Re: [Dovecot] critical feature from version 1 not migrated to version 2 = authentication configuration database per IP
Timo Sirainen wrote:
- another way (possible that will be more easiest, and good enough for
advanced configurations) = single variable that may be set in block
of exact ip listener configuration , as for provided before example
may set variable "auth_db_suffix" = string("dc=domain1,dc=tld") for
definition "local mail.domain1.tld" and that variable are inserted in
auth block via variable inserting mechanism ...
Again not possible, because config parsing is done much earlier.
think for realization can take idea from that patch :
-
--- src/auth/auth-request.c.orig 2010-12-30 11:42:54.0 +0200
--- src/auth/auth-request.c.orig 2010-12-30 11:42:54.0 +0200
@@ -1547,6 +1547,7 @@ auth_request_get_var_expand_table(const
{ '\0', NULL, "login_user" },
{ '\0', NULL, "login_username" },
{ '\0', NULL, "login_domain" },
+ { 'x', NULL, NULL },
{ '\0', NULL, NULL }
};
struct var_expand_table *tab;
@@ -1600,6 +1601,15 @@ auth_request_get_var_expand_table(const
auth_request);
}
}
+ const char *lip2user[][2] =
{{"127.0.0.3","dc=domain1,dc=tld1"},{"127.0.0.1","localhost"},{"127.0.0.2","dc=domain2,dc=tld2"}};
+ int arrsize=sizeof( lip2user ) / sizeof( lip2user[0]);
+ tab[18].value = ""; // default expanded to - emty string
+ int i;
+ for(i=0;i+ if
(strcmp(net_ip2addr(&auth_request->local_ip),(lip2user[i][0]))==0) {
+ tab[18].value = lip2user[i][1];
+ }
+ }
return tab;
}
-
and there need only possibility to define pairs in config file for
lip2user array initialization - then macro/variable %x will be available
for substitution in all modules - as for ldap , as for filename-based
parameters.
in exaple patch created static table to match lip to suffix
127.0.0.3 = "dc=domain1,dc=tld1"
127.0.0.1 = "localhost"
127.0.0.2 = "dc=domain2,dc=tld2"
how to initialize arrays from config - i'm was not explored for
currently used coding structures
may create this array more complex = not as simple pair - but as for
selective conversion:
%x1 lip to text1,
%x2 lip to text2,
%x3 lip to text3 ...
- then diffirent advanced configurations will be possible ...
Re: [Dovecot] critical feature from version 1 not migrated to version 2 = authentication configuration database per IP
Timo Sirainen wrote:
On 9.2.2011, at 9.37, da...@apollo.lv wrote:
existing version 1 config file, that allow such configuration:
/etc/dovecot.conf BEGIN
server mail.domain1.tld {
I'm surprised that this server block really worked for you. I only remember
having problems with it, and that's why its existence is well hidden.
it's worked flawlessy for many years : firstly redhat distros, later all
fedora versions. But in latest fedora distro are included v2.x branch ...
In v2.0 the idea is anyway that you could do:
local mail.domain1.tld {
..
}
local mail.domain2.tld {
..
}
But this unfortunately doesn't currently work for auth settings.
i've seen - auth from many databases possible - but all in one block,
... as solution can create 2 variables that may be passed to auth process :
- 1 = local ip address , to which was connected client
- 2 = resolved ip address from 1
that variables must be possible to use in auth database "include file"
definition similar to :
!include auth-ldap.conf.%IP
or
!include auth-ldap.conf.%IP_Resolved
_- another way _(possible that will be more easiest, and good enough for
advanced configurations) = single variable that may be set in block of
exact ip listener configuration , as for provided before example may set
variable "auth_db_suffix" = string("dc=domain1,dc=tld") for definition
"local mail.domain1.tld" and that variable are inserted in auth block
via variable inserting mechanism ...
I'll get around to doing it at some point.. There is actually probably one
horribly ugly way to make this already work, but it's so bad I don't really
even want to suggest it (involving creating duplicate service blocks for
different IPs and chrooting their processes to different dirs)..
that way (multiple instances of dovecot with full copy of all
configuration files) i was doing, but not liked, so on each update of
distro currently i'm recompiling and reinstalling 1.x version on all
mine controlled servers (ppc+x86+x64) ...
Re: [Dovecot] critical feature from version 1 not migrated to version 2 = authentication configuration database per IP
On 9.2.2011, at 9.37, da...@apollo.lv wrote:
> existing version 1 config file, that allow such configuration:
> /etc/dovecot.conf BEGIN
> server mail.domain1.tld {
I'm surprised that this server block really worked for you. I only remember
having problems with it, and that's why its existence is well hidden. In v2.0
the idea is anyway that you could do:
local mail.domain1.tld {
..
}
local mail.domain2.tld {
..
}
But this unfortunately doesn't currently work for auth settings. I'll get
around to doing it at some point.. There is actually probably one horribly ugly
way to make this already work, but it's so bad I don't really even want to
suggest it (involving creating duplicate service blocks for different IPs and
chrooting their processes to different dirs)..
[Dovecot] critical feature from version 1 not migrated to version 2 = authentication configuration database per IP
not possible make operation with dovecot version 2.x as was possible in version
1.x:
requisites description:
connect to dovecot service on IP1 - dovecot must serve users that related to
domain1 located in database1
connect to dovecot service on IP2 - dovecot must serve users that related to
domain2 located in database2
login must be with username that form not as "user@domain" but simple "user"
databases may contain identical username, but they have different passwords
existing version 1 config file, that allow such configuration:
/etc/dovecot.conf BEGIN
server mail.domain1.tld {
protocols = imaps pop3s pop3
ssl_cert_file = /etc/pki/cert1.pem
ssl_key_file = /etc/pki/cert1.key
listen = 123.123.123.1
ssl_listen = 123.123.123.1
default_mail_env = mbox:/tmp:INBOX=/var/mail/domain1.tld/%n:INDEX=MEMORY
pop3_uidl_format = %08Xu%08Xv
auth default {
mechanisms = plain
passdb ldap {
args= /etc/dovecot-ldap.conf.domain1.tld1
}
userdb ldap {
args= /etc/dovecot-ldap.conf.domain1.tld1
}
}
login_process_per_connection = yes
login_max_processes_count = 4
login_processes_count = 1
}
server mail.domain2.tld {
protocols = imaps pop3s pop3
ssl_cert_file = /etc/pki/cert2.pem
ssl_key_file = /etc/pki/cert2.key
listen = 123.123.123.2
ssl_listen = 123.123.123.2
default_mail_env = mbox:/tmp:INBOX=/var/mail/domain2.tld/%n:INDEX=MEMORY
pop3_uidl_format = %08Xu%08Xv
auth default {
mechanisms = plain
passdb ldap {
args= /etc/dovecot-ldap.conf.domain2.tld2
}
userdb ldap {
args= /etc/dovecot-ldap.conf.domain2.tld2
}
}
login_process_per_connection = yes
login_max_processes_count = 4
login_processes_count = 1
}
/etc/dovecot.conf END
/etc/dovecot-ldap.conf.domain1.tld and /etc/dovecot-ldap.conf.domain2.tld
refers to different ldap databases
