[Dovecot] Please clarify one point for me on director userdb (Was: Configuration advice needed.)
Jan-Frode Myklebust
janfrode at tanso.net
Mon Jun 3 21:40:47 EEST 2013
On Mon, Jun 03, 2013 at 03:47:08PM +0200, Olivier Girard wrote:
> I'm trying to finish my dovecot setup but things are unclear for me.
>
> I want director proxying mapping to same server for LMTP and POP/IMAP
> connections. My authdb is LDAP and LMTP user are queried with mail
> adress (ldap mail attribute) while IMAP/POP users are identified
> with uid (ldap uid attribute) wich is completly different.
>
> So i end up defining my ldap querys mapping ldap mail attribute to user
> in *_attrs (best choice for future use than uid for our setup) with this
> configuration in dovecot-ldap.conf.ext:
>
> uris = ldap://ldap.uang
> dn = cn=acces-smtp, ou=access, dc=univ-angers, dc=fr
> dnpass = *********
> base = ou=people, dc=univ-angers, dc=fr
> user_attrs = mail=user,homeDirectory=home
> user_filter = (&(|(uid=%u) (mail=%u) (auaAliasEmail=%u))(|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant)))
> pass_attrs = mail=user,userPassword=password
> pass_filter = (&(|(uid=%u) (mail=%u) (auaAliasEmail=%u)) (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant)))
> iterate_attrs = mail=user
> iterate_filter = (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant))
> default_pass_scheme = MD5-CRYPT
>
> Is it the correct method, or do i miss something?
>
It's a bit hard to tell what's unclear to you. This all looks perfectly
fine to me. I run a similar configuration, except:
- I don't have any ldap config on the directors, just a static
passdb:
passdb {
args = proxy=y nopassword=y
driver = static
}
- I use auth binds, instead having dovecot do the
authentication. IMHO that's better, since then there's no
easy way to extract all the hashes from the dovecot side.
auth_bind = yes
auth_bind_userdn = uid=%n,ou=people,o=%d,o=ISP,o=example,c=NO
- I haven't configured any
iterate_attrs/iterate_filter/pass_attrs/iterate_filter or
default_pass_scheme. Have too many users to ever want to
iterate over them all :-)
-jf
More information about the dovecot
mailing list