[Dovecot] LDAP auth improvements

Christoph Bußenius busseniu at in.tum.de
Fri Feb 3 15:47:41 EET 2012

On 02.02.2012 14:54, Timo Sirainen wrote:
> user_attrs {
>    home = %{ldap:homeDirectory}
>    uid = %{ldap:uidNumber}
>    gid = %{ldap:gidNumber}
>    mail = %{ldap:mailboxFormat}:%{ldap:homeDirectory}
> }
> Any ideas for further improvements before I do this change?

One thing I was recently missing was something like this:

If the user is in LDAP group "group1", then use
    host = imap1
otherwise use
    host = imap2

However this would require a separate LDAP query since most LDAP servers 
do not list any group information in the user table.

Another nice feature: Use some sort of script to compute the lookup 
result, e.g. an external shell script:

if [[ $ldap_uid == fred ]]; then
   echo "quota_rule = storage=3G"
   echo "quota_rule = storage=100M"

Stuff like this is possible for SQL user databases, however LDAP does 
not have such flexible queries.


Christoph Bußenius
Rechnerbetriebsgruppe der Fakultäten Informatik und Mathematik
TU München
+49 89-289-18519 <> Raum 00.05.055 <> Boltzmannstr. 3 <> Garching

More information about the dovecot mailing list