Hi Patrick, if postfix append the "primary" domain value then it's quite ok with me, I guess it's not a performance penalty for postfix? I can then use auth_default_realm in dovecot and problem should be solved.
On Sat, Jul 24, 2010 at 2:38 PM, Patrick Ben Koetter <p...@state-of-mind.de> wrote: > * Pavel Dimow <paveldi...@gmail.com>: >> Hello, >> >> >> I know that this is maybe question for more LDAP oriented users, but I hope >> someone here can help me. I have a postfix with one "primary" domain and >> dozen virtual domains. The problem is that users from primary domain use only >> their username (without domain part) for SASL authentication and all >> other users >> (from virtual domains) are using usern...@somedomain as username. >> Now my DIT is organized something like >> >> ou=people,o=somedomain.com,dc=acmecorp >> ou=people,o=virtualdomain.com,dc=acmecorp >> >> >> The question is how can I perform a search for a "primary" domain when I >> don't >> have a domain part? Is there anyway that I can "append" a default domain when >> %d is empty or I can make some sophisticated filter_search? > > You can create a search filter that only searches for the localpart. But what > if you have identical localparts in your local and your virtual domains and > your search finds the localpart in > "ou=people,o=virtualdomain.com,dc=acmecorp" first (first match wins)? You > would have to create two separate searches and evaluate the local one first. > > It is probably better and more failsafe configuring Postfix to append a domain > value if a client didn't send one like this: > > smtpd_sasl_local_domain = somedomain.com > > This way any search will only take place in > "ou=people,o=somedomain.com,dc=acmecorp". This puts the burden to provide FQDN > usernames to virtual users, but they should already know and nad have > configured their systems apropriately. > > p...@rick > > -- > All technical questions asked privately will be automatically answered on the > list and archived for public access unless privacy is explicitely required and > justified. > > saslfinger (debugging SMTP AUTH): > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> >