Hello,
We are performing a Domain migration and I was wondering if there was any
way to get Dovecot to authenticate to more than 1 LDAP server? Currently
dovecot is configure to query the "mail" attribute from Active
Directory and
when found it binds with the credentials the user provided.
This works fine, but when migrating user accounts, they get disabled in the
source domain so that the user can no longer log on to it. But disabling the
account in the source domain, causes the user to be unable to use his email
account.
Is there any way to get dovecot to try a second LDAP server if the first one
fails to authenticate..?
~# dovecot -n
# 1.2.11: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.29-xs5.5.0.15 i686 Debian 5.0.4 ext3
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imaps imap
ssl_cert_file: /etc/ssl/certs/smtpd.crt
ssl_key_file: /etc/ssl/private/smtpd.key
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
login_user: postfix
mail_privileged_group: mail
mail_uid: vmail
mail_gid: vmail
mail_location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir
mbox_write_locks: fcntl dotlock
imap_client_workarounds: delay-newmail outlook-idle netscape-eoh
lda:
postmaster_address: postmaster at h-st.com
auth_socket_path: /var/run/dovecot/auth-master
log_path: /var/log/dovecot-deliver.log
info_log_path: /var/log/dovecot-deliver-info.log
auth default:
mechanisms: plain login
passdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
userdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth-client
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
Thanks
--------
Romer Ventura
On Lunes 03 Octubre 2011 16:29:39 Romer Ventura escribi?:> Is there any way to get dovecot to try a second LDAP server if the first > one fails to authenticate..?Sure; just add a second passdb (maybe you also need a second userdb) pointing to the other server. Something like passdb ldap { args = /usr/local/etc/AD.conf } passdb ldap { args = /usr/local/etc/second.conf } HTH -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n
-----Original Message-----
From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On
Behalf Of Romer Ventura
Sent: Monday, October 03, 2011 9:30 AM
To: dovecot at dovecot.org
Subject: [Dovecot] Multiple LDAP authentication servers
Hello,
We are performing a Domain migration and I was wondering if there was any
way to get Dovecot to authenticate to more than 1 LDAP server? Currently
dovecot is configure to query the "mail" attribute from Active
Directory and
when found it binds with the credentials the user provided.
This works fine, but when migrating user accounts, they get disabled in the
source domain so that the user can no longer log on to it. But disabling the
account in the source domain, causes the user to be unable to use his email
account.
Is there any way to get dovecot to try a second LDAP server if the first one
fails to authenticate..?
~# dovecot -n
# 1.2.11: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.29-xs5.5.0.15 i686 Debian 5.0.4 ext3
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imaps imap
ssl_cert_file: /etc/ssl/certs/smtpd.crt
ssl_key_file: /etc/ssl/private/smtpd.key
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
login_user: postfix
mail_privileged_group: mail
mail_uid: vmail
mail_gid: vmail
mail_location: maildir:/srv/mail/vmail/%Ud/%Ln/Maildir
mbox_write_locks: fcntl dotlock
imap_client_workarounds: delay-newmail outlook-idle netscape-eoh
lda:
postmaster_address: postmaster at h-st.com
auth_socket_path: /var/run/dovecot/auth-master
log_path: /var/log/dovecot-deliver.log
info_log_path: /var/log/dovecot-deliver-info.log
auth default:
mechanisms: plain login
passdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
userdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth-client
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
**************************************************
Also I forgot to mention that these are different domains, we are not
authenticating to DOMAIN-AAA.COM and we would like to authenticate to
DOMAIN-BBB.LAN while still allowing authentication to DOMAIN-AAA.COM. The
Base DNs and domains are different.
Possible?
Thanks
So you are saying I can define multiple passdb and userdb, each pointing to a different ldap config file? Thanks -------- Romer Ventura -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org] On Behalf Of Joseba Torre Sent: Monday, October 03, 2011 10:22 AM To: dovecot at dovecot.org Subject: Re: [Dovecot] Multiple LDAP authentication servers On Lunes 03 Octubre 2011 16:29:39 Romer Ventura escribi?:> Is there any way to get dovecot to try a second LDAP server if the > first one fails to authenticate..?Sure; just add a second passdb (maybe you also need a second userdb) pointing to the other server. Something like passdb ldap { args = /usr/local/etc/AD.conf } passdb ldap { args = /usr/local/etc/second.conf } HTH -- Joseba Torre. Vicegerencia de TICs, ?rea de Explotaci?n