TL;DR:
Can director_username_hash use %{userdb:...} or %{passdb:...} ?
===================================
This is on Ubuntu Precise, running dovecot 2.2.36. It's a fully production,
director-ized env, so assume everything is working correctly. Happy to post
doveconf if it's relevant but wanted to ask a general question first.
I was curious if there's a way to get userdb/passdb data
into director_username_hash. Currently, we've got default hashing (on %u).
I'm returning a SQL field called 'real_username' (the owner of the
mailbox,
so almost never the same as %u). I'd like (for mdbox reasons) to hash on
that rather than %u.
My test SQL is returning (this is just a chunk -- it's duplicated for
testing):
UserName AS userdb_real_username, UserName AS real_username
I can see in my director boxes that it's at least picking up the latter:
passdb out: PASS 1 user=tesbox at mailbox.com proxy=y real_username=testuser
Is it possible to inject 'real_username' into director_username_hash?
That
is, I'd rather hash on 'testuser' instead of 'testbed'.
I've been trying different permutations on my director boxes with no luck.
director_username_hash = %{userdb:real_username}
director_username_hash = %{passdb:real_username}
director_username_hash = %{userdb:userdb_real_username}
director_username_hash = %{passdb:userdb_real_username}
With any of those settings, every mailbox gets hashed to the same backend,
so I'm guessing it's not getting anything useful (i.e. probably
resolving
to the same empty string and hashing on that -- or perhaps is just hashing
on the literal string, e.g. "%{userdb:real_username}" ).
And I'm not even sure if director_username_hash has access to any
passdb/userdb data. Is there a debug setting that would show what string
director is using to do the hashing?
Current debug settings are:
auth_debug = yes
auth_debug_passwords = yes
mail_debug = yes
but not a peep as to the string that director is hashing on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20190412/14267f32/attachment.html>
> On 12 April 2019 21:09 Mark Moseley via dovecot <dovecot at dovecot.org> wrote: > > > TL;DR: > > Can director_username_hash use %{userdb:...} or %{passdb:...} ? > > ===================================> > This is on Ubuntu Precise, running dovecot 2.2.36. It's a fully production, director-ized env, so assume everything is working correctly. Happy to post doveconf if it's relevant but wanted to ask a general question first. > > I was curious if there's a way to get userdb/passdb data into?director_username_hash. Currently, we've got default hashing (on %u). I'm returning a SQL field called 'real_username' (the owner of the mailbox, so almost never the same as %u). I'd like (for mdbox reasons) to hash on that rather than %u. > > My test SQL is returning (this is just a chunk -- it's duplicated for testing): > UserName AS userdb_real_username, UserName AS real_username > > I can see in my director boxes that it's at least picking up the latter: > > passdb out: PASS1user=tesbox at mailbox.comproxy=yreal_username=testuser > > Is it possible to inject 'real_username' into director_username_hash? That is, I'd rather hash on 'testuser' instead of 'testbed'. > > I've been trying different permutations on my director boxes with no luck. > > director_username_hash = %{userdb:real_username} > director_username_hash = %{passdb:real_username} > director_username_hash = %{userdb:userdb_real_username} > director_username_hash = %{passdb:userdb_real_username} > > With any of those settings, every mailbox gets hashed to the same backend, so I'm guessing it's not getting anything useful (i.e. probably resolving to the same empty string and hashing on that -- or perhaps is just hashing on the literal string, e.g. "%{userdb:real_username}"?). > > And I'm not even sure if director_username_hash has access to any passdb/userdb data. Is there a debug setting that would show what string director is using to do the hashing? > > Current debug settings are: > > auth_debug = yes > auth_debug_passwords = yes > mail_debug = yes > > but not a peep as to the string that director is hashing on.Hi! The only variables usable on director_username_hashing are (u)ser, user(n)ame and (d)omain. Aki
On Fri, Apr 12, 2019 at 11:14 AM Aki Tuomi <aki.tuomi at open-xchange.com> wrote:> > > On 12 April 2019 21:09 Mark Moseley via dovecot <dovecot at dovecot.org> > wrote: > > > > > > TL;DR: > > > > Can director_username_hash use %{userdb:...} or %{passdb:...} ? > > > > ===================================> > > > This is on Ubuntu Precise, running dovecot 2.2.36. It's a fully > production, director-ized env, so assume everything is working correctly. > Happy to post doveconf if it's relevant but wanted to ask a general > question first. > > > > I was curious if there's a way to get userdb/passdb data > into director_username_hash. Currently, we've got default hashing (on %u). > I'm returning a SQL field called 'real_username' (the owner of the mailbox, > so almost never the same as %u). I'd like (for mdbox reasons) to hash on > that rather than %u. > > > > My test SQL is returning (this is just a chunk -- it's duplicated for > testing): > > UserName AS userdb_real_username, UserName AS real_username > > > > I can see in my director boxes that it's at least picking up the latter: > > > > passdb out: PASS1user=tesbox at mailbox.comproxy=yreal_username=testuser > > > > Is it possible to inject 'real_username' into director_username_hash? > That is, I'd rather hash on 'testuser' instead of 'testbed'. > > > > I've been trying different permutations on my director boxes with no > luck. > > > > director_username_hash = %{userdb:real_username} > > director_username_hash = %{passdb:real_username} > > director_username_hash = %{userdb:userdb_real_username} > > director_username_hash = %{passdb:userdb_real_username} > > > > With any of those settings, every mailbox gets hashed to the same > backend, so I'm guessing it's not getting anything useful (i.e. probably > resolving to the same empty string and hashing on that -- or perhaps is > just hashing on the literal string, e.g. "%{userdb:real_username}" ). > > > > And I'm not even sure if director_username_hash has access to any > passdb/userdb data. Is there a debug setting that would show what string > director is using to do the hashing? > > > > Current debug settings are: > > > > auth_debug = yes > > auth_debug_passwords = yes > > mail_debug = yes > > > > but not a peep as to the string that director is hashing on. > > Hi! > > The only variables usable on director_username_hashing are (u)ser, > user(n)ame and (d)omain. > >Ok, thanks for the info! -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190412/7755423c/attachment-0001.html>