On 09/15/2009 11:18 PM, Ian Levesque wrote:
Hello,
I'm trying to configure my user_attrs using LDAP as the userdb so that dovecot knows what secondary groups a user is a member of. The LDAP backend is an Open Directory implementation, which stores secondary group affiliations as memberUid attributes in cn=groupname,cn=groups,dc=dns,dc=name,dc=server.
With ldapsearch, my query would be:
ldapsearch -x -b cn=groups,dc=dns,dc=name,dc=server "(memberUid=ian)" cn
Is this possible to configure in Dovecot?
I needed the ability to authorize users against secondary groups like yours that store membership in memberUid. The easiest way I found to do so was to flip dovecot over to use checkpassword authentication, and therefore my perl implementation of checkpassword (which auths against ldap). The wiki has some config notes, but for example I use this:
passdb checkpassword { # Path for checkpassword binary args = /opt/bin/checkpassword-ldap.pl }
userdb prefetch { }
# for deliver userdb passwd { args = blocking=yes }
With the login process in perl, you can do whatever you want, including checking secondary groups, setting variables prefetch-style (userdb_uid), overriding settings per-user, etc. I would be happy to share the perl I have hacked up to do this off list (not quite ready for release).
-Jeff
-- Jeff Hardy Systems Analyst hardyjm@potsdam.edu