LDAP just for passdb
Francis Augusto Medeiros-Logeay
r_f at med-lo.eu
Fri Oct 14 19:57:58 UTC 2022
I actually saw that it was possible, and it works, but I came across another problem and I wonder if you have any tips about it:
On my current dovecot setup, I use SQL as the backend. So I have the following users:
francis at domain-a.com <mailto:francis at domaina.com>
francis at domain-b.com <mailto:francis at domain-b.com>
Those are separate users which their own mailboxes.
However, I have a freeipa that is configured for the `domain-a.com <http://domain-a.com/>` realm. However, since I am using `%n` for the uid search:
auth_bind_userdn = uid=%n,cn=users,cn=accounts,dc=domain-a,dc=com
And
pass_filter = (&(objectClass=posixAccount)(uid=%n))
It of course leads up to both users above being able to authenticate with the same password.
Is there a way to limit ldap authentication to just one domain, or perform a search where both username and domain are checked? I could use the `mail``attribute to filter users, but I imagine that if two users have the same mail configured, I’d run into trouble….
Best,
Francis
> On 14 Oct 2022, at 20:08, dovecot-request at dovecot.org wrote:
>
> Hi,
>
> I couldn't find it in the documentation, so I was wondering - is it
> possible to configure Dovecot to use LDAP for passdb and keep using SQL
> for userdb?
>
> I would like to do that before I come up with a good strategy to expand
> my ldap schema to support other mail attributes for virtual domains,
> aliases, etc.
>
> I am currently using FreeIPA.
>
> Best,
>
> Francis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20221014/d509d4ad/attachment-0001.htm>
More information about the dovecot
mailing list