Mail-crypt won't encrypt emails
Hi, We're running Dovecot 2.2.36 and we need to set up the mail-crypt plugin to encrypt all incoming and outgoing emails. Outgoing emails seem to get encrypted fine but the incoming ones don't. We tried everything including this config: mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt plugin { mail_crypt_global_private_key =
Re: lmtp and virtual users
Dear Aki, good afternoon. Thank you very much for your response and thank you again for the tip on how I could resolve this issue. The problem I'm facing is that I need dovecot to serve emails with two different authorization methods for imap and sasl, one through the kerberos ticket as in https://wiki.dovecot.org/Authentication/Kerberos which I have working but only with a static userdb and also with plain (over tls of course) performing an ldap bind. I also need to verify the validity of incoming emails for the lmtp process. I have only managed to get plain working with the ldap userdb, or the kerberos solution with static databases and no address verification working but not both. I believe I could set up two different dovecot instances listening on different ports or even on different ip addresses over the same ethernet device but I believe I would run into problems with the locking of files and I would like a one solution to serve them all. Is this even possible? Is there information on how to achieve this somewhere I haven't found? Thank you very much again. Best regards, David Wells. El 30/09/2019 a las 03:36, Aki Tuomi escribió: > On 27.9.2019 23.21, David Wells - Alfavinil S.A. via dovecot wrote: >> Good afternoon. >> >> I have dovecot setup to authenticate virtual users using either gssapi >> or doind a bind to an ldap server to achieve a single sign on capable >> imap server connected to a samba active directory DC. What I am also >> trying to achieve is to have dovecot's lmtp daemon handle the mails >> passed from postfix. However, the only way I've gotten this to work is >> setting allow_all_users = yes in the userdb but this causes lmtp to >> deliver mails to non existant accounts without rejection. I've been >> searching but haven't found a way to set this same thing up but having >> dovecots lmtp check the validity of the mails recipient against the same >> samba AD DC through ldap before delivering it and rejecting unknown >> email addresses. Could someone please provide some insight into how to >> achieve this? >> >> Thank you very much in advance. >> Best regards, >> David Wells. >> >> > You could setup LDAP userdb without bind authentication, and use a > service account instead. > > Aki >
Re: Sieve replication - does not replicate
Hi, On 30.09.19 16:51, Daniel Botting via dovecot wrote: Hi, I have two servers replicating mail as required, the directory structure (per user), however they will not replicate the sieve scripts directory: server 1 Maildir sieve server 2 Maildir Output of doveconf -n on server 1: # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -Pn > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:51: ssl_protocols has been replaced by ssl_min_protocol doveconf: Error: Could not find a minimum ssl_min_protocol setting from ssl_protocols = !SSLv2 !SSLv3: Unrecognized protocol 'SSLv2' doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -Pn > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:51: ssl_protocols has been replaced by ssl_min_protocol doveconf: Error: Could not find a minimum ssl_min_protocol setting from ssl_protocols = !SSLv2 !SSLv3: Unrecognized protocol 'SSLv2' # OS: Linux 4.19.0-6-amd64 x86_64 Debian 10.1 # Hostname: a_tld auth_verbose = yes default_vsz_limit = 0 doveadm_password = # hidden, use -P to show it first_valid_gid = 8 first_valid_uid = 8 last_valid_gid = 8 last_valid_uid = 8 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_gid = 8 mail_location = maildir:~/Maildir mail_plugins = " notify replication" mail_uid = 8 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext editheader imapflags namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { mail_replica = tcps:a_tld:12345 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +editheader +imapflags } protocols = " imap sieve pop3" replication_max_conns = 4 service aggregator { fifo_listener replication-notify-fifo { user = mail } unix_listener replication-notify { user = mail } } service auth { unix_listener /var/run/dovecot-exim-bridge { mode = 0660 user = Debian-exim } } service doveadm { inet_listener { port = 12345 ssl = yes } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_limit = 512 process_min_avail = 4 service_count = 1 } service imap { process_limit = 1024 } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 1 service_count = 8 vsz_limit = 256 M } service managesieve { process_limit = 1024 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl = required ssl_cert = The only error message I can see in the logs (/var/log/mail.err) is, this is not for every user and is only occasionally: Sep 30 14:46:34 imap2 dovecot: lda(a_user)<1306>: Error: sieve: Failed to initialize script execution: Invalid postmaster_address: invalid address `postmaster@' specified for the postmaster_address setting Any suggestions would be much appreciated. this problem was finally solved in 2.3.7.2. Best regards, Gordon smime.p7s Description: S/MIME Cryptographic Signature
