Dovecot LDAP using custom field to allow users to connect
Hi all,
I'd like to know if it's possible to add a custom field when the authentification is made by users.
My boolean custom field will be for example "AllowUser" (false/true).
I'm trying to do something like that but it's not working :
/user_filter = (&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/
This is my dovecot/ldap configuration below :
/*# dovecot.conf* / /passdb {// // driver = ldap// // args = /etc/dovecot/dovecot-ldap.conf// //}/
*# dovecot-ldap.conf*
/hosts = myurl:myport// //dn = cn=myuser,dc=mydomain,dc=com// //dnpass = ********// //a//uth_bind = yes// //auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com// //ldap_version = 3// //base = ou=Users,dc=mydomain,dc=com// //scope = base// //default_pass_scheme = SSHA512 / Do you have an idead ?
Kind regards.
-- Michael
Hi Michael,
We do exactly that see example below:
user_filter = (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u))) pass_filter = (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)))
Does it work without the AllowUser section of the search? Do you get any records back when you do a ldapsearch with your user_filter search?
Best Regards
Martin
On 2017-06-07 09:48, Michael JOIGNY wrote:
Hi all,
I'd like to know if it's possible to add a custom field when the authentification is made by users.
My boolean custom field will be for example "AllowUser" (false/true).
I'm trying to do something like that but it's not working :
/user_filter = (&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/
This is my dovecot/ldap configuration below :
/*# dovecot.conf* / /passdb {// // driver = ldap// // args = /etc/dovecot/dovecot-ldap.conf// //}/
*# dovecot-ldap.conf*
/hosts = myurl:myport// //dn = cn=myuser,dc=mydomain,dc=com// //dnpass = ********// //a//uth_bind = yes// //auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com// //ldap_version = 3// //base = ou=Users,dc=mydomain,dc=com// //scope = base// //default_pass_scheme = SSHA512 / Do you have an idead ?
Kind regards.
-- Michael
Hi Michael,
Just noticed you are using auth_bind_userdn which we don't. I think you may need to use pass_filter rather than user_filter??
Best Regards
Martin
On 2017-06-07 10:59, Martin Wheldon wrote:
Hi Michael,
We do exactly that see example below:
user_filter = (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u))) pass_filter = (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)))
Does it work without the AllowUser section of the search? Do you get any records back when you do a ldapsearch with your user_filter search?
Best Regards
Martin
On 2017-06-07 09:48, Michael JOIGNY wrote:
Hi all,
I'd like to know if it's possible to add a custom field when the authentification is made by users.
My boolean custom field will be for example "AllowUser" (false/true).
I'm trying to do something like that but it's not working :
/user_filter = (&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/
This is my dovecot/ldap configuration below :
/*# dovecot.conf* / /passdb {// // driver = ldap// // args = /etc/dovecot/dovecot-ldap.conf// //}/
*# dovecot-ldap.conf*
/hosts = myurl:myport// //dn = cn=myuser,dc=mydomain,dc=com// //dnpass = ********// //a//uth_bind = yes// //auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com// //ldap_version = 3// //base = ou=Users,dc=mydomain,dc=com// //scope = base// //default_pass_scheme = SSHA512 / Do you have an idead ?
Kind regards.
-- Michael
Hi Martin,
Thanks for your reply, it's works now !!!
Have a good WE.
Best Regards.
Le 07/06/2017 à 13:14, Martin Wheldon a écrit :
Hi Michael,
Just noticed you are using auth_bind_userdn which we don't. I think you may need to use pass_filter rather than user_filter??
Best Regards
Martin
On 2017-06-07 10:59, Martin Wheldon wrote:
Hi Michael,
We do exactly that see example below:
user_filter = (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u)))
pass_filter = (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)))
Does it work without the AllowUser section of the search? Do you get any records back when you do a ldapsearch with your user_filter search?
Best Regards
Martin
On 2017-06-07 09:48, Michael JOIGNY wrote:
Hi all,
I'd like to know if it's possible to add a custom field when the authentification is made by users.
My boolean custom field will be for example "AllowUser" (false/true).
I'm trying to do something like that but it's not working :
/user_filter = (&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/
This is my dovecot/ldap configuration below :
/*# dovecot.conf* / /passdb {// // driver = ldap// // args = /etc/dovecot/dovecot-ldap.conf// //}/
*# dovecot-ldap.conf*
/hosts = myurl:myport// //dn = cn=myuser,dc=mydomain,dc=com// //dnpass = ********// //a//uth_bind = yes// //auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com// //ldap_version = 3// //base = ou=Users,dc=mydomain,dc=com// //scope = base// //default_pass_scheme = SSHA512 / Do you have an idead ?
Kind regards.
-- Michael
--
participants (2)
-
Martin Wheldon
-
Michael JOIGNY