Escape comma in the LDAP passdb subquery configuration

Francesco Fiore francesco.fiore at babel.it
Wed Sep 10 08:37:06 UTC 2014 

Hi,

On 10/09/2014 08:07, Jogi Hofmüller wrote:
> Hi,
>
> Am 2014-09-01 15:27, schrieb Francesco Fiore:
>
>> pass_attrs =
>> @mail=mail=%{login_user},dc=%{login_domain},dc=example,dc=com,\
>>             =proxy=y,\
>>             =host=%{ldap:mailHost at mail}
>>
>> In the previous example, the problem is the use of ","  for DN
>> representation, which is also the separator for the attribute template
> I see.  Have you tried using a different filter instead of dynamic
> arguments in pass_attrs?
I tried but in this case the passdb is configured to use master 
authentication and in this infrastructure there is an N*M association 
between users and mailboxes.
This association is implemented in the back-end instances using the user 
entries to do authentication, and the mailbox entries to get the 
attributes in the userdb.
In the user entries there is a custom attribute.
For example:

dn: uid=myuser,ou=People,dc=example,dc=com
...
uid: myuser
associatedMailbox: mymbox at example.com
userPassword: **********

dn: mail=mymbox at example.com,ou=Mailboxes,dc=example,dc=com
...
mail: mymbox at example.com
mailHost: 192.168.0.1
homeDirectory: /path/to/homedir

In the configuration of the back-end instance I use different filters to 
get different LDAP entries in the passdb (user entries) and userdb 
(mailbox entries).
The problem is in the proxy configuration because Dovecot must execute a 
LDAP bind with the user entry but it needs to get also the mailHost 
attribute in the mailbox entry to connect to the correct back-end server.
The complete passdb configuration is:

pass_attrs =@mail=mail=%{login_user},dc=%{login_domain},dc=example,dc=com,\
            =proxy=y,\
            =host=%{ldap:mailHost at mail}
pass_filter = (&(uid=%{user})(associatedMailbox=%{login_user}))


I'm thinking to implement this authentication using an external auth 
daemon and configure Dovecot tu use an auth-dict, but I would avoid to 
execute an independent daemon. Can I configure Dovecot to spawn an 
external process?
Is this a valid solution for your experience?
>
> Cheers,
Regars

More information about the dovecot mailing list