Dovecot - Microsoft Azure AD

Aki Tuomi aki.tuomi at open-xchange.com
Thu Aug 15 12:26:38 EEST 2019 

Hi!

Dovecot supports Lua userdb, which can be used to implement custom user databases, maybe this might work for you? See https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication for more details.

Aki

> On 15/08/2019 12:16 Lennart Boettcher <lennart.boettcher at secpoint.onmicrosoft.com> wrote:
> 
> 
>   Hello,
>  
> Thank you for the quick reply.
> 
>  
> 
> 
>  
> I have expressed myself wrongly. Our idea was to use the Azure-AD as userdb by doing the user lookup with the help of Microsoft's Graph API. OAuth2 would then of course only be the authorization procedure to access the user accounts using the Graph API. 
> 
>  
> 
> 
>  
> One would then implement a graph-userdb and no oauth-userdb. OAuth is, as you correctly mentioned, only an authorization mechanism.
> 
>  
> 
> 
>  
> Here is a link to the GraphAPI: https://docs.microsoft.com/de-de/graph/api/overview?view=graph-rest-1.0
> 
>  
> And here is another link to the Graph Explorer, with which you can see how the GraphAPI works: https://developer.microsoft.com/en-us/graph/graph-explorer
>  
> 
> 
>  
> We already use this procedure for the passdb lookup and it works very well.
>  
> 
> 
>  
> Greetings
>  
> Lennart Boettcher
> 
>  
>  
>  
> ------------------------------
>  
> From: Aki Tuomi <aki.tuomi at open-xchange.com>
>  Sent: 14 August 2019 14:57
>  To: Lennart Boettcher <lennart.boettcher at secpoint.onmicrosoft.com>; Lennart Boettcher via dovecot <dovecot at dovecot.org>
>  Subject: Re: Dovecot - Microsoft Azure AD 
>  
> 
>  > On 14/08/2019 15:36 Lennart Boettcher via dovecot <dovecot at dovecot.org> wrote:
>  > 
>  > 
>  > 
>  > Hello,
>  > 
>  > I am currently trying to connect my Dovecot mail server to Microsoft's Azure-AD and use it as password and user database. I am using version 2.3.7.1.
>  > 
>  > 
>  > 
>  > 
>  > 
>  > Using the Azure-AD as passdb already works. In this context I noticed that the scope implementation is not yet merged.
>  > 
>  > 
>  > 
>  > 
>  > 
>  > Since I haven't found any hints for an OAuth2 userdb implementation yet, I wanted to ask if there are any plans for an implementation.
>  > 
>  > 
>  > 
>  > 
>  > Greetings
>  > 
>  > Lennart Boettcher
>  > 
>  > 
>  > 
>  >
>  
>  Dovecot 2.3 supports oauth2. I don't know how "oauth2 user database" would work, since oauth2 is an authentication mechanism. I suggest you use LDAP or static userdb, or set mail_* settings for user settings.
>  
>  Aki
>

More information about the dovecot mailing list