> Sorry, I should have given more detail. Right now, I have one server 
> which is authenticating off of a passwd file from Dovecot. Postfix 
> accesses Dovecot's auth socket interface for SMTP AUTH passwords and 
> such. I use a virtual mailbox map and virtual alias map through 
> Postfix to decide where to deliver mail. In Dovecot, I have 
> mail_location set as follows:
>
> mail_location = maildir:/var/vmail/domains/%d%n
Hope you've got a "/" between the %d and %n that got dropped off ....
>
> That allows it to work fine for finding my mailboxes. I have tried the 
> default Dovecot LDAP file but I am not sure I really understand how it 
> all works. I guess this also involves picking a logical way to setup 
> my LDAP structure as well.
LDAP is one of the biggest headaches you get into - despite the fact 
that lots of people seem to think it's THE solution for centralized user 
management.  Google, read, google, read, curse, google, read, try, fail, 
google, read . . . get it working (still not understanding why), touch 
something, break it, curse, google, read, google, read, try again . . .
>
> I think I could make this work by making the LDAP uid user at domain.com. 
> I don't think this is the best way of setting it up though. All of my 
> users login with user at domain.com and I want to keep it that way. It 
> does not seem like LDAP was designed to authenticate this way quite as 
> well.
uid should be . . . uid.  One of the key items to understand about LDAP 
integration with most programs is there IS NO STANDARD.  YOU define 
which fields are used.  So you tell Dovecot, Postfix, or whatever which 
fields to search, and which fields to return, and what information is 
meaningful.  Your login format will work just fine - but LDAP needs to 
have a field with that information stored (mail), and your LDAP-using 
servers need to be told which field to use.

The only key mail program I haven't been able to use with my setup is 
maildrop - I would have to store the mailfolder in LDAP, which I refuse 
to do.  So I have a second database I need to maintain (for 
courier-authlib) for the couple users that use maildrop until I can come 
up with an alternative.

-- 
Daniel

More information about the dovecot mailing list