Am 13.11.2012 14:56, schrieb Marco Gatti:
2012/11/13 Robert Schetterer rs@sys4.de:
Am 13.11.2012 11:35, schrieb Marco Gatti:
Hi, I was looking for a particular case of dovecot configuration I cannot find anywhere. Is there a way dovecot can authenticate via ldap different windows 2008 AD users that have access to the same e-mail account (like user authorization in ms exchange)? For example I want to extend AD schema to let users have 10 email accounts (with multiple domain support). If they are private accounts I think there is no problem at all. But if I want two or more users to access the same mail account what happens? Can I do it with dovecot? Or should I create AD groups and add members to that, to let user access the same mail account? Cheers
there may more ways to goal this, for short looking one, way is described here
http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm
using ldap might be better
look i.e
http://blog.al-shami.net/2008/05/freebsd-postfix-dovecot-and-active-director... http://www.howtoforge.com/postfix-dovecot-authentication-against-active-dire...
for ideas
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Thank you Robert for the quick reply. I'm aware of the links you sent me, however they don't give me a clue if what I was asking may me done. I'll try to give more details. I have to build a multiple domain mail server with the use of windows AD authentication. I've managed to add some extra filed in the AD schema like this:
mail1: account1@example1.com box1: /example1.com/account1/ enabled1: TRUE quota1: 1000000
mail2: account2@example2.com box2: /example2.com/account2/ enabled2: TRUE quota2: 1000000
There could be 10 or 50 of them for each AD user. If I use NTLM or PAM authentication (after joining the AD) I have to use AD usernames to login with dovecot and I don't know how then to deal with different email addresses configured per user. If I use LDAP lookup I have to use the email address as username but then if different AD users have to access the same email account how dovecot can manage it??? For example the LDAP configuration for user and password lookup may be something like this:
user_attrs = sAMAccountName=mail=maildir:/var/mail/%d/%n,=uid=102,=gid=10050 user_filter = (&(objectClass=person)(|(&(mail1=%u)(enabled1=TRUE)) (&(mail2=%u)(enabled2=TRUE)))) pass_attrs = userPassword=password pass_filter = (&(objectClass=person)(|(&(mail1=%u)(enabled1=TRUE)) (&(mail2=%u)(enabled2=TRUE))))
I think I may be missing something important in how dovecot works, but cannot find any documentation about it. Regards
hm thats complex, however i would not recommand trying change exchange/active dir schemas however the only reason i can think of for what you want is using dovecot as proxy?
so what about this ?
http://wiki2.dovecot.org/HowTo/ImapcProxy http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy http://wiki2.dovecot.org/Director
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich