dovecot 1:1.2.9-1ubuntu6.1
I don't know if I can solve this problem with Dovecot, or if it's anLDAP matter.
I'm authenticating users with saslauthd/LDAP, and using Dovecot LDA.
---- dovecot.confpassdb ldap { args = /etc/dovecot/dovecot-ldap-passdb.conf } userdb prefetch { } # The userdb below is used only by deliver. userdb ldap { args = /etc/dovecot/dovecot-ldap-userdb.conf }
----- dovecot-ldap-passdb.conf search base is dc=example,dc=org pass_filter = (&(objectclass=brPerson)(objectclass=inetOrgPerson)(mail=%u)) pass_attrs = userPassword=password,%u=user
----- dovecot-ldap-userdb.conf search base is ou=%d,ou=mail,ou=services,dc=example,dc=org user_filter = (&(objectclass=nisMailAlias)(cn=%n)) user_attrs = rfc822MailMember=user,EmailQuota=quota_rule=*:storage=%$M
Here is how the LDAP tree is:
ou=mail,ou=services,dc=example,dc=org
ou=subdomain1.example.org,ou=mail,ou=services,dc=example,dc=org
example entry under "ou=subdomain1.example.org"
---dn: cn=userfoo,ou=subdomain1,ou=mail,ou=services,dc=example,dc=org cn: userfoo edupersonprincipalname: WEMHVDEA-FUAOBAAA@example.org (some sort of unique identifier) emailquota: 512 objectclass: eduPerson objectclass: nisMailAlias rfc822mailmember: userfoo@subdomain1.example.org
---
ou=people,dc=example,dc=orgdn: uid=29859085900@example.org,ou=people,dc=example,dc=org uid: 29859085900@example.org eduPersonPrincipalName: WEMHVDEA-FUAOBAAA@example.org userPassword: {MD5}6ZoYxCjLONXyYIU2eJIuAw== objectClass: person objectClass: inetOrgPerson objectClass: eduPerson mail: 29859085900@example.org mail: userf@director.example.org mail: userfoo@dptoxyz.example.org mail: userfoo@subdomain1.example.org
When delivering email, it must search under "services", for the proper "rfc822mailmember", which is the mailbox.
When authenticating, there's where my problem is, I can't have ALL
user e-mails under "ou=people", maybe just 1, so I need to search
under "ou=services", there I have all user email addresses, and by
using "edupersonPrincipalName", I want to point to the right location
under "ou=people", where I have the user password.
edupersonPrincipalName is the attribute present under "ou=services"
and "ou=people" that links the entries.
I tried to do it by changing passdb filter file, like this:
pass_filter = (&(objectclass=eduPerson)(mail=%u)) pass_attrs = userPassword=userdb_password,eduPersonPrincipalName=userdb_user
It works, but changes the username to the value of "edupersonprincipalname", and this changes the mailbox name. Dovecot accesses the wrong mailbox then (something like 29859085900@example.org).
My question is: is it possible to change the passdb filter, so it searches for somemail@sub1.example.org (under ou=services), then it gets the value of "edupersonprincipalname" (the unique identifier, present under "services" and "people"), and with that value, it looks under "people" the person with that identifier and validates the password. It would be a filter inside a filter, sort of.
thanks, and sorry if this is a little offtopic.
This message was sent using IMP, the Internet Messaging Program.