dovecot - Aug 2011 - authentication via LDAP

Hi all. I have a couple of questions. ANY of those will solve mi
situation.

1) 'Complex' LDAP validation:
I need to validate a user in the 2 step authentication / authorizacion
mech.

The 'users' (with the password) are in
ou=Person,o=Work

the group which contains the mail users is in
cn=MailUsers,ou=Groups,o=Work

Can dovecot make such a thing? Cause im not shure if i can make this in
a single ldap filter.

2) If not...
2.1) Does dovecot accept more than 1 rule for authenticating?
2.2) Does dovecot accept an arbitrary program for authentication?

Well, that's all for now. Thanks!
Gerardo

in principle possible:

pass auth:
auth_bind = yes
auth_bind_userdn = uid=%u,ou=Person,o=Work

filter by group:
user_filter = 
(&(&(&(objectclass=user)(objectclass=person))(memberOf=*MailUsers.*))(uid=%n))
pass_filter = 
(&(&(&(objectclass=user)(objectclass=person))(memberOf=*MailUsers.*))(uid=%u))

but need to configure ldap for memberOf ....

Gerardo Herzig wrote:
> Hi all. I have a couple of questions. ANY of those will solve mi
> situation.
>
> 1) 'Complex' LDAP validation:
> I need to validate a user in the 2 step authentication / authorizacion
> mech.
>
> The 'users' (with the password) are in
> ou=Person,o=Work
>
> the group which contains the mail users is in
> cn=MailUsers,ou=Groups,o=Work
>
>