[Dovecot] Use both SQL and LDAP

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Tue Jun 29 17:11:03 EEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 29 Jun 2010, Shayne Jellesma wrote:

> I am just wondering if it is possible to use both SQL and LDAP queries at
> the same time to get information.
>
> Example on why I want to do this:
>
> I work at a school where we have the need for 2 separate types of mailbox
> configuration (better wording is eluding me at the moment). Staff and

Well, Dovecot works by requesting attributes from a database, that means

> The way I am thinking, if this is even possible, to pull username and group
> membership from Active Directory. Check the groups against a SQL query to

it can pull a group membership, but cannot put a "semantic" to it.
Well, Timo built lots of stuff in that part of code, so I maybe miss some 
trick here.

> give the user the appropriate mailbox size. Also, having email is a
> privilege, not a right at my school so is it also possible to check if a
> user is part of a BannedEmailUsers or AllowedEmailUser group so I could
> quickly and effectively disable accounts as needed.

You can easily authentificate against one source and request user 
information from yet another source.

You can use a full customized SQL query, hence, anything your SQL DB can 
generate - well, maybe your SQL DB can query the group membership - can be 
used to generate the attributes.

However:

a) if you want to selectivly allow access to your server for your 
userbase, I see two ways

1) think of a query for your passdb { } that only returns true for allowed 
users. Dovecot support a myriad of passdb backends, even a shell script.

2) craft a, presumly, SQL query, that returns mail_location to a read-only 
directory, explaining that the user may not have any access here, but what 
they can do to get one.

b) if you want to return different quota, you have to think of a query, 
that returns the required _numbers_ per user. Or for one sete of users and 
configure the other value as default.

Reading your post I guess you must merge some information, in order to get 
both requirements fullfilled.

Regards,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBTCn++b+Vh58GPL/cAQKlxgf/XTDjYzzAty+BfY8CWcTw7BmHRb/sF9Gh
rfrTL/NttDhyMny4AxedBNdQ91ZrWUqzQqsQtdQr/KRLPWBJ1anj/aFtNnxadzNf
4YMhnLWOGQu6OeXs30RZGrJuzuz3vnImKq2rVrhsn1ZmiZLTSz1zKCf87WOTkE14
98KWaGzc6BtEZ6Ga1cJYXPcJ7A9tD6I7wbT9ol64YFEBp6W/G1Pa+O3voD0Y7pHI
ylVIMvwx9CFH0SGIfI3BxdNwnN7rSOAp/NCrys+xwCvBBTPfNFCv4xHorz1zO78R
yMg0wtHTsdMFR+wlYK9RCr42Jd6rlnUEttzVIEueeYIAcye2YahxQw==
=39ov
-----END PGP SIGNATURE-----


More information about the dovecot mailing list