Two domains - same user names filter

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 2 Jun 2017, Sandbox wrote:

> On Fri, 2 Jun 2017, Sandbox wrote:
>
> I have two LDAP domains, which has some equal users, eg:
>>
>> abc at domain1.com
>> abc at domain2.com
>>
>> This works fine except one thing: i cant set up the ldap query to choose
>> the correct maildir if the user names are equal.
>>
>
> | Well the most problem is that you have two LDAP servers with different
> content.
>
> Unfortunately i cant do anything with this. :S
>
>
> Is it possible to use a user_filter which will choose the correct maildir
>> and user/domain from the email address?
>>
>> My current ldap.conf for domain1:
>>
>> hosts = ldap.domain1.com
>> base = ou=People,dc=domain1,dc=com
>> ldap_version = 3
>> user_attrs = uid=user
>> user_filter = (uid=%n)
>> pass_attrs = uid=user,userPassword=password
>> pass_filter = (uid=%n)
>> default_pass_scheme = MD5
>>
>> and for domain2:
>> hosts = ldap.domain2.com
>> base = ou=People,dc=domain2,dc=com
>> ldap_version = 3
>> user_attrs = \
>>    =mail=maildir:/home/vmail/%{ldap:departmentNumber)/%n/Maildir
>> user_filter = (uid=%n)
>> pass_attrs = uid=%n,userPassword=password
>> pass_filter = (uid=%n)
>> default_pass_scheme = MD5
>>
>
> | you have one LDAP conf per domain and two userdb's, right?
>
> Nop, I have two ldap.conf files, one for domain1 and one for domain2 and
> two userdb setting in dovecot.conf for each ldap.conf files.
>
>  | Can you make use of ${domain} in one of the LDAP servers, is the domain
> present in the user entries?
>
> Uhm, what do you mean? "Can you make use of ${domain} in one of the LDAP
> servers"?
> Only the mail address and the departmentNumber contains the domain in the
> user entries, to be clear, the first domain's (this is the "old" one) user
> entries does not contain any departmentNumber data so those e-mails are
> going to the current /home/vmail/user/maildir directory, the second domain
> (which is the "new" one) contains the departmentnumber data, so those
> emails are going to the /home/vmail/domain2.com/user/maildir directory.
> The main problem that I have the same usernames in both domains, thats why
> i cant use only one domain.
> Actually i have one ldap server with two domains configured.
> Just thinking about the problem, is that not possible to fill up a not used
> LDAP record eg: labeledURI with the user's second e-mail address? So in the
> ldap.conf i have to use a filter which can decide which e-mail address is
> used -> where to store the mail.
> Or, use two mail record.
> Both requires e-mail address filtering where i have to use the domain part
> as a decision parameter....what do you think?

Then use

(&(uid=%n)(mail=*@%{domain}))

or something similar.

However, I don't know, whether %{domain} is populated in your config.
Did you checked out Aki's answer. If that works as described, 
username_format would make it easier.

>
> 2017-06-02 10:13 GMT+02:00 Steffen Kaiser <skdovecot at smail.inf.fh-brs.de>:

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBWTFYqHz1H7kL/d9rAQJ41AgAmyu8Uw+BQCmSQ7PHlFUIh/YO8IQy10Sv
WzgorCAqtyL3KBU48tE1lUyQT58NV4QR7SGEbFxsSN1WQXzFTsc43kLfGvmk7/WQ
bAtvqZaw0uiiPrt2p69e4jfd7GR7NIgM8UP2IM74anmLRzx/uMTBH3MyufChb6gW
EDXjn/rTNlm0FaUYGL6JZuyQMZb8YubHVtl1BXMvdULXgewdmCv9UqodUBKVDlDG
f8RwUzAjTiITFINC+4RGBwJKVK8J4MxA4BUs9yZomMXd6384JYogCACmvuK4Je13
5BwTfxT97NER3LIxsLeTZPA6SHq89IlDS3HD/wqW5wMgDzp+BWlOiQ==
=mipf
-----END PGP SIGNATURE-----