Good morning,
OK (If I am wrong someone please update this!)
Trying to run multiple auth schemes when sasl is avaliable etc is overkill
Next trying to auth via AD (this is mainly another mess windows made) is
also impractible, sasl was invented as an auth layer in the first place
to then provide various auth mech's to a backend (ldap, mysql, pgsql,
local etc etc etc)
if you have sasl running for postfix, use that for dovecot or at the
very least setup dovecot to read the database you have running sasl
layer directly (what I am doing)
if you are running different users & passwords in different setups then
you will have to update sasl to have the same auth info in it anyways
for postfix to work thus making AD and whatever else not needed ?
Again just my opinion without more detail but AD was never designed (to
my knowledge) to auth users for user@domain ?
AD was maily designed for domains & users across multiple network
servers (ie one login to auth multiple servers?)
FYI
Have A Happy Tuesday !!!
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Scom.ca Internet Services <http://www.scom.ca>
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3
Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email p...@scom.ca
On 11/13/2023 4:03 PM, bd730c5053df9efb via dovecot wrote:
Hi!
I'm trying to setup dovecot 2.3.17 such that it authenticates users against a
samba4 ad dc when they connect through imap. I would also need dovecot to
authenticate the same users through sasl so that postfix can relay mails based
on the user's auth and finally I would also need for an lmtp service that maps
email addresses into AD users.
I've been tinkering with dovecot-ldap.conf.ext using auth_bind = yes and no,
with all sorts of pass_filters, user_filter, pass_attr and user_attr and I just
can't figure out how it works.
I assume that for the auth part (both imap and sasl) I would rather benefit with using
auth_bind = yes and auth_bind_userdn = %u and I seem to be able to authenticate the user
but I can't get the passdb to prefetch the userdb attributes. I also assume that for lmtp
to be able to fetch the ad information it would be necessary for dovecot to be able to
bind to the ad ldap server with a "service account" to be able to query the
ldap server and I haven't been able to figure out how to have both kinds of auth schemas.
Does anyone know of some documentation that could clarify some of this issues,
I have been searching the web for days to no avail.
I'm sorry I can't show what I have tried for I have tried so many things with
more or less the same lack of success that I wouldn't know where to start.
Thanks in advance.
Best regards,
Dave.
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
