-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 30 Dec 2013, Mihai Badici wrote:
I have a "pure ldap" setting with postfix and dovecot. When using dovecot delivery, the recipient is checked via ldap. The same ldap query is used when authenticate. So, if I want to authenticate with the uid , I can't use a filter like uid=%u because the delivery will fail. I don't want to use %nor something else because I could use multiple e-mail addresses on a single account.
I actually use a filter like ( mail=%u)|(uid=%u) but I think for more complex situations should be better to have two separate filters, one for authentication and the other for the delivery. What is your oppinion?
There are two filters already:
the passdb filter which is used to find users during authentication
the userdb filter which is used to get the information about users, e.g. after auth and for delivery
The responses of both queries are cached, too.
Where / how would you like to have another filter? What is to get better?
If you want to make the LDAP search more efficient, you could add another LDAP attribute, index it,& add all writings of the users there, e.g.:
dn: uid=user, .... uid: user mail: forename.surname@example.com maildrop: user maildrop: user@host.sub.example.org maildrop: forename.surname@example.com maildrop: forename.surname@example2.com maildrop: forename.oldsurname@example.com maildrop: alias@part.aliasdomain.net
However, the values of maildrop must be unique among all users.
The passdb filter uses uid only, userdb uses maildrop only.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUsu0D13r2wJMiz2NAQJhEQf/ZJbC3z4XlMHrkae1yeWN4M4sWAFV7K8Y +PewH7IIZMwOvx2uiJXKFdhVqoPkseidwKEYJC2e0mSqAAE+wCiqqRj6Oeo1kAKt tVn6EofgabABf03SCULU3YfCITt2F7GBAyMv4kxEMH1WKxdBiABcTmRXhWJzyWPl aMLc+Z4Jqaedq6m8/efR2JlLsCYflmeeCk8vNNguqXifcnUwqTSRvwGnwn+Ny7Eq lgGCbIYNHZVXcUelRmsJ+F4p1ed6rYX1me/+Q8QgQBCKSWaWiBTslgBLpHhdM4+d ISqIcJcV1djlqT6NA3TpMuicv4RkglzvRl07DbvTKzDmhOB8pKdb6g== =HD5o -----END PGP SIGNATURE-----