Hello everyone, i was wondering if it was possible to add master user criteria in ldap backends.
the idea is that the users, members of a specific group, should be able to login with their own credentials on behalf of other users.
i've tried setting it up like this:
hosts = localhost dn = CN=ldapuser,OU=someldapou,DC=domain,DC=tld dnpass = <password> auth_bind = yes ldap_version = 3 base = DC=domain,DC=tld user_attrs = sAMAccountName=home=/var/vmail/% $,skip=found,maxStorage=quota_rule=*:storage=% $M,quota_rule2=Trash:storage=+100M user_filter = (&(ObjectClass=person)(sAMAccountName=% u)(memberOf=CN=Domain Admins,CN=Users,DC=domain,DC=tld))
then i added a passdb as follows
passdb { driver = ldap master = yes args = /etc/dovecot/dovecot-ldap-masteruser.conf.ext }
and of course the separator.
but when i try to login with
realuser*userinadministratorsgroup passwordofuserinadministratorsgroup
i get authentication failed.
am i missing something? is it even possible to accomplish such thing? because i didn't see any example in the wiki, only plain passdb and sql.
thanks in advance Francesco
participants (1)
-
Francesco