search for: pass_filter

...smtp/imap/pop3/sieveEnabled field in our LDAP directory to control which user is able to use witch services. The pass filter was used for control the usage for years now with %LsEnabled filter (see below at config dump) We just discovered that this filter is not working anymore! We not even see any pass_filter queries in LDAP. We see user_filter queries but no pass_filter queries. Did we miss something in the changelog? *LDAP configuration:* grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext uris = ldap://ldap.services/ dn = cn=administrator,dc=top dnpass = ************ debug_level = 1 auth_bind = ye...

...of the first passdb from passwd-file to ldap . for user to be rejected, add an LDAP attribute named "foo" with a value of "yes" and map it with something like this : pass_attrs = ....,foo=deny in dovecot-ldap.conf.ext ? b) or could I use only one ldap passdb by changing the pass_filter from pass_filter = (&(objectClass=posixAccount)(uid=%u)) to something like pass_filter = (&(objectClass=posixAccount)(uid=%u)(!foo=yes)) ? Thanks -- Thomas Hummel | Institut Pasteur <hummel at pasteur.fr> | Groupe Exploitation et Infrastructure

...t configuration files: /etc/dovecot-ldap.conf: hosts = localhost dn = cn=dovecot,ou=sysAccounts,dc=mydomain,dc=tld dnpass = password ldap_version = 3 base = ou=mailAccounts,dc=mydomain,dc=tld deref = never scope = subtree user_attrs = mail,,,,, user_filter = (mail=%u) pass_attrs = mail,userPassword pass_filter = user_filter = (mail=%u) default_pass_scheme = CRYPT user_global_uid = 5000 user_global_gid = 5000 /etc/dovecot.conf: protocols = imap imaps pop3s imap_listen = 127.0.0.1 imaps_listen = * pop3s_listen = * ssl_cert_file = /etc/ssl/mydomain.tld/Cert.pem ssl_key_file = /etc/ssl/mydomain.tld/Private...

...o use a user_filter which will choose the correct maildir and user/domain from the email address? My current ldap.conf for domain1: hosts = ldap.domain1.com base = ou=People,dc=domain1,dc=com ldap_version = 3 user_attrs = uid=user user_filter = (uid=%n) pass_attrs = uid=user,userPassword=password pass_filter = (uid=%n) default_pass_scheme = MD5 and for domain2: hosts = ldap.domain2.com base = ou=People,dc=domain2,dc=com ldap_version = 3 user_attrs = \ =mail=maildir:/home/vmail/%{ldap:departmentNumber)/%n/Maildir user_filter = (uid=%n) pass_attrs = uid=%n,userPassword=password pass_filter = (uid=%n...

...p configuration looks quite simple: hosts = 192.168.0.1,192.168.0.2 dn = cn=mailadmin,dc=example,dc=com dnpass = foo auth_bind = yes ldap_version = 3 base = ou=users,dc=example,dc=com user_attrs = mailMessageStore=home user_filter = (&(objectClass=qmailUser)(uid=%u)) pass_filter = (&(objectClass=qmailUser)(uid=%u)) I think dovecot does not know that the username is not the e-mail address, but how can I tell him? Furthermore we have alternative addresses here, so for example there may be an e-mail address bar at example.com owned by foo-example.com who has foo at e...

...uth_bind = yes >>>> auth_bind_userdn = %u at domain.com >>>> ldap_version = 3 >>>> base = dc=rpservices,dc=com >>>> #user_filter = (&(objectclass=person)(mail=%u)) >>>> user_filter = (&(objectclass=person)(uid=%u)) >>>> pass_filter = (&(objectclass=person)(uid=%u)) >>>> user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002 >>>> >>>> >>> you wrote: >>> >>> root at BSD-11:/usr/local/etc/dovecot # doveadm auth test username >>>> >>>>...

...reads as below: #Custom Settings hosts = 192.168.153.143 dn = user at domain.com dnpass = password auth_bind = yes auth_bind_userdn = %u at domain.com ldap_version = 3 base = dc=rpservices,dc=com #user_filter = (&(objectclass=person)(mail=%u)) user_filter = (&(objectclass=person)(uid=%u)) pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002 When I tried to log in again using telnet 127.0.0.1 110, the error shows up in maillog. I first tried logging in with just the username, then I tried using username at domain.com. Using doveadm still...

...168.0.2 >> dn = cn=mailadmin,dc=example,dc=com >> dnpass = foo >> auth_bind = yes >> ldap_version = 3 >> base = ou=users,dc=example,dc=com >> user_attrs = mailMessageStore=home >> user_filter = (&(objectClass=qmailUser)(uid=%u)) >> pass_filter = (&(objectClass=qmailUser)(uid=%u)) >> >> I think dovecot does not know that the username is not the e-mail address, >> but how can I tell him? >> >> Furthermore we have alternative addresses here, so for example there may >> be an e-mail address bar at exam...

...rdb { args = /usr/local/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocol lda { mail_plugins = } #Contents of dovecot-ldap.conf.ext hosts = 192.168.153.143 dn = user at domain.com dnpass = password auth_bind = yes auth_bind_userdn = domain\%u ldap_version = 3 base = dc=domain,dc=com pass_filter = (&(objectclass=person)(uid=%u)) user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002 Amy help would be appreciated.

