LDAP userdb and dovecot LDA/LMTP - different requirements
Steffen Kaiser
skdovecot at inf.h-brs.de
Wed Feb 7 09:14:43 EET 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 6 Feb 2018, Franta Hanzlík wrote:
> I want to use Dovecot LDA (or rather LMTP) use as local deliver with
> Postfix MTA. Users are in LDAP DB with structure as:
>
> dn: cn=username, ou=rank, o=myorg
> cn: username
> objectClass: Person
> gidNumber: uNNN
> uidNumber: gNNN
> userPassword: (somehow hashed, can only bind verification)
> homeDirectory: /Home/$rank/$username
> mailActive: 0/1
> mail: usera at OneDomain
> mail: userb at SecDomain (not all users have 2+ addresses]
> uid: username
> groupMembership: group DN (can be multiple times for different groups)
> ...
>
> where:
> - cn = uid = expected IMAP login username (which hasn't @domain part)
> - user1 (and user2) isn't always same as username
?? What means this requirement?
> Now I not know, how to solve IMO diferent requirements to userdb:
>
> - LDA/LMTP need LDAP userdb unit, that can retrieve the name from an
> email address (ie for "usera at myDomain" returns cn/uid (as dovecot
> "username").
For LDA, just use another config.
> - IMAP server need LDAP userdb unit, that will have the user login
> (username) as the input parameter, and which returns information
> whether or not the user exists.
user_filter = (&(|(mail=%n)(uid=%u))(mailActive=1)(objectClass=person))
this assumes that usera (without @domain) is not the username of another
entry and that there is one entry for each mail address only. Users may
login with their mail address.
On the other hand, can you solve the aliases in LDAP into usernames by
Postfix:
http://www.postfix.org/ldap_table.5.html
> user_attrs = \
> =home=%{ldap:homeDirectory}, \
> =uid=%{ldap:uidNumber},
> =gid=%{ldap:gidNumber},
> =quota_rule=*:bytes=%{ldap:quotaBytes},
> =namespace/default/separator=%{ldap:mailSeparator}
>
> Can anyone explain how these constructions work?
> And what do mean attribute notations in the form '=attr=' or '@attr='
> or 'quota_rule=*:storage=100M' ?
> Nowhere have I found a sufficiently comprehensible description of these
> constructions...
https://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb?highlight=%28%40mail%29
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEVAwUBWnqnY8QnQQNheMxiAQKihgf/bNNeVf+I4k75Buub0y1i46SIfqLdVdpb
/qRTMz/ZJKZcNM5yu4st6HS/z8adZU5/UGC/sSrjTyYajtsXsXpKjKm+vzi25ylU
X+C3Eq2Z6V07ijr20uqJVcO0JxoQ86aqVEoN+gP1IkvymjFPJdAZKXwooaAevX44
/cwCvykYeYlAYhF2ONGbcES+rwirQkBQOebzOuA+ncyiKhbjjwjzRfy6kdMMHtGn
06AKeENBjsXIHkoMdR+AyKFWN4lGcOqEYK56g231CwsMHz5VQCskRo6ZyIlKwKjx
BFU/N4Wy1V4jQ56czLCEq+bM3wGDjMvmkh2xuHFPeX8xL/JOCt9Rhg==
=czTH
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list