Hi, I am trying to use separate configurations for ldap authentication thus providing users with the ability to only use username without domain part. Now according to documentation this should be possible http://wiki2.dovecot.org/AuthDatabase/PasswdFile but I keep getting error in my dovecot.log like this auth: Error: Can't open configuration file /etc/dovecot/%l/dovecot-ldap.conf: No such file or directory Why does dovecot does not expand %l to local ip address?
On 7.4.2013, at 23.51, Pavel Dimow <paveldimow at gmail.com> wrote:> I am trying to use separate configurations for ldap authentication thus > providing users > with the ability to only use username without domain part. Now according to > documentation this should be possible > http://wiki2.dovecot.org/AuthDatabase/PasswdFile > > but I keep getting error in my dovecot.log like this > > auth: Error: Can't open configuration file > /etc/dovecot/%l/dovecot-ldap.conf: No such file or directory > > Why does dovecot does not expand %l to local ip address?That expansion works only with passwd-file, not with anything else (such as ldap).
Well that is not very scalable as we always ask first database no matter what. What if I have the same user in both databases (ldap)? On Mon, Apr 8, 2013 at 12:36 AM, Daniel Parthey < daniel.parthey at informatik.tu-chemnitz.de> wrote:> Pavel Dimow wrote: > > Just to be clear my goal is to have multiple domains on multiple > addresses > > but use one dovecot instance and to let users logging without @domain > part. > > You might try to use several passdb/userdb sections with driver ldap, > one for each domain: > > http://wiki2.dovecot.org/Authentication/MultipleDatabases > > Regards > Daniel > -- > https://plus.google.com/103021802792276734820 >
On 2013-04-07 22:51, Pavel Dimow wrote:> Why does dovecot does not expand %l to local ip address?what it it does not contain an ip address ?, like "rm -f /" -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it
Am 08.04.2013 13:18, schrieb Benny Pedersen:> On 2013-04-07 22:51, Pavel Dimow wrote: > >> Why does dovecot does not expand %l to local ip address? > > what it it does not contain an ip address ?, like "rm -f /"what is your f**ing problem? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 263 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20130408/be2d08c2/attachment.bin>
Interesting, but this means that we need to have one tree with all users (where each user have additional attribute containing local ip), instead we now have two separate trees because we use this for other authentication purposes. Thank you for sharing your thoughts Steffen On Mon, Apr 8, 2013 at 2:34 PM, Steffen Kaiser < skdovecot at smail.inf.fh-brs.de> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Sun, 7 Apr 2013, Pavel Dimow wrote: > > Just to be clear my goal is to have multiple domains on multiple addresses >> but use one dovecot instance and to let users logging without @domain >> part. >> > > If %l is expanded in the LDAP query, you could add an attribute with the > local IP address, e.g.: > > pass_filter = (&(objectClass=mailUser)(|(**mail=%Lu)(&(localPart=%Lu)(** > localIP=%l)))) > > (check if parenthesis are balanced) Same with user_filter > > The idea: > > mailUserLDAPItem && ( nameWithDomain || ( nameWithoutDomain && localIP ) ) > > So the user could login with domain on any local port and without domain > on one or more local interfaces. > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBUWK5PV3r2wJMiz2NAQKNMA**gAovEJQY0nhBwT0E/**d9tEd6wokF5XlVjpc > 15vvc3zbJ9AaQVMz4LHAx1N4Secx+**BP+**UrJLiPPIegGAPbExA4gjI2oC31sEUc**JB > 8iBtRlbVHLn+**pV0DnlG5FBn0KQgIyX1ml+**AafcFrVOq/PcCTQzdWqO0oyLR6PN8a > SGpArMTweVjMpbhiYdR1fqtc5iYEI2**MefO4OjEG0Xxc2KfqzDZqUSZ1H4+**ftPT9a > oA59e2sc3PRjCrjpeA4UbWNC/**ZEDSJFtt01mX3WZ00HVI/+**gMiPZVY7NTeaCC9W4 > rq0dI2J1O/zP2+**yY40KtuZrSt7Kw4b61LXO8Yp/**fJVpGoZzf6HvuWA=> =/+hu > -----END PGP SIGNATURE----- >