[Dovecot] Director and forwarding LDAP user as Master user

Timo Sirainen tss at iki.fi
Fri Jan 4 05:53:33 EET 2013 

On 20.12.2012, at 4.11, Alexandr Sabitov <alexandr.sabitov at netregistry.com.au> wrote:

> Hello guys,
> 
> Would you be able to help me with this little issue. I bet someone has the same config so if you can copy-paste it I will very appreciate it.
> So main idea is to enable Dovecot director to authenticate a LDAP user with plain or encrypted password and  send the user  to back-end Dovecot server after the authentication.
> According to Wiki it is only possible if we use the master user to communicate to the back-end server.

If you use auth_bind=yes this doesn't work. If you don't, this should work:

> On the back-end Dovecot server it is working fine, I can log in as normal user/user_password or as user*masteruser/master_password. The back-end config is:
> 
> auth_master_user_separator = *
> passdb {
>  driver = passwd-file
>  args = /usr/local/dovecot/etc/dovecot/passwd.masterusers
>  master = yes
>  pass = yes
> }
> 
> passdb {
>  driver = ldap
>  args = /usr/local/dovecot/etc/dovecot/dovecot-ldap.conf.ext
> }
> 
> userdb {
>  driver = ldap
>  args = /usr/local/dovecot/etc/dovecot/dovecot-ldap.conf.ext
> }

The above looks ok. "pass = yes" is the important part, so simply adding this should work:

> Now  front-end:  how to get director forward the user to the back-end after authentication on the director? With my director config the user stays on the director all the time:
> 
> passdb {
>  driver = static
>  args = proxy=y master=masteruser pass=master_password destuser=%u*masteruser

  pass = yes

> }
> 
> passdb {
>  driver = ldap
>  args = /usr/local/dovecot/etc/dovecot/dovecot-ldap.conf.ext
> }
> 
> userdb {
>  driver = ldap
>  args = /usr/local/dovecot/etc/dovecot/dovecot-ldap.conf.ext
> }
> 
> The only way to forward the user is to setup nopassword=y in args of static passdb but in that case the user will be authenticated on the backend but not on the director...
> What do I missing ? Please help me
> 
> Best Regards,
> Alexandr Sabitov

More information about the dovecot mailing list