Re: [Dovecot] dovecot 2 variables
Well that is not very scalable as we always ask first database no matter what. What if I have the same user in both databases (ldap)? On Mon, Apr 8, 2013 at 12:36 AM, Daniel Parthey daniel.part...@informatik.tu-chemnitz.de wrote: Pavel Dimow wrote: Just to be clear my goal is to have multiple domains on multiple addresses but use one dovecot instance and to let users logging without @domain part. You might try to use several passdb/userdb sections with driver ldap, one for each domain: http://wiki2.dovecot.org/Authentication/MultipleDatabases Regards Daniel -- https://plus.google.com/103021802792276734820
Re: [Dovecot] dovecot 2 variables
You could put (%l=1.2.3.4) in the ldap filter. But I guess it still gets sent to the LDAP server. The best solution would be: local 1.2.3.4 { userdb { .. } } But that doesn't work yet. With v2.2 you can do multiple queries. So you could have one query to translate IP address to the domain, and then a second lookup to lookup the user@domain. http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb - subqueries. On 8.4.2013, at 13.07, Pavel Dimow paveldi...@gmail.com wrote: Well that is not very scalable as we always ask first database no matter what. What if I have the same user in both databases (ldap)? On Mon, Apr 8, 2013 at 12:36 AM, Daniel Parthey daniel.part...@informatik.tu-chemnitz.de wrote: Pavel Dimow wrote: Just to be clear my goal is to have multiple domains on multiple addresses but use one dovecot instance and to let users logging without @domain part. You might try to use several passdb/userdb sections with driver ldap, one for each domain: http://wiki2.dovecot.org/Authentication/MultipleDatabases Regards Daniel -- https://plus.google.com/103021802792276734820
Re: [Dovecot] dovecot 2 variables
Thank you Timo, then I guess I will runing two instances of dovecot one for each domain until local 1.2.3.4 { userdb { .. } } becomes ready :) On Mon, Apr 8, 2013 at 12:14 PM, Timo Sirainen t...@iki.fi wrote: You could put (%l=1.2.3.4) in the ldap filter. But I guess it still gets sent to the LDAP server. The best solution would be: local 1.2.3.4 { userdb { .. } } But that doesn't work yet. With v2.2 you can do multiple queries. So you could have one query to translate IP address to the domain, and then a second lookup to lookup the user@domain. http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb - subqueries. On 8.4.2013, at 13.07, Pavel Dimow paveldi...@gmail.com wrote: Well that is not very scalable as we always ask first database no matter what. What if I have the same user in both databases (ldap)? On Mon, Apr 8, 2013 at 12:36 AM, Daniel Parthey daniel.part...@informatik.tu-chemnitz.de wrote: Pavel Dimow wrote: Just to be clear my goal is to have multiple domains on multiple addresses but use one dovecot instance and to let users logging without @domain part. You might try to use several passdb/userdb sections with driver ldap, one for each domain: http://wiki2.dovecot.org/Authentication/MultipleDatabases Regards Daniel -- https://plus.google.com/103021802792276734820
Re: [Dovecot] dovecot 2 variables
On 2013-04-07 22:51, Pavel Dimow wrote: Why does dovecot does not expand %l to local ip address? what it it does not contain an ip address ?, like rm -f / -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it
Re: [Dovecot] dovecot 2 variables
Am 08.04.2013 13:18, schrieb Benny Pedersen: On 2013-04-07 22:51, Pavel Dimow wrote: Why does dovecot does not expand %l to local ip address? what it it does not contain an ip address ?, like rm -f / what is your f**ing problem? signature.asc Description: OpenPGP digital signature
Re: [Dovecot] dovecot 2 variables
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 7 Apr 2013, Pavel Dimow wrote: Just to be clear my goal is to have multiple domains on multiple addresses but use one dovecot instance and to let users logging without @domain part. If %l is expanded in the LDAP query, you could add an attribute with the local IP address, e.g.: pass_filter = ((objectClass=mailUser)(|(mail=%Lu)((localPart=%Lu)(localIP=%l (check if parenthesis are balanced) Same with user_filter The idea: mailUserLDAPItem ( nameWithDomain || ( nameWithoutDomain localIP ) ) So the user could login with domain on any local port and without domain on one or more local interfaces. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUWK5PV3r2wJMiz2NAQKNMAgAovEJQY0nhBwT0E/d9tEd6wokF5XlVjpc 15vvc3zbJ9AaQVMz4LHAx1N4Secx+BP+UrJLiPPIegGAPbExA4gjI2oC31sEUcJB 8iBtRlbVHLn+pV0DnlG5FBn0KQgIyX1ml+AafcFrVOq/PcCTQzdWqO0oyLR6PN8a SGpArMTweVjMpbhiYdR1fqtc5iYEI2MefO4OjEG0Xxc2KfqzDZqUSZ1H4+ftPT9a oA59e2sc3PRjCrjpeA4UbWNC/ZEDSJFtt01mX3WZ00HVI/+gMiPZVY7NTeaCC9W4 rq0dI2J1O/zP2+yY40KtuZrSt7Kw4b61LXO8Yp/fJVpGoZzf6HvuWA== =/+hu -END PGP SIGNATURE-
Re: [Dovecot] dovecot 2 variables