Hello, When I tested LDAP auth dovecot-auth caught segv, and I found that auth_cache_parse_key() doesn't check query == NULL. I think db-ldap.c/default_ldap_settings.pass_filter should have non-null default value. Please check following patch. regards, -- Kazuo Moriwaka <moriwaka at valinux.co.jp> Index: db-ldap.c =================================================================== RCS file: /home/cvs/dovecot/src/auth/db-ldap.c,v retrieving revision 1.24 diff -r1...

...r > > ldap_version = 3 > > base = ou=People,dc=domain,dc=com > > deref = never > > scope = subtree > > user_attrs = > > user_filter = (&(objectclass=inetOrgPerson)(uid=%n) > > pass_attrs = uid=user,userPassword=password > > pass_filter = (&(objectclass=inetOrgPerson)(uid=%n)) > > default_pass_scheme = SSHA > > > > When I enter a user's email address and password as the following: > > email: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com> > > password: passwo...

...courier server) I used this attribute to map it to an authoption >> called disableimap. This prevent users to access the mailbox with imap >> protocol. >> >> So the question is what should I set in dovecot to get the same >> behaviour? > > You can configure 'pass_filter' to discount entries with your disable- > flag. Affected users won't be able to authenticate with Dovecot, which > I assume is what you are trying to achieve. > > -Ralph > -- Markus Rosjat fon: +49 351 8107223 mail: rosjat at ghweb.de G+H Webservice GbR Gorzolla, H...

...domain.com >> dnpass = password >> auth_bind = yes >> auth_bind_userdn = %u at domain.com >> ldap_version = 3 >> base = dc=rpservices,dc=com >> #user_filter = (&(objectclass=person)(mail=%u)) >> user_filter = (&(objectclass=person)(uid=%u)) >> pass_filter = (&(objectclass=person)(uid=%u)) >> user_attrs = homeDirectory=/home/vmail/%u,uid=1002,gid=1002 >> > > you wrote: > >> root at BSD-11:/usr/local/etc/dovecot # doveadm auth test username >>> >>>> extra fields: >>>> user=username >&...

...ldir > and user/domain from the email address? > > My current ldap.conf for domain1: > > hosts = ldap.domain1.com > base = ou=People,dc=domain1,dc=com > ldap_version = 3 > user_attrs = uid=user > user_filter = (uid=%n) > pass_attrs = uid=user,userPassword=password > pass_filter = (uid=%n) > default_pass_scheme = MD5 > > and for domain2: > hosts = ldap.domain2.com > base = ou=People,dc=domain2,dc=com > ldap_version = 3 > user_attrs = \ > =mail=maildir:/home/vmail/%{ldap:departmentNumber)/%n/Maildir > user_filter = (uid=%n) > pass_attrs = ui...

....com> This is how I connect Dovecot with LDAP hosts = ldapserver ldap_version = 3 base = ou=People,dc=domain,dc=com deref = never scope = subtree user_attrs = user_filter = (&(objectclass=inetOrgPerson)(uid=%n) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectclass=inetOrgPerson)(uid=%n)) default_pass_scheme = SSHA When I enter a user's email address and password as the following: email: firstname.lastname at domain.com<mailto:firstname.lastname at domain.com> password: password and according to my setting which I used &qu...

Hi Michael, Just noticed you are using auth_bind_userdn which we don't. I think you may need to use pass_filter rather than user_filter?? Best Regards Martin On 2017-06-07 10:59, Martin Wheldon wrote: > Hi Michael, > > We do exactly that see example below: > > user_filter = > (&(&(objectClass=ukFirmGhITPerson)(ukFirmGhITAccSubSrvcs=Email)(ukFirmGhITAccLocked=Email-FALSE))(|(uid...

...mail/apps/%d/%n/Maildir mail_debug: yes auth default: passdb: driver: ldap args: /usr/local/dovecot/etc/dovecot-ldap.conf userdb: driver: static args: uid=vmail gid=vmail home=/var/mail/apps/%d/%n Here's the relevant LDAP configuration: auth_bind = yes pass_attrs = uid=user pass_filter = uid=%n I tried setting the mail_location to: maildir:~/Maildir and explicitly specifying the full path, but still the Maildir is getting created with out the %d. Of course, the user is logging in with "admin at domain.com". Any ideas?

Hi list Does anyone has experience in setting up dovecot or any other mail system with user auth against a Samba4 AD ? If yes could I get some advice on that Topic or even a link to a ressource where I can get some Information. Googled a lot but didn't find something yet. Thankx in advance. -- Mit freundlichem Gru? Carsten Laun-De Lellis Hauptstrasse 13 D-67705 Trippstadt Phone: +49

...ind = yes auth_bind_userdn = uid=%u,ou=people,dc=ht ldap_version = 3 scope = subtree base = ou=people,dc=ht user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) This is what I see in Wireshark: http://i.stack.imgur.com/ICzDe.png Dovecot cannot authenticate itself for some reason... If i change the configuration as follows: auth_bind = no #auth_bind_userdn = uid=%u,ou=people,dc=ht Then I get following...

...btree base = cn=Users,dc=NEWIDEATEST,dc=LOCAL auth_bind = yes user_filter = (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(mail=%u)(sAMAccountName=%u)(otherMailbox=%u))) user_attrs = sAMAccountName=user,userPassword=password,=mail=maildir:/home/%n/Maildir/ pass_filter = (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName=%u)) pass_attrs = sAMAccountName=user,userPassword=password The use exists in the database: *root at adc0:/var/log/dovecot# samba-tool user show odhiambo* ldb_wrap open of secrets.ldb dn: CN=Odhiambo Was...