[Dovecot] how to separate virtual delivery and authentication?
Steffen Kaiser
skdovecot at smail.inf.fh-brs.de
Tue Jan 7 15:01:15 EET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 7 Jan 2014, Mihai Badici wrote:
>> IMHO, exactly that works with the maildrop LDAP attribute. You enumerate
>> all mail addresses into maildrop. Use maildrop in userdb filter only. If
>> you like to use "uid" on command line of doveadm, you need to add the uid
>> to maildrop as well, otherwise have the passdb return another username,
>> e.g. the "mail" LDAP attribute to convert the uid into mail adress.
>
> This is also a workaround, adding uid to maildrop. Think at, for example,
> using Active Directory with dovecot ( I do not recommend that :) )
I don't know what that means. I wouldn't name it workaround.
> I wonder if I could use only passdb filter for authentication (and let userdb
> for delivery) , this could be far better.But I think this is a design issue.
Remember: passdb is for authentificating users; userdb is for getting user
information. When an user auth's for IMAP, passdb verifies the password
and probably overrides the username, in the second step the userdb is
queried for the user data. If you use prefetch userdb and provide
different passdb and userdb queries, I would not expect a clean run.
Maybe, it's better you give a detailed example, which makes your idea more
visible.
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUsv6nF3r2wJMiz2NAQI5NwgApS5GzJh+0Ywg8WIsVKqzK/B6LJxLBH8B
WlnfxBo4Vc6+7j3CdgiIPVPxRXHKCgp0N8uNcafbYTAXjkV5kemhrBD2XqTeFeYC
Osg1QjQOhuAHB/G/WSSLB1vRaOy/G1gFN/Y4ZWijabBTIJ1hi9VArraE1JPNzR+u
MxoRMJneX5nU5dTbvKs3+YErs54jZubeobctsLpr/JpK6erFUaRcccNvmD/ZGJTc
rLErV8GojSbayWExYItwDVlxolbXC4d9ZLA64AMHUqpdyULWP4N9WlyhcCXtJ1zz
wgvZEzlcoGw7aaq4EPfmrMyFiRNM702KWsa8Ut8w6iSYc38R7M6SOA==
=UU93
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list