[Dovecot] ldap auth (with user and domain a different places)

[Timo Boettcher]

Hi Peter,

Thanks for your answer.

* Peter Clark <peter-clark at bethel.edu>, Monday, January 10, 2005, 5:06:55 AM:

> On Monday 10 January 2005 04:21, Timo Boettcher wrote:
>>    I am trying to use dovecot with my virtual-hosting setup. I have
>>    all users in LDAP like
>>    uid=user,dc=domain.tld,o=myorganization for
>>    the user with the mail-address user at domain.tld. This is also the
>>    username that user should use for login, but it is nowhere in the
>>    ldap-db in this form together, just user and domain at their own
>>    places. Is it possible to authenticate with dovecot against such an
>>    ldap-directory?

> If you don't have multiple domains, you could just authenticate the user
> using %n. E.g., in dovecot-ldap.conf:
I have multiple domains.

> If you do have multiple domains, it's not that more complicated:
It looks like

o=myorganization
  + dc=somedomain.tld
  + dc=someotherdomain.tld
  |   + uid=someuser
  |   + uid=someotheruser
  |    \uid=user
   \dc=domain.tld
      + uid=someuser
      + uid=someotheruser
       \uid=user

The user uid=user,dc=domain.tld,o=myorganization would have the
following attributes (and no more than that):
objectclass=top
objectclass=mailuser
uid=user
cn=Joe
sn=User
userpassword=theuserscryptedpassword
clearpassword=acleartextpassword
mailmessagestore=/var/mail/domain.tld/user

> user_filter = (&(uid=%n)(dc=%d))
> pass_filter = (&(uid=%n)(dc=%d))
But that would only work, if dc was an attribute of my user (which it
is not), wouldn't it?



 Timo