-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 7 Jan 2014, Mihai Badici wrote:
userdb for delivery) , this could be far better.But I think this is a design issue. Remember: passdb is for authentificating users; userdb is for getting user information. When an user auth's for IMAP, passdb verifies the password and probably overrides the username, in the second step the userdb is queried for the user data. If you use prefetch userdb and provide different passdb and userdb queries, I would not expect a clean run.
Maybe, it's better you give a detailed example, which makes your idea more visible.
Ok, an example is better. let's say I use dovecot with postfix and I have in postfix/master.cf :
dovecot unix - n n - - pipe flags=DRhu user=mailbox:mailbox argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
I use two e-mail addresses, mihai@example.org and mihaib@example.org My uid is mihai.badici ( I choose it not related to e-mail address)
So, the deliver service will query ldap in order to find the mailbox. We need to put mail=%u or maildrop=%u, depends on schema.
On the other hand, the authentication will fail if I use uid, because it use the same query. I can put |(mail=%u)(uid=%u) and it's work, but is rather strange. I can, indeed, use maildrop to "canonify" the mailbox in postfix before delivery, and I think will work too. But I think is more elegant to separate the delivery query and authentication query. I'm not sure if is not possible to use only passdb query for authentication.
That's what I meant in my second reply with "otherwise have the passdb return another username, e.g. the "mail" LDAP attribute to convert the uid into mail adress."
See: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields?highlight=user
You use only "uid" in passdb query, but return a field "user" to override the username, e.g.:
pass_attrs = uid=user
change "uid" to the attribute that holds your primary address.
Use the attribute in the userdb query that enumerate all mail addresses.
However, this has the drawback, IMHO, that you need to type a mail address with doveadm's -u switch.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUs0A9F3r2wJMiz2NAQIlDAgArtE42Fn7a2hTt/tqdOHR8NaGCHC3V1Vo LqbXZ0fp3KnZBzyzT+NY6o4j6XbfBVAbYtwxTFe/auD1SI/BEXcnBWx5Yc/beA6Y CbR6UE+AZl1/JatWF0hck/tNveuRwuHxWdJG2cpXInEdQgDC/UNlvahVMbQC1LLN PK0UBebi0vwWZJFXo2ZrrvjHJPYZHkKmgebKEjxkh91vR8uE9+q8F1tbaJBuKifW iKz4fPCf70OfivoLr3G37WtbclDnzA16pqEaJAolQzJKyE4QMcg3vsXzsavpeNP8 5xUCo7cIeOVdk3PTjmFsS/5LBxP8fjdjkd2aLIZ4y5aWIFwsHzmWBw== =e+qJ -----END PGP SIGNATURE-----