Dear All,
I have a bit complex question about ldap based user/passdb with some twists caused by the LDAP schema I have to use. It's complex for me at least, since it's my first time to try to setup any dovecot install which is more than a "trivial" thing eg for some unix system users.
What I'd like to do:
Users are stored in LDAP with the following schema:
storageMailUid:
contains user's uid in x@z format, and it CAN be different than mail address. This value is used to login (pop3/imap) and to get the maildir path (well, home) in the form of /mailstorage/z/x/ regardless of the value of the "mail" attribute. If @z part is missing (I mean the user supplied login, not the LDAP!), some default value (example.com) should be treated (I guess that's easy: auth_default_realm may be enough, isn't it). It is NOT possible to login via pop3/imap with mail, only with storageMailUid! This storageMailUid can specify a string which is not even an existing mail address, of course.
mail:
contains user's mail address, or even mail addresses (there can be more mail addresses - more mail ldap attributes - for a single ldap entry). This attribute cannot be used for pop3/imap login, neither it counts to resolve the maildir path, it only counts when a mail is received: the location of the user's maildir must be got from storageMailUid.
storageMailQuota:
it contains the quota value (in bytes) for the given user, which should be enforced on receiving mail, or by using IMAP (not counting the Trash folder which is a fixed size for all users and it must be handled outside of this).
All user maildirs have the same fixed unix UID/GID, which is not stored in LDAP, but must be configured statically. "Home directory" of the user is also not stored in LDAP, it must be got from storageMailUid LDAP parameter.
Mails are received via LMTP only.
I'd like to use prefetchdb to minimalize the amount of LDAP lookups (however I can live without that). I am unsure if auth_bind is OK, or it should not be used, currently I'd like to play with auth_bind, since it worked before on other servers well.
I'm totally lost with the user_attrs/pass_attrs to create this kind of configuration. In case of static userdb, it was easy to set up:
passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf driver = ldap } userdb { args = uid=vmail gid=vmail home=/mailstorage/%Ld/%Ln driver = static }
With this, pop3/imap worked (quota was not of the scope yet, though), however lmtp is not ("passdb doesn't support lookups, can't verify user's existence" which is odd for me, as userdb does not support it in my opinion).
Please, give some suggestion how to set up userdb and passdb to support this configuration which works with the described scenario. I should also set iterate_filter and iterate_attrs I guess, so some doveadm commands can work then (-A stuffs, I guess).
I am also not sure if auth service should be used or not (I mean extra configuration related): since I want LMTP not LDA, I guessed I don't need it, but I am not sure.
I am also confused, because on receiving a mail (via LMTP) different kind of LDAP lookup is needed: then mail must be searched, but it's storageMailUid based lookup in case of pop3 or imap login ... Is it possible to give different userdb/passdb for lmtp and pop3/imap?
In theory it's even possible to have x@example.com as mail and y@example.com as storageMailUid for one user, and the opposite for the another, so lookups cannot be done together for mail and storageMailUid.
The LDAP schema/rest of the system works this way, not an option to change.
Any help is greatly welcomed.
Thanks a lot in advance,
Gábor