]> Git — Sourcephile - sourcephile-nix.git/blob - machines/mermet/dovecot/ldap.conf
doc: explain tributes in naming the machines
[sourcephile-nix.git] / machines / mermet / dovecot / ldap.conf
1 debug_level = 0
2
3 # LDAP database
4 uris = ldapi://
5 base = ou=posix,dc=%Dd
6 scope = subtree
7 #deref = never
8 # NOTE: sufficient for small systems and uses less resources.
9 blocking = no
10
11 # LDAP auth
12 sasl_bind = yes
13 sasl_mech = EXTERNAL
14 #dn = cn=admin,dc=%Dd
15 #dnpass = useless with sasl_mech=EXTERNAL
16 # DOC: https://wiki.dovecot.org/AuthDatabase/LDAP/AuthBinds
17 # Using auth_bind is a bit more secure : dovecot does not need
18 # to have read acces to userPassword.
19 auth_bind = yes
20 auth_bind_userdn = uid=%n,ou=accounts,ou=posix,dc=%Dd
21
22 ## dovecot passdb query
23 #pass_filter = (&(objectClass=posixAccount)(uid=%n)(mailEnabled=TRUE))
24 #pass_attrs = uidNumber=userdb_uid,\
25 # gidNumber=userdb_gid,\
26 # mailHomeDirectory=userdb_home,\
27 # mailStorageDirectory=userdb_mail,\
28 # mailGroupMember=userdb_mail_access_groups,\
29 # quotaBytes=userdb_quota_rule=*:bytes=%{ldap:quotaBytes},\
30 # =user=%n@%d
31 #default_pass_scheme = SSHA
32
33 # dovecot userdb query
34 # For dovecot-lda
35 user_filter = (&(objectClass=posixAccount)(uid=%n)(mailEnabled=TRUE))
36 user_attrs = uidNumber=uid,\
37 gidNumber=gid,\
38 mailHomeDirectory=home,\
39 mailStorageDirectory=mail,\
40 mailGroupMember=mail_access_groups,\
41 quotaBytes=quota_rule=*:bytes=%{ldap:quotaBytes}
42
43 # doveadm user query
44 iterate_attrs = =user=%{ldap:uid}@%d
45 iterate_filter = (&(objectClass=posixAccount)(mailEnabled=TRUE))