[Dovecot] ldap auth (with user and domain a different places)
Timo Boettcher
spida at gmx.net
Mon Jan 10 19:28:19 EET 2005
Hi Peter,
* Peter Clark <peter-clark at bethel.edu>, Monday, January 10, 2005, 12:34:04 PM:
> On Monday 10 January 2005 11:10, Timo Boettcher wrote:
>> But that would only work, if dc was an attribute of my user (which it
>> is not), wouldn't it?
> Yes, that would probably have to be the case. Theoretically, this kind of
> problem could be solved by being more specific in your base dn (specifying
> "base = dc=domain.tld, o=myorganization" but I don't think that Dovecot
> allows things like %d in the "base" option of dovecot-ldap.conf, so you
> couldn't have "base = dc=%d, o=myorganization". (Someone correct me if I'm
> wrong.)
As I read the sourcecode, thats not possible just now. But unless I am
wrong (which I could quite possible be) the change to make this
possible would be about one line to do variable expansion on the
search-base.
> However, it looks like you are using a custom schema. The easiest way
> would just be to edit the schema and add an attribute for the user's full
> email and be done with it.
I omitted that attribute on purpose, because of the complications of
redundant and possibly conflicting data. Now the schema of my ldap-db
makes any conflicting data (like two users with the same mailaddress,
a user with a mail-address of a domain other than his own) impossible
without need for checking this in any administrative frontend. Thats
the beauty of ldap in this case. If you have a better schema, please
tell me.
> If the mountain will not come to Mohammed, Mohammed will go to the
> mountain. Or something like that.
Hm. Why drop a schema that is perfectly valid and matches the spirit
of ldap just because the ldap-software is not ldap-enabled enough to
use it?
Timo
More information about the dovecot
mailing list