Again, a bit more reading got me to adding this to my passdb config:
username_filter = *@domain-a.com
This way, I can control which domains get to authenticate via my ldap backend, which gives me time to design a good way of saving other attributes there.
If anyone have other ways of doing this, ie., having multiple domains on ldap/freeipa and getting an elegant integration with Dovecot, I’d be glad to hear.
Best,
Francis
On 14 Oct 2022, at 21:58, dovecot-request@dovecot.org wrote:
I actually saw that it was possible, and it works, but I came across another problem and I wonder if you have any tips about it:
On my current dovecot setup, I use SQL as the backend. So I have the following users:
francis@domain-a.com mailto:francis@domain-a.com mailto:francis@domaina.com francis@domain-b.com mailto:francis@domain-b.com mailto:francis@domain-b.com
Those are separate users which their own mailboxes.
However, I have a freeipa that is configured for the
domain-a.com <http://domain-a.com/> <http://domain-a.com/>realm. However, since I am using%nfor the uid search:auth_bind_userdn = uid=%n,cn=users,cn=accounts,dc=domain-a,dc=com And pass_filter = (&(objectClass=posixAccount)(uid=%n))
It of course leads up to both users above being able to authenticate with the same password.
Is there a way to limit ldap authentication to just one domain, or perform a search where both username and domain are checked? I could use the `mail``attribute to filter users, but I imagine that if two users have the same mail configured, I?d run into trouble?.
Best,
Francis
On 14 Oct 2022, at 20:08, dovecot-request@dovecot.org mailto:dovecot-request@dovecot.org wrote:
Hi,
I couldn't find it in the documentation, so I was wondering - is it possible to configure Dovecot to use LDAP for passdb and keep using SQL for userdb?
I would like to do that before I come up with a good strategy to expand my ldap schema to support other mail attributes for virtual domains, aliases, etc.
I am currently using FreeIPA.
Best,
Francis