On Mon, Jun 03, 2013 at 03:47:08PM +0200, Olivier Girard wrote:
I'm trying to finish my dovecot setup but things are unclear for me.
I want director proxying mapping to same server for LMTP and POP/IMAP connections. My authdb is LDAP and LMTP user are queried with mail adress (ldap mail attribute) while IMAP/POP users are identified with uid (ldap uid attribute) wich is completly different.
So i end up defining my ldap querys mapping ldap mail attribute to user in *_attrs (best choice for future use than uid for our setup) with this configuration in dovecot-ldap.conf.ext:
uris = ldap://ldap.uang dn = cn=acces-smtp, ou=access, dc=univ-angers, dc=fr dnpass = ********* base = ou=people, dc=univ-angers, dc=fr user_attrs = mail=user,homeDirectory=home user_filter = (&(|(uid=%u) (mail=%u) (auaAliasEmail=%u))(|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant))) pass_attrs = mail=user,userPassword=password pass_filter = (&(|(uid=%u) (mail=%u) (auaAliasEmail=%u)) (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant))) iterate_attrs = mail=user iterate_filter = (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant)) default_pass_scheme = MD5-CRYPT
Is it the correct method, or do i miss something?
It's a bit hard to tell what's unclear to you. This all looks perfectly fine to me. I run a similar configuration, except:
- I don't have any ldap config on the directors, just a static
passdb:
passdb {
args = proxy=y nopassword=y
driver = static
}
- I use auth binds, instead having dovecot do the
authentication. IMHO that's better, since then there's no
easy way to extract all the hashes from the dovecot side.
auth_bind = yes
auth_bind_userdn = uid=%n,ou=people,o=%d,o=ISP,o=example,c=NO
- I haven't configured any
iterate_attrs/iterate_filter/pass_attrs/iterate_filter or
default_pass_scheme. Have too many users to ever want to
iterate over them all :-)-jf