Escape comma in the LDAP passdb subquery configuration
Hi I have to configure the LDAP passdb to execute a subquery defining dinamically the new DN to use.
For example:
pass_attrs = @mail=mail=%{login_user},dc=%{login_domain},dc=example,dc=com,
=proxy=y,
=host=%{ldap:mailHost@mail}
In the previous example, the problem is the use of "," for DN representation, which is also the separator for the attribute template in the pass_attr parameter value. I tried to escape it with '\' or '%' but it doesn't work. Dovecot version is 2.2.13. How can I resolve this issue?
Thanks in advance
Hi,
On 10/09/2014 08:07, Jogi Hofmüller wrote:
dn: uid=myuser,ou=People,dc=example,dc=com ... uid: myuser associatedMailbox: mymbox@example.com userPassword: **********
dn: mail=mymbox@example.com,ou=Mailboxes,dc=example,dc=com ... mail: mymbox@example.com mailHost: 192.168.0.1 homeDirectory: /path/to/homedir
In the configuration of the back-end instance I use different filters to get different LDAP entries in the passdb (user entries) and userdb (mailbox entries). The problem is in the proxy configuration because Dovecot must execute a LDAP bind with the user entry but it needs to get also the mailHost attribute in the mailbox entry to connect to the correct back-end server. The complete passdb configuration is:
pass_attrs =@mail=mail=%{login_user},dc=%{login_domain},dc=example,dc=com,
=proxy=y,
=host=%{ldap:mailHost@mail}
pass_filter = (&(uid=%{user})(associatedMailbox=%{login_user}))
I'm thinking to implement this authentication using an external auth daemon and configure Dovecot tu use an auth-dict, but I would avoid to execute an independent daemon. Can I configure Dovecot to spawn an external process? Is this a valid solution for your experience?
Cheers,
Regars
participants (3)
-
Francesco Fiore
-
Giovanni Mancuso
-
Jogi Hofmüller