-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 7 Jan 2014, Mihai Badici wrote:
userdb for delivery) , this could be far better.But I think this is a
design issue.
Remember: passdb is for authentificating users; userdb is for getting user
information. When an user auth's for IMAP, passdb verifies the password
and probably overrides the username, in the second step the userdb is
queried for the user data. If you use prefetch userdb and provide
different passdb and userdb queries, I would not expect a clean run.
Maybe, it's better you give a detailed example, which makes your idea more
visible.
Ok, an example is better.
let's say I use dovecot with postfix and I have in postfix/master.cf :
dovecot unix - n n - - pipe
flags=DRhu user=mailbox:mailbox
argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
I use two e-mail addresses, [email protected] and [email protected]
My uid is mihai.badici ( I choose it not related to e-mail address)
So, the deliver service will query ldap in order to find the mailbox.
We need to put mail=%u or maildrop=%u, depends on schema.
On the other hand, the authentication will fail if I use uid, because it use
the same query.
I can put |(mail=%u)(uid=%u) and it's work, but is rather strange.
I can, indeed, use maildrop to "canonify" the mailbox in postfix before
delivery, and I think will work too.
But I think is more elegant to separate the delivery query and authentication
query. I'm not sure if is not possible to use only passdb query for
authentication.
That's what I meant in my second reply with "otherwise have the passdb
return another username, e.g. the "mail" LDAP attribute to convert the uid
into mail adress."
See: http://wiki2.dovecot.org/PasswordDatabase/ExtraFields?highlight=user
You use only "uid" in passdb query, but return a field "user" to override
the username, e.g.:
pass_attrs = uid=user
change "uid" to the attribute that holds your primary address.
Use the attribute in the userdb query that enumerate all mail addresses.
However, this has the drawback, IMHO, that you need to type a mail address
with doveadm's -u switch.
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUs0A9F3r2wJMiz2NAQIlDAgArtE42Fn7a2hTt/tqdOHR8NaGCHC3V1Vo
LqbXZ0fp3KnZBzyzT+NY6o4j6XbfBVAbYtwxTFe/auD1SI/BEXcnBWx5Yc/beA6Y
CbR6UE+AZl1/JatWF0hck/tNveuRwuHxWdJG2cpXInEdQgDC/UNlvahVMbQC1LLN
PK0UBebi0vwWZJFXo2ZrrvjHJPYZHkKmgebKEjxkh91vR8uE9+q8F1tbaJBuKifW
iKz4fPCf70OfivoLr3G37WtbclDnzA16pqEaJAolQzJKyE4QMcg3vsXzsavpeNP8
5xUCo7cIeOVdk3PTjmFsS/5LBxP8fjdjkd2aLIZ4y5aWIFwsHzmWBw==
=e+qJ
-----END PGP SIGNATURE-----
