Dovecot with LDAP and Solr: Force Solr user key
Good morning everyone. I am configuring dovecot with ldap and solr as fts plugins. The LDAP configuration works correctly and users can log in both via the userPrincipalName attribute and via mail. In this configuration the LDAP realm and the email domain differ, and on the server the LDAP realm domain is privileged. This means that the mail dir is located in ./ldap_realm/username and in the same way postfix delivers the emails to dovecot using username@ldap_realm as envelope recipient. Consequently the emails are indexed on solr using "username@ldap_realm" as user key. However if I log in in imap using the email address as username and try to do some searches dovecot sends a select to solr using the email address as key and not the ldap user, and consequently I do not get any results from the search. So my question is: is it possible to configure dovecot to force queries to solr so that "username@ldap_realm" is always used as the key even when logging in via email?
Dovecot version is: 2.3.7.2
Solr version: 7.2.1
Ldap configuration:
[...] user_filter = (&(|(userPrincipalName=%u)(mail=%u))(objectClass=person)(!(userAccountControl=514))(memberOf=cn=Mail,ou=Groups,dc=example,dc=org)) pass_filter = (&(|(userPrincipalName=%u)(mail=%u))(objectClass=person)(!(userAccountControl=514))(memberOf=cn=Mail,ou=Groups,dc=example,dc=org)) pass_attrs = userPassword=password user_attrs = =home=/data/mail/%Ld/%Ln/Maildir/,=mail=maildir:/data/mail/%Ld/%Ln/Maildir/
Solr configuration:
plugin { fts = solr fts_solr = url=http://solr_host:8983/solr/dovecot/ fts_autoindex=yes }
Best regards
-- Logo Mynet
*Michele Giacomoli*
Reparto IT
32.000 km di fibra ottica nel nord Italia al servizio delle aziende
*www.mynet.it* <https://www.mynet.it/> - *www.vogliadifibra.it* <https://www.vogliadifibra.it/>
Nevermind, I'll answer my own question.
I simply have to normalize the username attribute to user's ldap userPrincipalName in user_attrs setting. So the resulting configuration in becomes:
user_attrs = =user=%{ldap:userPrincipalName},=home=/data/mail/%Ld/%Ln/Maildir/,=mail=maildir:/data/mail/%Ld/%Ln/Maildir/
It was that simple. I hope it helps someone in the future.
Best regards
Logo Mynet
*Michele Giacomoli*
Reparto IT
32.000 km di fibra ottica nel nord Italia al servizio delle aziende
*www.mynet.it* <https://www.mynet.it/> - *www.vogliadifibra.it* <https://www.vogliadifibra.it/>
Il 27/08/24 13:33, Michele Giacomoli via dovecot ha scritto:
Good morning everyone. I am configuring dovecot with ldap and solr as fts plugins. The LDAP configuration works correctly and users can log in both via the userPrincipalName attribute and via mail. In this configuration the LDAP realm and the email domain differ, and on the server the LDAP realm domain is privileged. This means that the mail dir is located in ./ldap_realm/username and in the same way postfix delivers the emails to dovecot using username@ldap_realm as envelope recipient. Consequently the emails are indexed on solr using "username@ldap_realm" as user key. However if I log in in imap using the email address as username and try to do some searches dovecot sends a select to solr using the email address as key and not the ldap user, and consequently I do not get any results from the search. So my question is: is it possible to configure dovecot to force queries to solr so that "username@ldap_realm" is always used as the key even when logging in via email?
Dovecot version is: 2.3.7.2
Solr version: 7.2.1
Ldap configuration:
[...] user_filter = (&(|(userPrincipalName=%u)(mail=%u))(objectClass=person)(!(userAccountControl=514))(memberOf=cn=Mail,ou=Groups,dc=example,dc=org)) pass_filter = (&(|(userPrincipalName=%u)(mail=%u))(objectClass=person)(!(userAccountControl=514))(memberOf=cn=Mail,ou=Groups,dc=example,dc=org)) pass_attrs = userPassword=password user_attrs = =home=/data/mail/%Ld/%Ln/Maildir/,=mail=maildir:/data/mail/%Ld/%Ln/Maildir/
Solr configuration:
plugin { fts = solr fts_solr = url=http://solr_host:8983/solr/dovecot/ fts_autoindex=yes }
Best regards
participants (1)
-
Michele Giacomoli