[Dovecot] Please clarify one point for me on director userdb (Was: Configuration advice needed.)

Jan-Frode Myklebust janfrode at tanso.net
Mon Jun 3 21:40:47 EEST 2013

On Mon, Jun 03, 2013 at 03:47:08PM +0200, Olivier Girard wrote:
> I'm trying to finish my dovecot setup but things are unclear for me.
> I want director proxying mapping to same server for LMTP and POP/IMAP
> connections. My authdb is LDAP and LMTP user are queried with mail
> adress (ldap mail attribute) while IMAP/POP users are identified
> with uid (ldap uid attribute) wich is completly different.
> So i end up defining my ldap querys mapping ldap mail attribute to user
> in *_attrs (best choice for future use than uid for our setup) with this
> configuration in dovecot-ldap.conf.ext:
> uris = ldap://ldap.uang
> dn = cn=acces-smtp, ou=access, dc=univ-angers, dc=fr
> dnpass = *********
> base = ou=people, dc=univ-angers, dc=fr
> user_attrs = mail=user,homeDirectory=home
> user_filter = (&(|(uid=%u) (mail=%u) (auaAliasEmail=%u))(|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant)))
> pass_attrs = mail=user,userPassword=password
> pass_filter = (&(|(uid=%u) (mail=%u) (auaAliasEmail=%u)) (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant)))
> iterate_attrs = mail=user
> iterate_filter = (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant))
> default_pass_scheme = MD5-CRYPT
> Is it the correct method, or do i miss something?

It's a bit hard to tell what's unclear to you. This all looks perfectly
fine to me. I run a similar configuration, except:

	- I don't have any ldap config on the directors, just a static

		passdb {
  			args = proxy=y nopassword=y
  			driver = static

	- I use auth binds, instead having dovecot do the
	  authentication. IMHO that's better, since then there's no
	  easy way to extract all the hashes from the dovecot side.

		auth_bind = yes
		auth_bind_userdn = uid=%n,ou=people,o=%d,o=ISP,o=example,c=NO

	- I haven't configured any
	  iterate_attrs/iterate_filter/pass_attrs/iterate_filter or
	  default_pass_scheme. Have too many users to ever want to 
	  iterate over them all :-)


More information about the dovecot mailing list