[Dovecot] multiple users to same e-mail account with ldap authentication

Marco Gatti marco.gatti at gmail.com
Tue Nov 13 15:56:46 EET 2012


2012/11/13 Robert Schetterer <rs at sys4.de>:
> Am 13.11.2012 11:35, schrieb Marco Gatti:
>> Hi, I was looking for a particular case of dovecot configuration I
>> cannot find anywhere.
>> Is there a way dovecot can authenticate via ldap different windows
>> 2008 AD users that have access to the same e-mail account (like user
>> authorization in ms exchange)?
>> For example I want to extend AD schema to let users have 10 email
>> accounts (with multiple domain support). If they are private accounts
>> I think there is no problem at all. But if I want two or more users to
>> access the same mail account what happens? Can I do it with dovecot?
>> Or should I create AD groups and add members to that, to let user
>> access the same mail account?
>> Cheers
>>
>
> there may  more ways to goal this, for short looking one, way is
> described here
>
> http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm
>
> using ldap might be better
>
> look i.e
>
> http://blog.al-shami.net/2008/05/freebsd-postfix-dovecot-and-active-directory/
> http://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x
>
>
> for ideas
>
> Best Regards
> MfG Robert Schetterer
>
> --
> [*] sys4 AG
>
> http://sys4.de, +49 (89) 30 90 46 64
> Franziskanerstraße 15, 81669 München
>
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
> Aufsichtsratsvorsitzender: Joerg Heidrich


Thank you Robert for the quick reply.
I'm aware of the links you sent me, however they don't give me a clue
if what I was asking may me done.
I'll try to give more details.
I have to build a multiple domain mail server with the use of windows
AD authentication.
I've managed to add some extra filed in the AD schema like this:

mail1: account1 at example1.com
box1: /example1.com/account1/
enabled1: TRUE
quota1: 1000000

mail2: account2 at example2.com
box2: /example2.com/account2/
enabled2: TRUE
quota2: 1000000

There could be 10 or 50 of them for each AD user.
If I use NTLM or PAM authentication (after joining the AD) I have to
use AD usernames to login with dovecot and I don't know how then to
deal with different email addresses configured per user.
If I use LDAP lookup I have to use the email address as username but
then if different AD users have to access the same email account how
dovecot can manage it???
For example the LDAP configuration for user and password lookup may be
something like this:

user_attrs = sAMAccountName=mail=maildir:/var/mail/%d/%n,=uid=102,=gid=10050
user_filter = (&(objectClass=person)(|(&(mail1=%u)(enabled1=TRUE))
(&(mail2=%u)(enabled2=TRUE))))
pass_attrs = userPassword=password
pass_filter = (&(objectClass=person)(|(&(mail1=%u)(enabled1=TRUE))
(&(mail2=%u)(enabled2=TRUE))))

I think I may be missing something important in how dovecot works, but
cannot find any documentation about it.
Regards

-- 
Marco



More information about the dovecot mailing list