Sieve replication - does not replicate
Hi, I have two servers replicating mail as required, the directory structure (per user), however they will not replicate the sieve scripts directory: server 1 Maildir sieve server 2 Maildir Output of doveconf -n on server 1: # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -Pn > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:51: ssl_protocols has been replaced by ssl_min_protocol doveconf: Error: Could not find a minimum ssl_min_protocol setting from ssl_protocols = !SSLv2 !SSLv3: Unrecognized protocol 'SSLv2' doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -Pn > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:51: ssl_protocols has been replaced by ssl_min_protocol doveconf: Error: Could not find a minimum ssl_min_protocol setting from ssl_protocols = !SSLv2 !SSLv3: Unrecognized protocol 'SSLv2' # OS: Linux 4.19.0-6-amd64 x86_64 Debian 10.1 # Hostname: a_tld auth_verbose = yes default_vsz_limit = 0 doveadm_password = # hidden, use -P to show it first_valid_gid = 8 first_valid_uid = 8 last_valid_gid = 8 last_valid_uid = 8 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_gid = 8 mail_location = maildir:~/Maildir mail_plugins = " notify replication" mail_uid = 8 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext editheader imapflags namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { mail_replica = tcps:a_tld:12345 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +editheader +imapflags } protocols = " imap sieve pop3" replication_max_conns = 4 service aggregator { fifo_listener replication-notify-fifo { user = mail } unix_listener replication-notify { user = mail } } service auth { unix_listener /var/run/dovecot-exim-bridge { mode = 0660 user = Debian-exim } } service doveadm { inet_listener { port = 12345 ssl = yes } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_limit = 512 process_min_avail = 4 service_count = 1 } service imap { process_limit = 1024 } service managesieve-login { inet_listener sieve { port = 4190 } process_min_avail = 1 service_count = 8 vsz_limit = 256 M } service managesieve { process_limit = 1024 } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl = required ssl_cert = The only error message I can see in the logs (/var/log/mail.err) is, this is not for every user and is only occasionally: Sep 30 14:46:34 imap2 dovecot: lda(a_user)<1306>: Error: sieve: Failed to initialize script execution: Invalid postmaster_address: invalid address `postmaster@' specified for the postmaster_address setting Any suggestions would be much appreciated. Cheers -- Daniel
Re: courier to dovecot migration
> > On 30.9.2019 13.40, tovises wrote: >>> On 30 Sep 2019, at 13.13, tovises via dovecot wrote: WOW! - amazing quickly, I'm really grateful. I was using: -u tovis imapc: nusi but still something wrong. Patstebin: https://pastebin.com/tH4wzJka The most relevant part (I think) is: dsync-local(tovis): Error: read(remote) failed: EOF (version not received) doveadm(tovis): Fatal: execvp(imapc:) failed: No such file or directory What I have missed (doveadm trying to execute something but what). Any suggestion? >>> try: >>> >>> doveadm -D -o imapc_user=tovis -o pop3c_user=tovis -o >>> imapc_password= -o pop3c_password= backup -u tovis >>> -R >>> imapc: >>> >>> Sami >>> >>> >>> >> Hello Sami! >> This was the previous version, but if it could help: >> https://pastebin.com/3X3BKinB >> >> One more question, isa it possible, that I do not need >> pop3c_user/pop3c_password? >> I do not have pop3 server on remote server, I have only IMAP. >> >> Sincerely >> tovis >> >> > You don't need it, then. And you do not need the pop3_uidl_migration > plugin either, then. > > Your paste indicates that your config / command line is missing > imapc_host setting, so add to your config file > > imapc_host=nusi # or the fqdn name > > Aki > Tath's help! But something still missing :( $ sudo doveadm -D -o imapc_user=tovis -o imapc_password= -o imapc_host=nusi -R -u tovis