Hello everyone,
i was wondering if it was possible to add master user criteria in ldap
backends.
the idea is that the users, members of a specific group, should be able
to login with their own credentials on behalf of other users.
i've tried setting it up like this:
hosts = localhost
dn = CN=ldapuser,OU=someldapou,DC=domain,DC=tld
dnpass = <password>
auth_bind = yes
ldap_version = 3
base = DC=domain,DC=tld
user_attrs = sAMAccountName=home=/var/vmail/%
$,skip=found,maxStorage=quota_rule=*:storage=%
$M,quota_rule2=Trash:storage=+100M
user_filter = (&(ObjectClass=person)(sAMAccountName=%
u)(memberOf=CN=Domain Admins,CN=Users,DC=domain,DC=tld))
then i added a passdb as follows
passdb {
driver = ldap
master = yes
args = /etc/dovecot/dovecot-ldap-masteruser.conf.ext
}
and of course the separator.
but when i try to login with
realuser*userinadministratorsgroup passwordofuserinadministratorsgroup
i get authentication failed.
am i missing something?
is it even possible to accomplish such thing? because i didn't see any
example in the wiki, only plain passdb and sql.
thanks in advance
Francesco
