[Dovecot] Using LDAP for Dovecot extra/regular fields

Jack Stewart jstewart at caltech.edu
Sun Mar 8 21:38:33 EET 2009


Hi,

We're moving to a dovecot proxy / server configuration in order to make 
sure that a users go to a specific server.

If someone has used these LDAP for this, there are a few things that I 
wish to verify.

   Dovecot does not verify that type of the LDAP attribute, only that 
the returned value works.

   If a boolean is used for a yes/no field, then FALSE sets the field to 
no and TRUE sets the field to yes.

   If a multivalue attribute is used for a single value field, the last 
returned value for the LDAP lookup is used in that field (i.e. host will 
use the last value).

   If a string attribute is returned for a yes/no field and has any 
value, then the associated field is set to true.

   There is no automatic failover with the host field so if the remote 
host is down, the IMAP connection no longer works.

I'm fairly sure of all of these except for the boolean.

Now this is just due diligence. I don't know that turning on/off or 
switching LDAP attributes is the right way to go to handle failover but 
it might work for phased rollout.

My feeling is the best configuration will be using a secondary IP 
address that has to be manually turned on for a host after a reboot or 
shutdown. This creates a poor mans "fencing". The secondary can either 
be brought up on another host or handled via a load balance with 
DSR/backup server.

As a practical matter, it is probably worth setting sensible attributes 
for each field (i.e. numeric for host, boolean for proxy/proxy_maybe 
etc). Any interest in registering an LDAP object class for dovecot?

---Jack



More information about the dovecot mailing list