Using userdb/passdb data in director_username_hash
Mark Moseley
moseleymark at gmail.com
Fri Apr 12 21:09:01 EEST 2019
TL;DR:
Can director_username_hash use %{userdb:...} or %{passdb:...} ?
====================================
This is on Ubuntu Precise, running dovecot 2.2.36. It's a fully production,
director-ized env, so assume everything is working correctly. Happy to post
doveconf if it's relevant but wanted to ask a general question first.
I was curious if there's a way to get userdb/passdb data
into director_username_hash. Currently, we've got default hashing (on %u).
I'm returning a SQL field called 'real_username' (the owner of the mailbox,
so almost never the same as %u). I'd like (for mdbox reasons) to hash on
that rather than %u.
My test SQL is returning (this is just a chunk -- it's duplicated for
testing):
UserName AS userdb_real_username, UserName AS real_username
I can see in my director boxes that it's at least picking up the latter:
passdb out: PASS 1 user=tesbox at mailbox.com proxy=y real_username=testuser
Is it possible to inject 'real_username' into director_username_hash? That
is, I'd rather hash on 'testuser' instead of 'testbed'.
I've been trying different permutations on my director boxes with no luck.
director_username_hash = %{userdb:real_username}
director_username_hash = %{passdb:real_username}
director_username_hash = %{userdb:userdb_real_username}
director_username_hash = %{passdb:userdb_real_username}
With any of those settings, every mailbox gets hashed to the same backend,
so I'm guessing it's not getting anything useful (i.e. probably resolving
to the same empty string and hashing on that -- or perhaps is just hashing
on the literal string, e.g. "%{userdb:real_username}" ).
And I'm not even sure if director_username_hash has access to any
passdb/userdb data. Is there a debug setting that would show what string
director is using to do the hashing?
Current debug settings are:
auth_debug = yes
auth_debug_passwords = yes
mail_debug = yes
but not a peep as to the string that director is hashing on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190412/14267f32/attachment.html>
More information about the dovecot
mailing list