Dovecot LDAP using custom field to allow users to connect

Martin Wheldon martin.wheldon at greenhills-it.co.uk
Wed Jun 7 14:14:56 EEST 2017


Hi Michael,

Just noticed you are using auth_bind_userdn which we don't.
I think you may need to use pass_filter rather than user_filter??

Best Regards

Martin

On 2017-06-07 10:59, Martin Wheldon wrote:
> Hi Michael,
> 
> We do exactly that see example below:
> 
> user_filter =
> (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u)))
> pass_filter =
> (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)))
> 
> Does it work without the AllowUser section of the search?
> Do you get any records back when you do a ldapsearch with your
> user_filter search?
> 
> Best Regards
> 
> Martin
> 
> On 2017-06-07 09:48, Michael JOIGNY wrote:
>> Hi all,
>> 
>> I'd like to know if it's possible to add a custom field when the
>> authentification is made by users.
>> 
>> My boolean custom field will be for example "AllowUser" (false/true).
>> 
>> I'm trying to do something like that but it's not working :
>> 
>> /user_filter =
>> (&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/
>> 
>> This is my dovecot/ldap configuration below :
>> 
>> /*# dovecot.conf*
>> /
>> /passdb {//
>> //  driver = ldap//
>> //  args = /etc/dovecot/dovecot-ldap.conf//
>> //}/
>> 
>> *# dovecot-ldap.conf*
>> 
>> /hosts = myurl:myport//
>> //dn = cn=myuser,dc=mydomain,dc=com//
>> //dnpass = ********//
>> //a//uth_bind = yes//
>> //auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com//
>> //ldap_version = 3//
>> //base = ou=Users,dc=mydomain,dc=com//
>> //scope = base//
>> //default_pass_scheme = SSHA512
>> /
>> Do you have an idead ?
>> 
>> Kind regards.
>> 
>> --
>> Michael


More information about the dovecot mailing list