dovecot - Aug 2010 - Master User Features I'd like to see

Here's what I'd like. Limited master users, where someone can be a 
master users for some domains but not others. I think I could do what I 
want with the right kinds of variable passing that doesn't yet exist. 
Let me see if I can explain clearly.

 From the example in the wiki:

auth_master_user_separator = *
passdb {
   driver = sql
   args = /etc/dovecot/dovecot-sql-master.conf.ext
   master = yes
   pass = yes
}
passdb {
   driver = sql
   args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
   driver = sql
   args = /etc/dovecot/dovecot-sql.conf.ext
}

Login looks like this:
# telnet localhost 143
* OK Dovecot ready.
1 login loginuser*masteruser masterpass
1 OK Logged in.


I'm assuming that the masteruser and masterpass is passed to the master 
passdb and when doing so the variable %u is the master user.  I assume 
that %n and %d also represent the name and domain part of the master user.

What I need is to also be able to have variables for the loginuser 
passed to the master user query. Something like %lu, %ln, and %ld 
perhaps. That way with MySQL tricks I might be able to see if the master 
user is master for that particular login user. That way I can give 
domain owners or owners of multiple domains the ability to manage the 
email accounts within their scope of permission.

On 8/15/2010 5:46 PM, Marc Perkel wrote:
>  Here's what I'd like. Limited master users, where someone can be a
> master users for some domains but not others. I think I could do what 
> I want with the right kinds of variable passing that doesn't yet 
> exist. Let me see if I can explain clearly.
>
> From the example in the wiki:
>
> auth_master_user_separator = *
> passdb {
>   driver = sql
>   args = /etc/dovecot/dovecot-sql-master.conf.ext
>   master = yes
>   pass = yes
> }
> passdb {
>   driver = sql
>   args = /etc/dovecot/dovecot-sql.conf.ext
> }
> userdb {
>   driver = sql
>   args = /etc/dovecot/dovecot-sql.conf.ext
> }
>
> Login looks like this:
> # telnet localhost 143
> * OK Dovecot ready.
> 1 login loginuser*masteruser masterpass
> 1 OK Logged in.
>
>
> I'm assuming that the masteruser and masterpass is passed to the 
> master passdb and when doing so the variable %u is the master user.  I 
> assume that %n and %d also represent the name and domain part of the 
> master user.
>
> What I need is to also be able to have variables for the loginuser 
> passed to the master user query. Something like %lu, %ln, and %ld 
> perhaps. That way with MySQL tricks I might be able to see if the 
> master user is master for that particular login user. That way I can 
> give domain owners or owners of multiple domains the ability to manage 
> the email accounts within their scope of permission.
>
>
>
YES, lets make an administrative tool for dovecot supporting multiple 
domains administrated by various user. Oh, wait! There's vpopmail :-S


Jerrale G.
SC Senior Admin

On 15.8.2010, at 22.46, Marc Perkel wrote:
> passdb {
>  driver = sql
>  args = /etc/dovecot/dovecot-sql-master.conf.ext
>  master = yes
>  pass = yes
> }
..
> I'm assuming that the masteruser and masterpass is passed to the master
passdb and when doing so the variable %u is the master user.  I assume that %n
and %d also represent the name and domain part of the master user.
Yes.
> What I need is to also be able to have variables for the loginuser passed
to the master user query. Something like %lu, %ln, and %ld perhaps. That way
with MySQL tricks I might be able to see if the master user is master for that
particular login user. That way I can give domain owners or owners of multiple
domains the ability to manage the email accounts within their scope of
permission.

These are available in v2.0:

%{login_user}
%{login_username}
%{login_domain}

I guess they should be added to wiki..

You can use checkpassword: 
http://wiki.dovecot.org/AuthDatabase/CheckPassword

Works fine for me for master user authentication.


Emerson Pinter


On 15-08-2010 18:46, Marc Perkel wrote:
>  Here's what I'd like. Limited master users, where someone can be a
> master users for some domains but not others. I think I could do what 
> I want with the right kinds of variable passing that doesn't yet 
> exist. Let me see if I can explain clearly.
>
> From the example in the wiki:
>
> auth_master_user_separator = *
> passdb {
>   driver = sql
>   args = /etc/dovecot/dovecot-sql-master.conf.ext
>   master = yes
>   pass = yes
> }
> passdb {
>   driver = sql
>   args = /etc/dovecot/dovecot-sql.conf.ext
> }
> userdb {
>   driver = sql
>   args = /etc/dovecot/dovecot-sql.conf.ext
> }
>
> Login looks like this:
> # telnet localhost 143
> * OK Dovecot ready.
> 1 login loginuser*masteruser masterpass
> 1 OK Logged in.
>
>
> I'm assuming that the masteruser and masterpass is passed to the 
> master passdb and when doing so the variable %u is the master user.  I 
> assume that %n and %d also represent the name and domain part of the 
> master user.
>
> What I need is to also be able to have variables for the loginuser 
> passed to the master user query. Something like %lu, %ln, and %ld 
> perhaps. That way with MySQL tricks I might be able to see if the 
> master user is master for that particular login user. That way I can 
> give domain owners or owners of multiple domains the ability to manage 
> the email accounts within their scope of permission.
>
>
>