[Dovecot] ldap auth (with user and domain a different places)

[Peter Clark]

On Monday 10 January 2005 11:10, Timo Boettcher wrote:
> The user uid=user,dc=domain.tld,o=myorganization would have the
> following attributes (and no more than that):
> objectclass=top
> objectclass=mailuser
> uid=user
> cn=Joe
> sn=User
> userpassword=theuserscryptedpassword
> clearpassword=acleartextpassword
> mailmessagestore=/var/mail/domain.tld/user
>
> > user_filter = (&(uid=%n)(dc=%d))
> > pass_filter = (&(uid=%n)(dc=%d))
>
> But that would only work, if dc was an attribute of my user (which it
> is not), wouldn't it?
    Yes, that would probably have to be the case. Theoretically, this kind of 
problem could be solved by being more specific in your base dn (specifying 
"base = dc=domain.tld, o=myorganization" but I don't think that Dovecot 
allows things like %d in the "base" option of dovecot-ldap.conf, so you 
couldn't have "base = dc=%d, o=myorganization". (Someone correct me if I'm 
wrong.)
    However, it looks like you are using a custom schema. The easiest way 
would just be to edit the schema and add an attribute for the user's full 
email and be done with it. If the mountain will not come to Mohammed, 
Mohammed will go to the mountain. Or something like that.
    Or (just noticed this before I was about to send), you could search for 
the domain in the mailmessagestore attribute if you're really set on things 
as the way they are. In which case you might be able to do this:

user_filter = (&(uid=%n)(mailmessagestore=*%d*))
pass_filter = (&(uid=%n)(mailmessagestore=*%d*))

Note that I haven't tried it, so I don't know if Dovecot will handle having 
the %d between two wildcards. Try it and find out.
    :Peter