Em 18/2/2010 06:19, Stefan Palme escreveu:
In LDAP, I have users like this:
dn:cn=user1,ou=users,dc=kapott,dc=org dn:cn=user2,ou=users,dc=kapott,dc=org etc.
(...)
My problem: not ALL users from the LDAP system should be allowed to use the IMAP server. Currently, I have defined an auth_bind_userdn of "cn=%u,ou=users,dc=kapott,dc=org" in dovecot-ldap.conf, but with this, user1 AND user2 could login (but I don't want user2 to be able to use dovecot).
I use LDAP on PAM, and dovecot uses PAM as auth method, so I can have a separeted /etc/ldap_dovecot.conf wich filters "nss_base_passwd ou=People,dc=xxx?one?objectClass=mailUser" (I have a postfix.schema I downloaded somewhere that implements mailUser, you may use whatever objectclass you find best). That /etc/ldap_dovecot.conf is read by /etc/pam.d/dovecot wich is used by dovecot. This may be tweaked to solve your needs.
Regards,
-- Marcio Merlone