[Dovecot] LDAP auth improvements
Timo Sirainen
tss at iki.fi
Thu Feb 2 15:54:24 EET 2012
v2.1 supports now multiple LDAP fields in a template e.g.:
user_attrs = \
homeDirectory=home, \
uidNumber=uid, \
gidNumber=gid, \
=mail=%{ldap:mailboxFormat}:%{ldap:homeDirectory}
which is the same as:
user_attrs = \
=home=%{ldap:homeDirectory}, \
=uid=%{ldap:uidNumber}, \
=gid=%{ldap:gidNumber}, \
=mail=%{ldap:mailboxFormat}:%{ldap:homeDirectory}
I was also thinking about adding an alternative simplified syntax for
this:
user_attrs {
home = %{ldap:homeDirectory}
uid = %{ldap:uidNumber}
gid = %{ldap:gidNumber}
mail = %{ldap:mailboxFormat}:%{ldap:homeDirectory}
}
Any ideas for further improvements before I do this change?
One thing I'm still wondering about is what I should do when LDAP
returns multiple values. Like perhaps:
acl_groups = %{ldap:aclGroups:,}
Which would mean that all the aclGroups values would be joined together
separated by "," characters. And a bit more complex with multiple
gidNumbers:
gid = %{ldap:gidNumber[0]}
mail_access_groups = %{ldap:gidNumber[1:]:,}
More information about the dovecot
mailing list