Re: [Dovecot] LDAP binds

2010-12-30 Thread Timo Sirainen 
On Tue, 2010-12-28 at 10:32 -0700, Trever L. Adams wrote:
 I am using 2.0.8. Anonymous binds are no longer supported in the
 environment I am using. I need to change my userdb ldap setup to bind. I
 believe the ldap server does Kerberos (or can) authentication. My users
 are authenticating using Kerberos or Kerberos/PAM. This needs to stay in
 place.
 
 Can anyone suggest how I might go about changing my setup to work?

So you're only talking about using ldap for userdb? Can't you just set
dn and dnpass to whatever user (that has access to list all users)?



signature.asc
Description: This is a digitally signed message part

[Dovecot] LDAP binds

2010-12-28 Thread Trever L. Adams 
I am using 2.0.8. Anonymous binds are no longer supported in the
environment I am using. I need to change my userdb ldap setup to bind. I
believe the ldap server does Kerberos (or can) authentication. My users
are authenticating using Kerberos or Kerberos/PAM. This needs to stay in
place.

Can anyone suggest how I might go about changing my setup to work?

My current ldap setup is as follows (the directories, user id, etc are
set statically in the configuration elsewhere):
tls = yes
hosts = MAILSERVER
base = dc=middleearth,dc=sapphiresunday,dc=org
ldap_version = 3
user_attrs =  userPrincipalName=user
user_filter =
((objectClass=person)(|(mail=%u)(sAMAccountName=%u)(userPrincipalName=%u)))
# For using doveadm -A:
iterate_attrs = userPrincipalName=user
iterate_filter = (objectClass=person)

Thank you,
Trever Adams
-- 
Seize the day, put no trust in the morrow! -- Quintus Horatius Flaccus
(Horace)




signature.asc
Description: OpenPGP digital signature