[Dovecot] LDAP auth improvements

Timo Sirainen tss at iki.fi
Thu Feb 2 15:54:24 EET 2012


v2.1 supports now multiple LDAP fields in a template e.g.:

user_attrs = \
  homeDirectory=home, \
  uidNumber=uid, \
  gidNumber=gid, \
  =mail=%{ldap:mailboxFormat}:%{ldap:homeDirectory}

which is the same as:

user_attrs = \
  =home=%{ldap:homeDirectory}, \
  =uid=%{ldap:uidNumber}, \
  =gid=%{ldap:gidNumber}, \
  =mail=%{ldap:mailboxFormat}:%{ldap:homeDirectory}

I was also thinking about adding an alternative simplified syntax for
this:

user_attrs {
  home = %{ldap:homeDirectory}
  uid = %{ldap:uidNumber}
  gid = %{ldap:gidNumber}
  mail = %{ldap:mailboxFormat}:%{ldap:homeDirectory}
}

Any ideas for further improvements before I do this change?

One thing I'm still wondering about is what I should do when LDAP
returns multiple values. Like perhaps:

  acl_groups = %{ldap:aclGroups:,}

Which would mean that all the aclGroups values would be joined together
separated by "," characters. And a bit more complex with multiple
gidNumbers:

  gid = %{ldap:gidNumber[0]}
  mail_access_groups = %{ldap:gidNumber[1:]:,}






More information about the dovecot mailing list