imapc: Exited with messages (excerption - too many private information exposed): dsync(tovis): Debug: brain M: Mailbox INBOX.threatposts: local=/0/0, remote=a557d4d9d858c0ceceef5cd10a973bdc/0/1: mailbox not selectable yet dsync(tovis): Debug: brain M: Mailbox INBOX.todo: local=/0/0, remote=891e2fe9dc8874c0a19e496acf802566/0/1: mailbox not selectable yet dsync(tovis): Debug: brain M: Deleting mailbox 'INBOX' (GUID 2e829f01d5cc915dd10356dcb805): UIDVALIDITY changed (1454614013 -> 1569836245) dsync(tovis): Error: Mailbox INBOX sync: mailbox_delete failed: INBOX can't be deleted. dsync(tovis): Debug: brain S: Remote mailbox tree: INBOX guid=2e829f01d5cc915dd10356dcb805 uid_validity=1569836245 uid_next=2 subs=no last_change=0 last_subs=0 dsync(tovis): Debug: imapc(nusi:143): Disconnected I was trying to add " -o mail_fsync=never backup" option, but it doesn't help. Why even trying to delete a folder such INBOX? Option "backup" must be "copy" not synchronize. I was check ~/Maildir for dovecot on localhost but no changes - the debug output of doveadm gives several hundred output rows such as: sync(tovis): Debug: brain M: Mailbox INBOX.lists.openwrt: local=/0/0, remote=bc99ab2a6d9557ef23628f0ba159ee3c/0/1: mailbox not selectable yet (This seem to be the academic horse - Hungarian proverb for every where something wrong/sick) Any suggestion? Sincerely tovis
Re: courier to dovecot migration
On 30.9.2019 13.40, tovises wrote: >> >>> On 30 Sep 2019, at 13.13, tovises via dovecot >>> wrote: >>> WOW! - amazing quickly, I'm really grateful. >>> >>> I was using: -u tovis imapc: nusi but still something wrong. >>> Patstebin: https://pastebin.com/tH4wzJka >>> The most relevant part (I think) is: >>> dsync-local(tovis): Error: read(remote) failed: >>> EOF (version not received) >>> doveadm(tovis): Fatal: execvp(imapc:) failed: No such file or directory >>> >>> What I have missed (doveadm trying to execute something but what). >>> Any suggestion? >> try: >> >> doveadm -D -o imapc_user=tovis -o pop3c_user=tovis -o >> imapc_password= -o pop3c_password= backup -u tovis -R >> imapc: >> >> Sami >> >> >> > Hello Sami! > This was the previous version, but if it could help: > https://pastebin.com/3X3BKinB > > One more question, isa it possible, that I do not need > pop3c_user/pop3c_password? > I do not have pop3 server on remote server, I have only IMAP. > > Sincerely > tovis > > You don't need it, then. And you do not need the pop3_uidl_migration plugin either, then. Your paste indicates that your config / command line is missing imapc_host setting, so add to your config file imapc_host=nusi # or the fqdn name Aki
Re: courier to dovecot migration
> > >> On 30 Sep 2019, at 13.13, tovises via dovecot >> wrote: >>> >> WOW! - amazing quickly, I'm really grateful. >> >> I was using: -u tovis imapc: nusi but still something wrong. >> Patstebin: https://pastebin.com/tH4wzJka >> The most relevant part (I think) is: >> dsync-local(tovis): Error: read(remote) failed: >> EOF (version not received) >> doveadm(tovis): Fatal: execvp(imapc:) failed: No such file or directory >> >> What I have missed (doveadm trying to execute something but what). >> Any suggestion? > > try: > > doveadm -D -o imapc_user=tovis -o pop3c_user=tovis -o > imapc_password= -o pop3c_password= backup -u tovis -R > imapc: > > Sami > > > Hello Sami! This was the previous version, but if it could help: https://pastebin.com/3X3BKinB One more question, isa it possible, that I do not need pop3c_user/pop3c_password? I do not have pop3 server on remote server, I have only IMAP. Sincerely tovis
Re: courier to dovecot migration
> On 30 Sep 2019, at 13.13, tovises via dovecot wrote: >> > WOW! - amazing quickly, I'm really grateful. > > I was using: -u tovis imapc: nusi but still something wrong. > Patstebin: https://pastebin.com/tH4wzJka > The most relevant part (I think) is: > dsync-local(tovis): Error: read(remote) failed: > EOF (version not received) > doveadm(tovis): Fatal: execvp(imapc:) failed: No such file or directory > > What I have missed (doveadm trying to execute something but what). > Any suggestion? try: doveadm -D -o imapc_user=tovis -o pop3c_user=tovis -o imapc_password= -o pop3c_password= backup -u tovis -R imapc: Sami
Re: courier to dovecot migration
