Iteration base for LDAP

Taso N. Devetzis devetzis+dovecot at tarc.net
Tue Oct 18 23:26:02 UTC 2016


Greetings,

The iteration machinery uses the LDAP search base set with the "base"
directive (typically from dovecot-ldap.conf.ext); the same base used
during nominal operations (e.g., passdb/userdb searches).  Consider a
directory:

dc=ROOT
|_ dc=foo,dc=com,dc=ROOT	(foo.com subtree)
|_ dc=bar,dc=net,dc=ROOT	(bar.net subtree)

A search base setting appropriate for mail operations might be:

base = dc=%Dd,dc=ROOT	# e.g. dc=foo,dc=com,dc=ROOT for user at foo.com

This fails when iterating, as the variable substitution is meaningless
in this context (and even a static subtree search base would only cover
a portion of the overall directory during iterative searches).  Setting
the base to "dc=ROOT" obviously solves the issue at the expense of
searching the entire directory for all operations.  This is less than
optimal.

I could not find a way to override this setting at runtime via a doveadm
option or similar.  Ideally, a separate "iterate_base" setting would
solve this issue.

Any other solutions?

Thanks,
/taso


More information about the dovecot mailing list