[Dovecot] LDAP for Virtual Domains
Is anyone using LDAP along with Dovecot where mail is being accessed
in the form of /var/vmail/${domain}/${user}? I have not figured out
how to extract the domain from LDAP in order to make this work. I
know this is sparse information but maybe there is an easy fix. If
not, I can post more information.
Bryan
<quote who="Bryan Vyhmeister">
What config have you tried?
-- Kind Regards,
Gavin Henry. Managing Director.
T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
On May 17, 2007, at 12:06 AM, Gavin Henry wrote:
Sorry, I should have given more detail. Right now, I have one server
which is authenticating off of a passwd file from Dovecot. Postfix
accesses Dovecot's auth socket interface for SMTP AUTH passwords and
such. I use a virtual mailbox map and virtual alias map through
Postfix to decide where to deliver mail. In Dovecot, I have
mail_location set as follows:
mail_location = maildir:/var/vmail/domains/%d%n
That allows it to work fine for finding my mailboxes. I have tried
the default Dovecot LDAP file but I am not sure I really understand
how it all works. I guess this also involves picking a logical way to
setup my LDAP structure as well.
I think I could make this work by making the LDAP uid
user@domain.com. I don't think this is the best way of setting it up
though. All of my users login with user@domain.com and I want to keep
it that way. It does not seem like LDAP was designed to authenticate
this way quite as well.
Bryan
Bryan Vyhmeister wrote:
The only key mail program I haven't been able to use with my setup is maildrop - I would have to store the mailfolder in LDAP, which I refuse to do. So I have a second database I need to maintain (for courier-authlib) for the couple users that use maildrop until I can come up with an alternative.
-- Daniel
On Thursday 17 May 2007 04:06:52 Bryan Vyhmeister wrote:
The attachments contain my configuration. Maybe you could document some more on the wiki?
dn: dc=mail,dc=quies,dc=net objectClass: top objectClass: dcObject objectClass: organizationalRole dc: mail cn: Quies Net mail division
dn: cn=dovecot,dc=mail,dc=quies,dc=net objectClass: top objectClass: organizationalRole objectClass: simpleSecurityObject cn: dovecot description: Dovecot daemon userPassword: not public
dn: ou=accounts,dc=mail,dc=quies,dc=net objectClass: top objectClass: organizationalUnit ou: accounts
dn: cn=quies.net,ou=accounts,dc=mail,dc=quies,dc=net objectClass: top objectClass: posixGroup cn: quies.net gidNumber: 10000
dn: uid=pascal@quies.net,cn=quies.net,ou=accounts,dc=mail,dc=quies,dc=net objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount uid: pascal@quies.net uidNumber: 10000 gidNumber: 10000 homeDirectory: /var/spool/imap/net.quies/pascal userPassword: not public cn: Pascal de Kloe givenName: Pascal sn: de Kloe etc.
On May 17, 2007, at 4:44 AM, Pascal S. de Kloe wrote:
If I understand your config correctly, you set your home directory in
LDAP and then just deliver to ~/Maildir/ which goes to the correct /
var/spool/imap/domain/user like I mentioned. In that case, do
additional folders get created inside your Maildir or in the home
folder itself? Thank you for the response.
Bryan
On Friday 18 May 2007 03:52:40 Bryan Vyhmeister wrote:
That is correct. All mail goes into the Maildir folder and the SIEVE scripts are at ~/.dovecot.sieve.
It seemed like the most portable and extendable configuration. You could modify the LDAP homeDirectory at a later time with a simple query.
On May 17, 2007, at 4:44 AM, Pascal S. de Kloe wrote:
I recognize that this is the dovecot list, not the Postfix list but I
wasn't sure if you were using Postfix as well. If so, how are you
getting around Postfix wanting mailacceptinggeneralid in order to
accept messages? Thank you.
Bryan
20.05.2007 23:00 Bryan Vyhmeister:
query_filter = (&(mail=%s))
mailacceptinggeneralid=%s ist the default value for query_filter.
maybe the &-operator ANDs your expression to the default.
anyway, if you just want to filter for the mail address, the &-
operator is unneccessary. try query_filter = (mail=%s) instead.
Marc
Bryan Vyhmeister wrote:
I am using almost this exact setup. What I love about this is my LDAP config is minimal - no special schemas required (just core, cosine, nis, and inetorgperson). Everything is driven by the "mail" field - you store the full mail address, with domain, and the userPassword. I'm using Postfix and Dovecot.
Dovecot.conf
... default_mail_env = maildir:/var/mail/%d/%n valid_chroot_dirs = /var/mail passdb ldap { args = /etc/dovecot/dovecot-ldap.conf } userdb passwd { args = /etc/dovecot/dovecot-ldap.conf } userdb ldap { args = /etc/dovecot/dovecot-ldap.conf } ...
EOF
Dovecot-ldap.conf
hosts = localhost auth_bind = no auth_bind_userdn = uid=%n, ou=People, dc=amfeslan, dc=local ldap_version = 3 base = ou=People, dc=amfeslan, dc=local
here's your magic lines
user_attrs = %d/%n=mail user_filter = (mail=%u) pass_attrs = (&userPassword=password)(mail=%u)) user_global_uid = 5000 user_global_gid = 8
EOF
-- Daniel
Timo Sirainen wrote:
Thanks. Probably left over from when I was trying to implement the single LDAP lookup configuration - which I gave up on. Haven't noticed any significant performance hit using the separate user/pass lookups - though I'll revisit it soon I'm sure.
-- Daniel
participants (6)
-
Bryan Vyhmeister
-
Daniel L. Miller
-
Gavin Henry
-
Marc Delling
-
Pascal S. de Kloe
-
Timo Sirainen