> > On 30.9.2019 12.38, tovises wrote: >>> On 29.9.2019 23.38, tovises via dovecot wrote: I have a quite old home server based on Debian 6.x packages using courier imap server (exim4, fetchmail, courier, apache2, squirrelmail) to keep my and my wife emails (about 25G). I want renew my server to Debian 10 (buster) and got a recommendation to use dovecot instead of courier. For this purpose I'm using a different PC as a sandbox. Debian 10 currently offer dovecot version 2.3.4.1 Installation was "peaceful" but stuck with the migration. I have choose migration using dsync, from Wiki I was choose this command: For per-user user/passwords use: doveadm -o imapc_user=foo -o pop3c_user=foo -o imapc_password=bar -o pop3c_password=bar backup -R -u user@domain imapc: (foo and bar placed real username and password) But I get error: doveadm(to...@nusi.tovis-lab.mydomain.org): Error: User doesn't exist Strongly I have no real domain, I'm using "freedns". "nusi" is the local name of my old server, "tovis-lab" is conjunction with "mydomain.org" choose from freedns. I was trying short as "nusi" which is in /etc/hosts file even ip address but the same result. 143 and 943 ports are working only inside the firewall (OpenWrt). I was checked using telnet courier on the "remote" box and dovecot on the localhost. I was able to login. What should I use as "user@domain" in this situation? tovis >>> Hi! >>> >>> -u parameter should be your *local* username, @domain is optional. >>> >>> Aki >>> >>> >>> >> Thank you Aki for quick response! >> Where i should define the remote IMAP server address/hostname? >> My localhost run dovecot, remote host (other box) running courier. >> The user name is the same (password too). >> -u tovis >> gives me "Error: Failed to initialize user: Namespace ''; Mailbox list >> driver imapc: missing imapc_host" >> >> Sincerely >> tovis >> > You can put imapc_host and pop3c_host into config file or provide them > with -o. If you want to migrate POP3 uidls you need to make sure you > load that plugin, in either config or providing -o "mail_plugins=list of > plugins". > > Aki > > > WOW! - amazing quickly, I'm really grateful. I was using: -u tovis imapc: nusi but still something wrong. Patstebin: https://pastebin.com/tH4wzJka The most relevant part (I think) is: dsync-local(tovis): Error: read(remote) failed: EOF (version not received) doveadm(tovis): Fatal: execvp(imapc:) failed: No such file or directory What I have missed (doveadm trying to execute something but what). Any suggestion? Sincerely tovis
Re: courier to dovecot migration
On 30.9.2019 12.38, tovises wrote: >> On 29.9.2019 23.38, tovises via dovecot wrote: >>> I have a quite old home server based on Debian 6.x packages using >>> courier >>> imap server (exim4, fetchmail, courier, apache2, squirrelmail) to keep >>> my >>> and my wife emails (about 25G). >>> I want renew my server to Debian 10 (buster) and got a recommendation to >>> use dovecot instead of courier. For this purpose I'm using a different >>> PC >>> as a sandbox. Debian 10 currently offer dovecot version 2.3.4.1 >>> Installation was "peaceful" but stuck with the migration. I have choose >>> migration using dsync, from Wiki I was choose this command: >>> >>> For per-user user/passwords use: >>> >>> doveadm -o imapc_user=foo -o pop3c_user=foo -o imapc_password=bar -o >>> pop3c_password=bar backup -R -u user@domain imapc: >>> >>> (foo and bar placed real username and password) >>> >>> But I get error: >>> doveadm(to...@nusi.tovis-lab.mydomain.org): Error: User doesn't exist >>> >>> Strongly I have no real domain, I'm using "freedns". "nusi" is the local >>> name of my old server, "tovis-lab" is conjunction with "mydomain.org" >>> choose from freedns. I was trying short as "nusi" which is in /etc/hosts >>> file even ip address but the same result. 143 and 943 ports are working >>> only inside the firewall (OpenWrt). >>> I was checked using telnet courier on the "remote" box and dovecot on >>> the >>> localhost. I was able to login. >>> >>> What should I use as "user@domain" in this situation? >>> >>> tovis >>> >>> >>> >> Hi! >> >> -u parameter should be your *local* username, @domain is optional. >> >> Aki >> >> >> > Thank you Aki for quick response! > Where i should define the remote IMAP server address/hostname? > My localhost run dovecot, remote host (other box) running courier. > The user name is the same (password too). > -u tovis > gives me "Error: Failed to initialize user: Namespace ''; Mailbox list > driver imapc: missing imapc_host" > > Sincerely > tovis > You can put imapc_host and pop3c_host into config file or provide them with -o. If you want to migrate POP3 uidls you need to make sure you load that plugin, in either config or providing -o "mail_plugins=list of plugins". Aki
Re: courier to dovecot migration
