Re: [Dovecot] Please clarify one point for me on director userdb (Was: Configuration advice needed.)
On Mon, Jun 03, 2013 at 03:47:08PM +0200, Olivier Girard wrote:
> I'm trying to finish my dovecot setup but things are unclear for me.
>
> I want director proxying mapping to same server for LMTP and POP/IMAP
> connections. My authdb is LDAP and LMTP user are queried with mail
> adress (ldap mail attribute) while IMAP/POP users are identified
> with uid (ldap uid attribute) wich is completly different.
>
> So i end up defining my ldap querys mapping ldap mail attribute to user
> in *_attrs (best choice for future use than uid for our setup) with this
> configuration in dovecot-ldap.conf.ext:
>
> uris = ldap://ldap.uang
> dn = cn=acces-smtp, ou=access, dc=univ-angers, dc=fr
> dnpass = *
> base = ou=people, dc=univ-angers, dc=fr
> user_attrs = mail=user,homeDirectory=home
> user_filter = (&(|(uid=%u) (mail=%u)
> (auaAliasEmail=%u))(|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant)))
> pass_attrs = mail=user,userPassword=password
> pass_filter = (&(|(uid=%u) (mail=%u) (auaAliasEmail=%u))
> (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant)))
> iterate_attrs = mail=user
> iterate_filter =
> (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant))
> default_pass_scheme = MD5-CRYPT
>
> Is it the correct method, or do i miss something?
>
It's a bit hard to tell what's unclear to you. This all looks perfectly
fine to me. I run a similar configuration, except:
- I don't have any ldap config on the directors, just a static
passdb:
passdb {
args = proxy=y nopassword=y
driver = static
}
- I use auth binds, instead having dovecot do the
authentication. IMHO that's better, since then there's no
easy way to extract all the hashes from the dovecot side.
auth_bind = yes
auth_bind_userdn = uid=%n,ou=people,o=%d,o=ISP,o=example,c=NO
- I haven't configured any
iterate_attrs/iterate_filter/pass_attrs/iterate_filter or
default_pass_scheme. Have too many users to ever want to
iterate over them all :-)
-jf
Re: [Dovecot] Please clarify one point for me on director userdb (Was: Configuration advice needed.)
I'm trying to finish my dovecot setup but things are unclear for me. I want director proxying mapping to same server for LMTP and POP/IMAP connections. My authdb is LDAP and LMTP user are queried with mail adress (ldap mail attribute) while IMAP/POP users are identified with uid (ldap uid attribute) wich is completly different. So i end up defining my ldap querys mapping ldap mail attribute to user in *_attrs (best choice for future use than uid for our setup) with this configuration in dovecot-ldap.conf.ext: uris = ldap://ldap.uang dn = cn=acces-smtp, ou=access, dc=univ-angers, dc=fr dnpass = * base = ou=people, dc=univ-angers, dc=fr user_attrs = mail=user,homeDirectory=home user_filter = (&(|(uid=%u) (mail=%u) (auaAliasEmail=%u))(|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant))) pass_attrs = mail=user,userPassword=password pass_filter = (&(|(uid=%u) (mail=%u) (auaAliasEmail=%u)) (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant))) iterate_attrs = mail=user iterate_filter = (|(auaStatut=etu)(auaStatut=etu-sortant)(auaStatut=perso)(auaStatut=perso-sortant)) default_pass_scheme = MD5-CRYPT Is it the correct method, or do i miss something? Le 31/05/2013 12:52, Olivier Girard a écrit : Hello, First, thanks for this great piece of software. I'm new to dovecot and i've just converted my old courier configuration on pop/imap server side, everithing is working just fine on this side and speed gain expected was found (not enough for our busy servers :). Setup is done with 3 dovecot virtual servers load balanced with a Hardware load balancer (this part is a big point of the question). Postfix and dovecot servers use an NFS share on a NetApp for mail, Postfix servers are writting directly to inbox maildirs. Load balanced is maintaining afinity betwen client and server so i've got no problem with this for the moment. Now, i want to setup postfix (3 HW load balanced) for local delivery with LMTP on deovecot servers, and here come my questions. Afinity can't be maintained between IMAP and LMTP for a user with my load balancer so mail can be delivered on dovecot01 and read on dovecot02, from what i've read this can be an issue with indexes. I think i need to setup a director to maintain LMTP and IMAP afinity between users and servers but on imap servers i'm identifying user with their UID, and LMTP need to see emails. Does dovecot see the same user or 2 users with the same homedir? So my question is: could you point me to the right direction with this setup, do you have any advice on this config.
