Dovecot LDAP using custom field to allow users to connect
Martin Wheldon
martin.wheldon at greenhills-it.co.uk
Wed Jun 7 14:14:56 EEST 2017
Hi Michael,
Just noticed you are using auth_bind_userdn which we don't.
I think you may need to use pass_filter rather than user_filter??
Best Regards
Martin
On 2017-06-07 10:59, Martin Wheldon wrote:
> Hi Michael,
>
> We do exactly that see example below:
>
> user_filter =
> (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u)))
> pass_filter =
> (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)))
>
> Does it work without the AllowUser section of the search?
> Do you get any records back when you do a ldapsearch with your
> user_filter search?
>
> Best Regards
>
> Martin
>
> On 2017-06-07 09:48, Michael JOIGNY wrote:
>> Hi all,
>>
>> I'd like to know if it's possible to add a custom field when the
>> authentification is made by users.
>>
>> My boolean custom field will be for example "AllowUser" (false/true).
>>
>> I'm trying to do something like that but it's not working :
>>
>> /user_filter =
>> (&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/
>>
>> This is my dovecot/ldap configuration below :
>>
>> /*# dovecot.conf*
>> /
>> /passdb {//
>> // driver = ldap//
>> // args = /etc/dovecot/dovecot-ldap.conf//
>> //}/
>>
>> *# dovecot-ldap.conf*
>>
>> /hosts = myurl:myport//
>> //dn = cn=myuser,dc=mydomain,dc=com//
>> //dnpass = ********//
>> //a//uth_bind = yes//
>> //auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com//
>> //ldap_version = 3//
>> //base = ou=Users,dc=mydomain,dc=com//
>> //scope = base//
>> //default_pass_scheme = SSHA512
>> /
>> Do you have an idead ?
>>
>> Kind regards.
>>
>> --
>> Michael
More information about the dovecot
mailing list