> > On 29.9.2019 23.38, tovises via dovecot wrote: >> I have a quite old home server based on Debian 6.x packages using >> courier >> imap server (exim4, fetchmail, courier, apache2, squirrelmail) to keep >> my >> and my wife emails (about 25G). >> I want renew my server to Debian 10 (buster) and got a recommendation to >> use dovecot instead of courier. For this purpose I'm using a different >> PC >> as a sandbox. Debian 10 currently offer dovecot version 2.3.4.1 >> Installation was "peaceful" but stuck with the migration. I have choose >> migration using dsync, from Wiki I was choose this command: >> >> For per-user user/passwords use: >> >> doveadm -o imapc_user=foo -o pop3c_user=foo -o imapc_password=bar -o >> pop3c_password=bar backup -R -u user@domain imapc: >> >> (foo and bar placed real username and password) >> >> But I get error: >> doveadm(to...@nusi.tovis-lab.mydomain.org): Error: User doesn't exist >> >> Strongly I have no real domain, I'm using "freedns". "nusi" is the local >> name of my old server, "tovis-lab" is conjunction with "mydomain.org" >> choose from freedns. I was trying short as "nusi" which is in /etc/hosts >> file even ip address but the same result. 143 and 943 ports are working >> only inside the firewall (OpenWrt). >> I was checked using telnet courier on the "remote" box and dovecot on >> the >> localhost. I was able to login. >> >> What should I use as "user@domain" in this situation? >> >> tovis >> >> >> > Hi! > > -u parameter should be your *local* username, @domain is optional. > > Aki > > > Thank you Aki for quick response! Where i should define the remote IMAP server address/hostname? My localhost run dovecot, remote host (other box) running courier. The user name is the same (password too). -u tovis gives me "Error: Failed to initialize user: Namespace ''; Mailbox list driver imapc: missing imapc_host" Sincerely tovis
Re: sieve - segmentation fault
On 30.9.2019 8.13, Kamil Jońca via dovecot wrote: > I tried to experiment with "index" extension and I found that, in case > "0" sieve-filter segfaults. > example code was: > --8<---cut here---start->8--- > if header :index 0 :last :regex "received" "some regex here" { fileinto > "dedicated mailbox" ; } > --8<---cut here---end--->8--- > KJ > Thank you for reporting this bug. I was able to reproduce it and filed it as DOP-1448. Aki Tuomi
Re: courier to dovecot migration
On 29.9.2019 23.38, tovises via dovecot wrote: > I have a quite old home server based on Debian 6.x packages using courier > imap server (exim4, fetchmail, courier, apache2, squirrelmail) to keep my > and my wife emails (about 25G). > I want renew my server to Debian 10 (buster) and got a recommendation to > use dovecot instead of courier. For this purpose I'm using a different PC > as a sandbox. Debian 10 currently offer dovecot version 2.3.4.1 > Installation was "peaceful" but stuck with the migration. I have choose > migration using dsync, from Wiki I was choose this command: > > For per-user user/passwords use: > > doveadm -o imapc_user=foo -o pop3c_user=foo -o imapc_password=bar -o > pop3c_password=bar backup -R -u user@domain imapc: > > (foo and bar placed real username and password) > > But I get error: > doveadm(to...@nusi.tovis-lab.mydomain.org): Error: User doesn't exist > > Strongly I have no real domain, I'm using "freedns". "nusi" is the local > name of my old server, "tovis-lab" is conjunction with "mydomain.org" > choose from freedns. I was trying short as "nusi" which is in /etc/hosts > file even ip address but the same result. 143 and 943 ports are working > only inside the firewall (OpenWrt). > I was checked using telnet courier on the "remote" box and dovecot on the > localhost. I was able to login. > > What should I use as "user@domain" in this situation? > > tovis > > > Hi! -u parameter should be your *local* username, @domain is optional. Aki
Re: lmtp and virtual users
On 27.9.2019 23.21, David Wells - Alfavinil S.A. via dovecot wrote: > Good afternoon. > > I have dovecot setup to authenticate virtual users using either gssapi > or doind a bind to an ldap server to achieve a single sign on capable > imap server connected to a samba active directory DC. What I am also > trying to achieve is to have dovecot's lmtp daemon handle the mails > passed from postfix. However, the only way I've gotten this to work is > setting allow_all_users = yes in the userdb but this causes lmtp to > deliver mails to non existant accounts without rejection. I've been > searching but haven't found a way to set this same thing up but having > dovecots lmtp check the validity of the mails recipient against the same > samba AD DC through ldap before delivering it and rejecting unknown > email addresses. Could someone please provide some insight into how to > achieve this? > > Thank you very much in advance. > Best regards, > David Wells. > > You could setup LDAP userdb without bind authentication, and use a service account instead. Aki