"Krisztián Szegi" k....@mszk.eu – 15 November 2022 20:18 > "Michael Ströder" mich...@stroeder.com – 15 November 2022 15:00 > > On 11/15/22 13:45, Krisztián Szegi wrote: > >> I'd like to report that non-binding auth to (Open)LDAP doesn't work > >> if the latter hashes passwords with ARGON2. > > Could you please elaborate why using LDAP bind is a problem for you? > > > > Ciao, Michael. > > > > > > Fair enough question! > > I cannot specify bind_dn template due to mismatched mail addresses and user > DNs, and I thought that that would be suboptimal due to re-binding. > I am a bit confused about how to optimize LDAP lookups now (static files not > option :), re-reading the docs it just made me question more things > - auth_bind_dn cannot be given in my case, as a fixed starting point > - auth_bind adds a temporary binding (using pass_filter) > - can I use userdb prefetch? Docs say I cannot if I use bind with template, > but I am not using the latter. So the search for the user's dn during auth IS > the passdb lookup? > - assuming I am correct, I should give back stuff with passdb lookup: or do I? > - Must I give back userid an guid? 10-mail.conf has "vmail" for both, as > mail accounts don't have UNIX ones linked to them... > - same for home? There is no default I've given until userdb lookup. Just > specify a global mail_home with variables, and get on with life? > -if I should give back one, should I pass it with default_fields = > userdb_home (currently I specify it under default_fields:home in userdb > lookup as LDAP doesn't override home). > > The docs are confusing around userdb. The main thing what is not clear that > they CAN override fields on a per-user basis, but must they provide them for > non-extra fields, when there are global settings for those? > > Thanks! > > BTW, thanks for the great software all of you. > Michael, I've come across some of your work, you have my respect! >
On second though: I switched to auth_bind = yes, (I'll start a new thread on optimizing passdb and userdb, because the scattered documentation has some holes in it I think) but my patch is still needed - if I understand correctly - because I use postfix with dovecot as LMTP and auth backend.