hosts/mermet/dovecot/ldap.conf

   1 debug_level = 0
   2
   3 # LDAP database
   4 uris = ldapi://
   5 base = ou=posix,dc=%Dd
   6 scope = subtree
   7 #deref = never
   8 # NOTE: sufficient for small systems and uses less resources.
   9 blocking = no
  10
  11 # LDAP auth
  12 sasl_bind = yes
  13 sasl_mech = EXTERNAL
  14 #dn = cn=admin,dc=%Dd
  15 #dnpass = useless with sasl_mech=EXTERNAL
  16 # DOC: https://wiki.dovecot.org/AuthDatabase/LDAP/AuthBinds
  17 # Using auth_bind is a bit more secure : dovecot does not need
  18 # to  have read acces to userPassword.
  19 auth_bind = yes
  20 auth_bind_userdn = uid=%n,ou=accounts,ou=posix,dc=%Dd
  21
  22 ## dovecot passdb query
  23 #pass_filter = (&(objectClass=posixAccount)(uid=%n)(mailEnabled=TRUE))
  24 #pass_attrs = uidNumber=userdb_uid,\
  25 #             gidNumber=userdb_gid,\
  26 #             mailHomeDirectory=userdb_home,\
  27 #             mailStorageDirectory=userdb_mail,\
  28 #             mailGroupMember=userdb_mail_access_groups,\
  29 #             quotaBytes=userdb_quota_rule=*:bytes=%{ldap:quotaBytes},\
  30 #             =user=%n@%d
  31 #default_pass_scheme = SSHA
  32
  33 # dovecot userdb query
  34 # For dovecot-lda
  35 user_filter = (&(objectClass=posixAccount)(uid=%n)(mailEnabled=TRUE))
  36 user_attrs = uidNumber=uid,\
  37              gidNumber=gid,\
  38              mailHomeDirectory=home,\
  39              mailStorageDirectory=mail,\
  40              mailGroupMember=mail_access_groups,\
  41              mailQuota=quota_rule=*:bytes=%{ldap:mailQuota}
  42
  43 # doveadm user query
  44 iterate_attrs = =user=%{ldap:uid}@%d
  45 iterate_filter = (&(objectClass=posixAccount)(mailEnabled=TRUE))