[Dovecot] LDAP as password database - some problems / suggestions

Marcio Merlone marcio.merlone at a1.ind.br
Thu Feb 18 15:36:41 EET 2010


Em 18/2/2010 06:19, Stefan Palme escreveu:
> In LDAP, I have users like this:
>
>    dn:cn=user1,ou=users,dc=kapott,dc=org
>    dn:cn=user2,ou=users,dc=kapott,dc=org
> etc.
>    
(...)
> My problem: not ALL users from the LDAP system should be allowed to
> use the IMAP server. Currently, I have defined an auth_bind_userdn
> of "cn=%u,ou=users,dc=kapott,dc=org" in dovecot-ldap.conf, but with
> this, user1 AND user2 could login (but I don't want user2 to be able
> to use dovecot).
>    

I use LDAP on PAM, and dovecot uses PAM as auth method, so I can have a 
separeted /etc/ldap_dovecot.conf wich filters "nss_base_passwd 
ou=People,dc=xxx?one?objectClass=mailUser" (I have a postfix.schema I 
downloaded somewhere that implements mailUser, you may use whatever 
objectclass you find best). That /etc/ldap_dovecot.conf is read by 
/etc/pam.d/dovecot wich is used by dovecot. This may be tweaked to solve 
your needs.

Regards,

-- 
Marcio Merlone

-------------- next part --------------
A non-text attachment was scrubbed...
Name: marcio_merlone.vcf
Type: text/x-vcard
Size: 326 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20100218/3839dd9b/attachment.vcf 


More information about the dovecot mailing list