[Dovecot] LDAP as password database - some problems / suggestions
palme at kapott.org
Thu Feb 18 10:19:12 EET 2010
Using dovecot-1.2.6, I use dovecot with an LDAP backend for user
authentication. In general this works ok, but I have some issues
In LDAP, I have users like this:
When authenticating users, I explicitely want to use the
AUTH_BIND feature (and NOT lookup passwords).
My problem: not ALL users from the LDAP system should be allowed to
use the IMAP server. Currently, I have defined an auth_bind_userdn
of "cn=%u,ou=users,dc=kapott,dc=org" in dovecot-ldap.conf, but with
this, user1 AND user2 could login (but I don't want user2 to be able
to use dovecot).
Because the LDAP system is used in a larger environment, it is NOT
possible to re-arrange the users like this:
So my question: are there any plans to support group-based LDAP
authentication? For several other application, I have something
So I can define groups of user accounts - one group per application.
A nice solution for this in dovecot would be, if I could "mix" password
lookup and authentication bind: First, a search query should be used
to find a valid DN to bind as. In my case, the search query could look
After finding a DN this way (via attribute "member"), I want to use
auth_bind to use this DN for password verification...
Any hints how to solve this? Any plans to support this in the future?
Thanks and regards
More information about the dovecot