Michael JOIGNY
2017-Jun-07 09:48 UTC
Dovecot LDAP using custom field to allow users to connect
Hi all,
I'd like to know if it's possible to add a custom field when the
authentification is made by users.
My boolean custom field will be for example "AllowUser" (false/true).
I'm trying to do something like that but it's not working :
/user_filter =
(&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/
This is my dovecot/ldap configuration below :
/*# dovecot.conf*
/
/passdb {//
// driver = ldap//
// args = /etc/dovecot/dovecot-ldap.conf//
//}/
*# dovecot-ldap.conf*
/hosts = myurl:myport//
//dn = cn=myuser,dc=mydomain,dc=com//
//dnpass = ********//
//a//uth_bind = yes//
//auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com//
//ldap_version = 3//
//base = ou=Users,dc=mydomain,dc=com//
//scope = base//
//default_pass_scheme = SSHA512
/
Do you have an idead ?
Kind regards.
--
Michael
Martin Wheldon
2017-Jun-07 10:59 UTC
Dovecot LDAP using custom field to allow users to connect
Hi Michael, We do exactly that see example below: user_filter = (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u))) pass_filter = (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u))) Does it work without the AllowUser section of the search? Do you get any records back when you do a ldapsearch with your user_filter search? Best Regards Martin On 2017-06-07 09:48, Michael JOIGNY wrote:> Hi all, > > I'd like to know if it's possible to add a custom field when the > authentification is made by users. > > My boolean custom field will be for example "AllowUser" (false/true). > > I'm trying to do something like that but it's not working : > > /user_filter > (&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/ > > This is my dovecot/ldap configuration below : > > /*# dovecot.conf* > / > /passdb {// > // driver = ldap// > // args = /etc/dovecot/dovecot-ldap.conf// > //}/ > > *# dovecot-ldap.conf* > > /hosts = myurl:myport// > //dn = cn=myuser,dc=mydomain,dc=com// > //dnpass = ********// > //a//uth_bind = yes// > //auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com// > //ldap_version = 3// > //base = ou=Users,dc=mydomain,dc=com// > //scope = base// > //default_pass_scheme = SSHA512 > / > Do you have an idead ? > > Kind regards. > > -- > Michael
Martin Wheldon
2017-Jun-07 11:14 UTC
Dovecot LDAP using custom field to allow users to connect
Hi Michael, Just noticed you are using auth_bind_userdn which we don't. I think you may need to use pass_filter rather than user_filter?? Best Regards Martin On 2017-06-07 10:59, Martin Wheldon wrote:> Hi Michael, > > We do exactly that see example below: > > user_filter > (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u)(ukFirmGhITAccMailAlias=%u))) > pass_filter > (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uidNumber=%u)(mail=%u))) > > Does it work without the AllowUser section of the search? > Do you get any records back when you do a ldapsearch with your > user_filter search? > > Best Regards > > Martin > > On 2017-06-07 09:48, Michael JOIGNY wrote: >> Hi all, >> >> I'd like to know if it's possible to add a custom field when the >> authentification is made by users. >> >> My boolean custom field will be for example "AllowUser" (false/true). >> >> I'm trying to do something like that but it's not working : >> >> /user_filter >> (&(objectClass=posixAccount)(uid=%u)(objectClass=myclass)(AllowUser=TRUE))/ >> >> This is my dovecot/ldap configuration below : >> >> /*# dovecot.conf* >> / >> /passdb {// >> // driver = ldap// >> // args = /etc/dovecot/dovecot-ldap.conf// >> //}/ >> >> *# dovecot-ldap.conf* >> >> /hosts = myurl:myport// >> //dn = cn=myuser,dc=mydomain,dc=com// >> //dnpass = ********// >> //a//uth_bind = yes// >> //auth_bind_userdn = uid=%u,ou=users,dc=mydomain,dc=com// >> //ldap_version = 3// >> //base = ou=Users,dc=mydomain,dc=com// >> //scope = base// >> //default_pass_scheme = SSHA512 >> / >> Do you have an idead ? >> >> Kind regards. >> >> -- >> Michael