[Dovecot] Prefetch help

Timo Sirainen tss at iki.fi
Fri Dec 12 02:08:16 EET 2008


On Tue, 2008-12-09 at 14:44 -0600, Romer Ventura wrote:
> Hello,
> 
>     I am trying to use userdb prefetch so that I don't do an extra LDAP
> lookup and I am having some problems:
> 
> Here is my dovecot-ldap.conf
> # cat /etc/dovecot/dovecot-ldap.conf
> hosts = 192.168.50.30 192.168.50.31
> base = ou=HST-Users,dc=h-st,dc=com
> ldap_version = 3
> auth_bind = yes

Auth binding is currently doing one lookup to get the DN for the user.
If your DN fits to a template, you could set auth_bind_userdn setting to
avoid the initial lookup. That way you would get the same result as with
prefetch: two LDAP lookups.

> dn = cn=ldap,cn=Users,dc=h-st,dc=com
> dnpass = <PASSWORD>
> user_attrs = 
> sAMAccountName=mail=maildir:/home/vmail/%Ud/%Ln/Maildir/,=gid=1000,=uid=1001
> user_filter = (&(objectClass=person)(mail=%u))
> #pass_attrs = 
> sAMAccountName=mail=maildir:/home/vmail/%Ud/%Ln/Maildir/,=gid=1000,=uid=1001
> pass_filter = (&(objectClass=person)(mail=%u))

So, if you don't set auth_bind_userdn, you can set pass_attrs to contain
all the same things as user_attrs, except with userdb_ prefix:

pass_attrs = sAMAccountName=userdb_mail=maildir:/home/vmail/%Ud/%Ln/Maildir/,=userdb_gid=1000,=userdb_uid=1001

Although instead of setting uid/gid in the pass/user_attrs, you could
just set mail_uid and mail_gid settings in dovecot.conf.

For dovecot.conf then use:

passdb ldap {
 ..
}
userdb prefetch {
}
userdb ldap {
 ..
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081212/302a5fc7/attachment.bin 


More information about the dovecot mailing list