ldap passdb, userdb imap auth sasl and lmtp
Hi!
I'm trying to setup dovecot 2.3.17 such that it authenticates users against a samba4 ad dc when they connect through imap. I would also need dovecot to authenticate the same users through sasl so that postfix can relay mails based on the user's auth and finally I would also need for an lmtp service that maps email addresses into AD users.
I've been tinkering with dovecot-ldap.conf.ext using auth_bind = yes and no, with all sorts of pass_filters, user_filter, pass_attr and user_attr and I just can't figure out how it works.
I assume that for the auth part (both imap and sasl) I would rather benefit with using auth_bind = yes and auth_bind_userdn = %u and I seem to be able to authenticate the user but I can't get the passdb to prefetch the userdb attributes. I also assume that for lmtp to be able to fetch the ad information it would be necessary for dovecot to be able to bind to the ad ldap server with a "service account" to be able to query the ldap server and I haven't been able to figure out how to have both kinds of auth schemas.
Does anyone know of some documentation that could clarify some of this issues, I have been searching the web for days to no avail.
I'm sorry I can't show what I have tried for I have tried so many things with more or less the same lack of success that I wouldn't know where to start.
Thanks in advance. Best regards, Dave.
Good morning,
OK (If I am wrong someone please update this!)
Trying to run multiple auth schemes when sasl is avaliable etc is overkill
Next trying to auth via AD (this is mainly another mess windows made) is also impractible, sasl was invented as an auth layer in the first place to then provide various auth mech's to a backend (ldap, mysql, pgsql, local etc etc etc)
if you have sasl running for postfix, use that for dovecot or at the very least setup dovecot to read the database you have running sasl layer directly (what I am doing)
if you are running different users & passwords in different setups then you will have to update sasl to have the same auth info in it anyways for postfix to work thus making AD and whatever else not needed ?
Again just my opinion without more detail but AD was never designed (to my knowledge) to auth users for user@domain ?
AD was maily designed for domains & users across multiple network servers (ie one login to auth multiple servers?)
FYI
Have A Happy Tuesday !!!
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Scom.ca Internet Services <http://www.scom.ca> 004-1009 Byron Street South Whitby, Ontario - Canada L1N 4S3
Toronto 416.642.7266 Main 1.866.411.7266 Fax 1.888.892.7266 Email paul@scom.ca
On 11/13/2023 4:03 PM, bd730c5053df9efb via dovecot wrote:
Hi!
I'm trying to setup dovecot 2.3.17 such that it authenticates users against a samba4 ad dc when they connect through imap. I would also need dovecot to authenticate the same users through sasl so that postfix can relay mails based on the user's auth and finally I would also need for an lmtp service that maps email addresses into AD users.
I've been tinkering with dovecot-ldap.conf.ext using auth_bind = yes and no, with all sorts of pass_filters, user_filter, pass_attr and user_attr and I just can't figure out how it works.
I assume that for the auth part (both imap and sasl) I would rather benefit with using auth_bind = yes and auth_bind_userdn = %u and I seem to be able to authenticate the user but I can't get the passdb to prefetch the userdb attributes. I also assume that for lmtp to be able to fetch the ad information it would be necessary for dovecot to be able to bind to the ad ldap server with a "service account" to be able to query the ldap server and I haven't been able to figure out how to have both kinds of auth schemas.
Does anyone know of some documentation that could clarify some of this issues, I have been searching the web for days to no avail.
I'm sorry I can't show what I have tried for I have tried so many things with more or less the same lack of success that I wouldn't know where to start.
Thanks in advance. Best regards, Dave.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
participants (2)
-
bd730c5053df9efb
-
Paul Kudla