Interesting, but this means that we need to have one tree with all users (where each user have additional attribute containing local ip), instead we now have two separate trees because we use this for other authentication purposes. Thank you for sharing your thoughts Steffen On Mon, Apr 8, 2013 at 2:34 PM, Steffen Kaiser skdove...@smail.inf.fh-brs.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 7 Apr 2013, Pavel Dimow wrote: Just to be clear my goal is to have multiple domains on multiple addresses but use one dovecot instance and to let users logging without @domain part. If %l is expanded in the LDAP query, you could add an attribute with the local IP address, e.g.: pass_filter = ((objectClass=mailUser)(|(**mail=%Lu)((localPart=%Lu)(** localIP=%l (check if parenthesis are balanced) Same with user_filter The idea: mailUserLDAPItem ( nameWithDomain || ( nameWithoutDomain localIP ) ) So the user could login with domain on any local port and without domain on one or more local interfaces. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUWK5PV3r2wJMiz2NAQKNMA**gAovEJQY0nhBwT0E/**d9tEd6wokF5XlVjpc 15vvc3zbJ9AaQVMz4LHAx1N4Secx+**BP+**UrJLiPPIegGAPbExA4gjI2oC31sEUc**JB 8iBtRlbVHLn+**pV0DnlG5FBn0KQgIyX1ml+**AafcFrVOq/PcCTQzdWqO0oyLR6PN8a SGpArMTweVjMpbhiYdR1fqtc5iYEI2**MefO4OjEG0Xxc2KfqzDZqUSZ1H4+**ftPT9a oA59e2sc3PRjCrjpeA4UbWNC/**ZEDSJFtt01mX3WZ00HVI/+**gMiPZVY7NTeaCC9W4 rq0dI2J1O/zP2+**yY40KtuZrSt7Kw4b61LXO8Yp/**fJVpGoZzf6HvuWA== =/+hu -END PGP SIGNATURE-
[Dovecot] dovecot 2 variables
Hi, I am trying to use separate configurations for ldap authentication thus providing users with the ability to only use username without domain part. Now according to documentation this should be possible http://wiki2.dovecot.org/AuthDatabase/PasswdFile but I keep getting error in my dovecot.log like this auth: Error: Can't open configuration file /etc/dovecot/%l/dovecot-ldap.conf: No such file or directory Why does dovecot does not expand %l to local ip address?
Re: [Dovecot] dovecot 2 variables
On 7.4.2013, at 23.51, Pavel Dimow paveldi...@gmail.com wrote: I am trying to use separate configurations for ldap authentication thus providing users with the ability to only use username without domain part. Now according to documentation this should be possible http://wiki2.dovecot.org/AuthDatabase/PasswdFile but I keep getting error in my dovecot.log like this auth: Error: Can't open configuration file /etc/dovecot/%l/dovecot-ldap.conf: No such file or directory Why does dovecot does not expand %l to local ip address? That expansion works only with passwd-file, not with anything else (such as ldap).
Re: [Dovecot] dovecot 2 variables
Thank you Timo, can you please correct me if I am wrong, but this means that only way to have one dovecot server authenticating users from ldap without domain part is to use %l in ldap query? That imply to have tree like ou=people,o=x.x.x.x.o=mail,dc=acme,dc=com Or there is a better way to do it? On Sun, Apr 7, 2013 at 11:26 PM, Timo Sirainen t...@iki.fi wrote: On 7.4.2013, at 23.51, Pavel Dimow paveldi...@gmail.com wrote: I am trying to use separate configurations for ldap authentication thus providing users with the ability to only use username without domain part. Now according to documentation this should be possible http://wiki2.dovecot.org/AuthDatabase/PasswdFile but I keep getting error in my dovecot.log like this auth: Error: Can't open configuration file /etc/dovecot/%l/dovecot-ldap.conf: No such file or directory Why does dovecot does not expand %l to local ip address? That expansion works only with passwd-file, not with anything else (such as ldap).
Re: [Dovecot] dovecot 2 variables
Just to be clear my goal is to have multiple domains on multiple addresses but use one dovecot instance and to let users logging without @domain part. On Sun, Apr 7, 2013 at 11:51 PM, Pavel Dimow paveldi...@gmail.com wrote: Thank you Timo, can you please correct me if I am wrong, but this means that only way to have one dovecot server authenticating users from ldap without domain part is to use %l in ldap query? That imply to have tree like ou=people,o=x.x.x.x.o=mail,dc=acme,dc=com Or there is a better way to do it? On Sun, Apr 7, 2013 at 11:26 PM, Timo Sirainen t...@iki.fi wrote: On 7.4.2013, at 23.51, Pavel Dimow paveldi...@gmail.com wrote: I am trying to use separate configurations for ldap authentication thus providing users with the ability to only use username without domain part. Now according to documentation this should be possible http://wiki2.dovecot.org/AuthDatabase/PasswdFile but I keep getting error in my dovecot.log like this auth: Error: Can't open configuration file /etc/dovecot/%l/dovecot-ldap.conf: No such file or directory Why does dovecot does not expand %l to local ip address? That expansion works only with passwd-file, not with anything else (such as ldap).
Re: [Dovecot] dovecot 2 variables
Pavel Dimow wrote: Just to be clear my goal is to have multiple domains on multiple addresses but use one dovecot instance and to let users logging without @domain part. You might try to use several passdb/userdb sections with driver ldap, one for each domain: http://wiki2.dovecot.org/Authentication/MultipleDatabases Regards Daniel -- https://plus.google.com/103021802792276734820