Re: Dovecot - Microsoft Azure AD
Hi!
Dovecot supports Lua userdb, which can be used to implement custom user databases, maybe this might work for you? See https://doc.dovecot.org/configuration_manual/authentication/lua_based_authen... for more details.
Aki
On 15/08/2019 12:16 Lennart Boettcher <lennart.boettcher@secpoint.onmicrosoft.com> wrote:
Hello,
Thank you for the quick reply.
I have expressed myself wrongly. Our idea was to use the Azure-AD as userdb by doing the user lookup with the help of Microsoft's Graph API. OAuth2 would then of course only be the authorization procedure to access the user accounts using the Graph API.
One would then implement a graph-userdb and no oauth-userdb. OAuth is, as you correctly mentioned, only an authorization mechanism.
Here is a link to the GraphAPI: https://docs.microsoft.com/de-de/graph/api/overview?view=graph-rest-1.0
And here is another link to the Graph Explorer, with which you can see how the GraphAPI works: https://developer.microsoft.com/en-us/graph/graph-explorer
We already use this procedure for the passdb lookup and it works very well.
Greetings
Lennart Boettcher
From: Aki Tuomi <aki.tuomi@open-xchange.com> Sent: 14 August 2019 14:57 To: Lennart Boettcher <lennart.boettcher@secpoint.onmicrosoft.com>; Lennart Boettcher via dovecot <dovecot@dovecot.org> Subject: Re: Dovecot - Microsoft Azure AD
On 14/08/2019 15:36 Lennart Boettcher via dovecot <dovecot@dovecot.org> wrote:
Hello,
I am currently trying to connect my Dovecot mail server to Microsoft's Azure-AD and use it as password and user database. I am using version 2.3.7.1.
Using the Azure-AD as passdb already works. In this context I noticed that the scope implementation is not yet merged.
Since I haven't found any hints for an OAuth2 userdb implementation yet, I wanted to ask if there are any plans for an implementation.
Greetings
Lennart Boettcher
Dovecot 2.3 supports oauth2. I don't know how "oauth2 user database" would work, since oauth2 is an authentication mechanism. I suggest you use LDAP or static userdb, or set mail_* settings for user settings.
Aki
participants (1)
-
Aki Tuomi