On Tuesday 07 January 2014 09:00:15 you wrote:
On Mon, 30 Dec 2013, Mihai Badici wrote:
I have a "pure ldap" setting with postfix and dovecot. When using dovecot delivery, the recipient is checked via ldap. The same ldap query is used when authenticate. So, if I want to authenticate with the uid , I can't use a filter like uid=%u because the delivery will fail. I don't want to use %nor something else because I could use multiple e-mail addresses on a single account.
I actually use a filter like ( mail=%u)|(uid=%u) but I think for more complex situations should be better to have two separate filters, one for authentication and the other for the delivery. What is your oppinion? There are two filters already:
the passdb filter which is used to find users during authentication
the userdb filter which is used to get the information about users, e.g. after auth and for delivery
The passdb filter uses uid only, userdb uses maildrop only.
There is not the efficiency , but the flexibility who interest me. There are two sepparate processes: delivery and authentication. During delivery, dovecot will check if the mailbox exists and where it is located; it is not important how the user is authenticated. During authentication, there is user, pasword and mailbox location, iti is not important if the user has an valid e-mail address.
When the filter is accessed by the delivery module, the query string must be the e-mail ( all other solutions will fail when multiple e-mail addresses and non-standard uid are used). When the filter is accessed via the authentication module, the query will contain the username, not the e-mail . So basically there is not the same string provided as argument for the query filter. We need all sort of workarounds to solve this dilema, like the "or" between mail and uid , split the e-mail address as %u and % d and so on.... With two query strings, one for authentication and the other for delivery I think it could be more elegant and clear.
-- Steffen Kaiser
-- Mihai Bădici http://mihai.badici.ro