[Dovecot] ldap auth (with user and domain a different places)

Timo Boettcher spida at gmx.net
Mon Jan 10 19:28:19 EET 2005


Hi Peter,


* Peter Clark <peter-clark at bethel.edu>, Monday, January 10, 2005, 12:34:04 PM:

> On Monday 10 January 2005 11:10, Timo Boettcher wrote:

>> But that would only work, if dc was an attribute of my user (which it
>> is not), wouldn't it?
>     Yes, that would probably have to be the case. Theoretically, this kind of
> problem could be solved by being more specific in your base dn (specifying
> "base = dc=domain.tld, o=myorganization" but I don't think that Dovecot
> allows things like %d in the "base" option of dovecot-ldap.conf, so you
> couldn't have "base = dc=%d, o=myorganization". (Someone correct me if I'm
> wrong.)

As I read the sourcecode, thats not possible just now. But unless I am
wrong (which I could quite possible be) the change to make this
possible would be about one line to do variable expansion on the
search-base.

>     However, it looks like you are using a custom schema. The easiest way
> would just be to edit the schema and add an attribute for the user's full
> email and be done with it.

I omitted that attribute on purpose, because of the complications of
redundant and possibly conflicting data. Now the schema of my ldap-db
makes any conflicting data (like two users with the same mailaddress,
a user with a mail-address of a domain other than his own) impossible
without need for checking this in any administrative frontend. Thats
the beauty of ldap in this case. If you have a better schema, please
tell me.

>  If the mountain will not come to Mohammed,  Mohammed will go to the
> mountain. Or something like that.

Hm. Why drop a schema that is perfectly valid and matches the spirit
of ldap just because the ldap-software is not ldap-enabled enough to
use it?



 Timo




More information about the dovecot mailing list