bingen
/
rpi_docker_home_server
Следить 1
В избранное 0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
71 коммит
6 Ветки
Дерево: 1a6f495e78
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '1a6f495e78'
${ noResults }
rpi_docker_home_server/images/email/config/dovecot/dovecot-ldap.conf.ext

155 lines
5.6KB
Исходник Blame История 

  1. # This file is commonly accessed via passdb {} or userdb {} section in

  2. # conf.d/auth-ldap.conf.ext

  3. 

  4. # This file is opened as root, so it should be owned by root and mode 0600.

  5. #

  6. # http://wiki2.dovecot.org/AuthDatabase/LDAP

  7. #

  8. # NOTE: If you're not using authentication binds, you'll need to give

  9. # dovecot-auth read access to userPassword field in the LDAP server.

  10. # With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should

  11. # already be something like this:

  12. 

  13. # access to attribute=userPassword

  14. #        by dn="<dovecot's dn>" read # add this

  15. #        by anonymous auth

  16. #        by self write

  17. #        by * none

  18. 

  19. # Space separated list of LDAP hosts to use. host:port is allowed too.

  20. #hosts =

  21. 

  22. # LDAP URIs to use. You can use this instead of hosts list. Note that this

  23. # setting isn't supported by all LDAP libraries.

  24. #uris = 

  25. 

  26. # Distinguished Name - the username used to login to the LDAP server.

  27. # Leave it commented out to bind anonymously (useful with auth_bind=yes).

  28. #dn = 

  29. 

  30. # Password for LDAP server, if dn is specified.

  31. #dnpass = 

  32. 

  33. # Use SASL binding instead of the simple binding. Note that this changes

  34. # ldap_version automatically to be 3 if it's lower. Also note that SASL binds

  35. # and auth_bind=yes don't work together.

  36. #sasl_bind = no

  37. # SASL mechanism name to use.

  38. #sasl_mech =

  39. # SASL realm to use.

  40. #sasl_realm =

  41. # SASL authorization ID, ie. the dnpass is for this "master user", but the

  42. # dn is still the logged in user. Normally you want to keep this empty.

  43. #sasl_authz_id =

  44. 

  45. # Use TLS to connect to the LDAP server.

  46. #tls = no

  47. # TLS options, currently supported only with OpenLDAP:

  48. #tls_ca_cert_file =

  49. #tls_ca_cert_dir =

  50. #tls_cipher_suite =

  51. # TLS cert/key is used only if LDAP server requires a client certificate.

  52. #tls_cert_file =

  53. #tls_key_file =

  54. # Valid values: never, hard, demand, allow, try

  55. #tls_require_cert =

  56. 

  57. # Use the given ldaprc path.

  58. #ldaprc_path =

  59. 

  60. # LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h.

  61. # -1 = everything. You may need to recompile OpenLDAP with debugging enabled

  62. # to get enough output.

  63. #debug_level = 0

  64. 

  65. # Use authentication binding for verifying password's validity. This works by

  66. # logging into LDAP server using the username and password given by client.

  67. # The pass_filter is used to find the DN for the user. Note that the pass_attrs

  68. # is still used, only the password field is ignored in it. Before doing any

  69. # search, the binding is switched back to the default DN.

  70. #auth_bind = no

  71. 

  72. # If authentication binding is used, you can save one LDAP request per login

  73. # if users' DN can be specified with a common template. The template can use

  74. # the standard %variables (see user_filter). Note that you can't

  75. # use any pass_attrs if you use this setting.

  76. #

  77. # If you use this setting, it's a good idea to use a different

  78. # dovecot-ldap.conf.ext for userdb (it can even be a symlink, just as long as

  79. # the filename is different in userdb's args). That way one connection is used

  80. # only for LDAP binds and another connection is used for user lookups.

  81. # Otherwise the binding is changed to the default DN before each user lookup.

  82. #

  83. # For example:

  84. #   auth_bind_userdn = cn=%u,ou=people,o=org

  85. #

  86. #auth_bind_userdn =

  87. 

  88. # LDAP protocol version to use. Likely 2 or 3.

  89. #ldap_version = 3

  90. 

  91. # LDAP base. %variables can be used here.

  92. # For example: dc=mail, dc=example, dc=org

  93. base =

  94. 

  95. # Dereference: never, searching, finding, always

  96. #deref = never

  97. 

  98. # Search scope: base, onelevel, subtree

  99. #scope = subtree

  100. 

  101. # User attributes are given in LDAP-name=dovecot-internal-name list. The

  102. # internal names are:

  103. #   uid - System UID

  104. #   gid - System GID

  105. #   home - Home directory

  106. #   mail - Mail location

  107. #

  108. # There are also other special fields which can be returned, see

  109. # http://wiki2.dovecot.org/UserDatabase/ExtraFields

  110. #user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid

  111. 

  112. # Filter for user lookup. Some variables can be used (see

  113. # http://wiki2.dovecot.org/Variables for full list):

  114. #   %u - username

  115. #   %n - user part in user@domain, same as %u if there's no domain

  116. #   %d - domain part in user@domain, empty if user there's no domain

  117. #user_filter = (&(objectClass=posixAccount)(uid=%u))

  118. 

  119. # Password checking attributes:

  120. #  user: Virtual user name (user@domain), if you wish to change the

  121. #        user-given username to something else

  122. #  password: Password, may optionally start with {type}, eg. {crypt}

  123. # There are also other special fields which can be returned, see

  124. # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields

  125. #pass_attrs = uid=user,userPassword=password

  126. 

  127. # If you wish to avoid two LDAP lookups (passdb + userdb), you can use

  128. # userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll

  129. # also have to include user_attrs in pass_attrs field prefixed with "userdb_"

  130. # string. For example:

  131. #pass_attrs = uid=user,userPassword=password,\

  132. #  homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid

  133. 

  134. # Filter for password lookups

  135. #pass_filter = (&(objectClass=posixAccount)(uid=%u))

  136. 

  137. # Attributes and filter to get a list of all users

  138. #iterate_attrs = uid=user

  139. #iterate_filter = (objectClass=posixAccount)

  140. 

  141. # Default password scheme. "{scheme}" before password overrides this.

  142. # List of supported schemes is in: http://wiki2.dovecot.org/Authentication

  143. #default_pass_scheme = CRYPT

  144. 

  145. hosts = ${LDAP_SERVER_HOST}

  146. dn = ${LDAP_BIND_DN}

  147. dnpass = ${LDAP_BIND_PWD}

  148. ldap_version = 3

  149. base = ${LDAP_SEARCH_BASE}

  150. user_attrs = mailHomeDirectory=home,mailUidNumber=uid,mailGidNumber=gid,mailStorageDirectory=mail

  151. user_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))

  152. pass_attrs = uniqueIdentifier=user,userPassword=password

  153. pass_filter = (&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))

  154. default_pass_scheme = CRYPT