[Dovecot] Passdb filter question - LDAP.

Lauro Costa G. Borges laurocgb at grad.ufsc.br
Mon Aug 30 22:26:27 EEST 2010 

dovecot 1:1.2.9-1ubuntu6.1
----


    I don't know if I can solve this problem with Dovecot, or if it's an
LDAP matter.


    I'm authenticating users with saslauthd/LDAP, and using Dovecot LDA.

    ---- dovecot.conf
passdb ldap {
     args = /etc/dovecot/dovecot-ldap-passdb.conf
}
userdb prefetch {
}
# The userdb below is used only by deliver.
userdb ldap {
     args = /etc/dovecot/dovecot-ldap-userdb.conf
}
-----

----- dovecot-ldap-passdb.conf
search base is dc=example,dc=org
pass_filter = (&(objectclass=brPerson)(objectclass=inetOrgPerson)(mail=%u))
pass_attrs = userPassword=password,%u=user
-----

----- dovecot-ldap-userdb.conf
search base is ou=%d,ou=mail,ou=services,dc=example,dc=org
user_filter = (&(objectclass=nisMailAlias)(cn=%n))
user_attrs =
rfc822MailMember=user,EmailQuota=quota_rule=*:storage=%$M
-----

    Here is how the LDAP tree is:


    ou=mail,ou=services,dc=example,dc=org
    ou=subdomain1.example.org,ou=mail,ou=services,dc=example,dc=org

    example entry under "ou=subdomain1.example.org"

    ---
dn: cn=userfoo,ou=subdomain1,ou=mail,ou=services,dc=example,dc=org
cn: userfoo
edupersonprincipalname: WEMHVDEA-FUAOBAAA at example.org (some sort of
unique identifier)
emailquota: 512
objectclass: eduPerson
objectclass: nisMailAlias
rfc822mailmember: userfoo at subdomain1.example.org

    ---

     ou=people,dc=example,dc=org

dn: uid=29859085900 at example.org,ou=people,dc=example,dc=org
uid: 29859085900 at example.org
eduPersonPrincipalName: WEMHVDEA-FUAOBAAA at example.org
userPassword: {MD5}6ZoYxCjLONXyYIU2eJIuAw==
objectClass: person
objectClass: inetOrgPerson
objectClass: eduPerson
mail: 29859085900 at example.org
mail: userf at director.example.org
mail: userfoo at dptoxyz.example.org
mail: userfoo at subdomain1.example.org



   When delivering email, it must search under "services", for the proper
"rfc822mailmember", which is the mailbox.

   When authenticating, there's where my problem is, I can't have ALL
user e-mails under "ou=people", maybe just 1, so I need to search
under "ou=services", there I have all user email addresses, and by
using "edupersonPrincipalName", I want to point to the right location
under "ou=people", where I have the user password.  
edupersonPrincipalName is the attribute present under "ou=services"  
and "ou=people" that links the entries.


   I tried to do it by changing passdb filter file, like this:

   pass_filter = (&(objectclass=eduPerson)(mail=%u))
pass_attrs = userPassword=userdb_password,eduPersonPrincipalName=userdb_user


   It works, but changes the username to the value of
"edupersonprincipalname", and this changes the mailbox name. Dovecot
accesses the wrong mailbox then (something like
29859085900 at example.org).


* My question is: is it possible to change the passdb filter, so it
searches for somemail at sub1.example.org (under ou=services), then it
gets the value of "edupersonprincipalname" (the unique identifier,
present under "services" and "people"), and with that value, it looks
under "people" the person with that identifier and validates the
password. It would be a filter inside a filter, sort of.


  thanks, and sorry if this is a little offtopic.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the dovecot mailing list