[Dovecot] multiple users to same e-mail account with ldap authentication

Robert Schetterer rs at sys4.de
Tue Nov 13 17:15:15 EET 2012


Am 13.11.2012 14:56, schrieb Marco Gatti:
> 2012/11/13 Robert Schetterer <rs at sys4.de>:
>> Am 13.11.2012 11:35, schrieb Marco Gatti:
>>> Hi, I was looking for a particular case of dovecot configuration I
>>> cannot find anywhere.
>>> Is there a way dovecot can authenticate via ldap different windows
>>> 2008 AD users that have access to the same e-mail account (like user
>>> authorization in ms exchange)?
>>> For example I want to extend AD schema to let users have 10 email
>>> accounts (with multiple domain support). If they are private accounts
>>> I think there is no problem at all. But if I want two or more users to
>>> access the same mail account what happens? Can I do it with dovecot?
>>> Or should I create AD groups and add members to that, to let user
>>> access the same mail account?
>>> Cheers
>>>
>>
>> there may  more ways to goal this, for short looking one, way is
>> described here
>>
>> http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm
>>
>> using ldap might be better
>>
>> look i.e
>>
>> http://blog.al-shami.net/2008/05/freebsd-postfix-dovecot-and-active-directory/
>> http://www.howtoforge.com/postfix-dovecot-authentication-against-active-directory-on-centos-5.x
>>
>>
>> for ideas
>>
>> Best Regards
>> MfG Robert Schetterer
>>
>> --
>> [*] sys4 AG
>>
>> http://sys4.de, +49 (89) 30 90 46 64
>> Franziskanerstraße 15, 81669 München
>>
>> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
>> Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
>> Aufsichtsratsvorsitzender: Joerg Heidrich
> 
> 
> Thank you Robert for the quick reply.
> I'm aware of the links you sent me, however they don't give me a clue
> if what I was asking may me done.
> I'll try to give more details.
> I have to build a multiple domain mail server with the use of windows
> AD authentication.
> I've managed to add some extra filed in the AD schema like this:
> 
> mail1: account1 at example1.com
> box1: /example1.com/account1/
> enabled1: TRUE
> quota1: 1000000
> 
> mail2: account2 at example2.com
> box2: /example2.com/account2/
> enabled2: TRUE
> quota2: 1000000
> 
> There could be 10 or 50 of them for each AD user.
> If I use NTLM or PAM authentication (after joining the AD) I have to
> use AD usernames to login with dovecot and I don't know how then to
> deal with different email addresses configured per user.
> If I use LDAP lookup I have to use the email address as username but
> then if different AD users have to access the same email account how
> dovecot can manage it???
> For example the LDAP configuration for user and password lookup may be
> something like this:
> 
> user_attrs = sAMAccountName=mail=maildir:/var/mail/%d/%n,=uid=102,=gid=10050
> user_filter = (&(objectClass=person)(|(&(mail1=%u)(enabled1=TRUE))
> (&(mail2=%u)(enabled2=TRUE))))
> pass_attrs = userPassword=password
> pass_filter = (&(objectClass=person)(|(&(mail1=%u)(enabled1=TRUE))
> (&(mail2=%u)(enabled2=TRUE))))
> 
> I think I may be missing something important in how dovecot works, but
> cannot find any documentation about it.
> Regards
> 

hm thats complex, however i would not
recommand trying change exchange/active dir schemas
however the only reason i can think of for what you want is using
dovecot as proxy?

so what about this ?

http://wiki2.dovecot.org/HowTo/ImapcProxy
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy
http://wiki2.dovecot.org/Director



Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich



More information about the dovecot mailing list