Re: Different realm for different listeners?
Once upon a time, Chris Adams said:
> All my users are in MySQL. Reading the docs, I see that "%l" expands to
> the local IP address "almost everywhere". If that's available in the
> userdb SQL expansion, I could write a (somewhat convoluted) SQL
> statement that adds a domain based on the local IP. Does that sound
> like it'll work? Not quite as "elegant" as just setting
> auth_default_realm in separate listeners, but should work I guess.
Just a follow-up for the archives: this worked. This is my
MySQL password_query:
password_query = \
SELECT username AS user, password, \
concat('/srv/mail/',maildir) AS userdb_home, 1000 AS userdb_uid, \
1000 AS userdb_gid \
FROM mailbox WHERE active = 1 AND username = case \
when '%d' <> '' then '%u' \
when '%l' = '10.0.9.73' then '%u...@domain1.com' \
when '%l' = '10.0.9.74' then '%u...@domain2.net' \
else '%u' end
--
Chris Adams
Re: Different realm for different listeners?
Once upon a time, Tom Hendrikx said: > You could drop the default realm completely, and create a second > passdb lookup which uses only the username part to lookup credentials. > This means that, as long as you have no conflicts as usernames > 'j...@foo.com' vs 'j...@bar.com', you'd be able to support username > 'john'. The domains I need to handle are separate telephone company ISPs, so they all want common things like "sales", so that won't work. All my users are in MySQL. Reading the docs, I see that "%l" expands to the local IP address "almost everywhere". If that's available in the userdb SQL expansion, I could write a (somewhat convoluted) SQL statement that adds a domain based on the local IP. Does that sound like it'll work? Not quite as "elegant" as just setting auth_default_realm in separate listeners, but should work I guess. -- Chris Adams
Re: Different realm for different listeners?
On Tuesday 10 March 2015 18:38:40 Tom Hendrikx wrote: > On 10-03-15 18:20, Chris Adams wrote: > > I see this has been asked a few times over the years (but not in > > several years), and the response was along the lines of "maybe > > someday", so I figured I'd see if someday was here yet... > > > > I have a need to have a different default realm for different > > listeners. Basically, I've a bunch of different domains, and a few > > of them insist their users not be required to authenticate with > > "user@domain" and just use "user", and I'm trying to make this work > > without separate daemons and/or VMs. > > > > I'll be using Dovecot 2.2 (most likely 2.2.10 as provided by > > RHEL/CentOS 7). > > > > Thanks. If there's not a way to do this directly in Dovecot, does > > anybody have any suggestion that doesn't require several different > > VMs? > > You could drop the default realm completely, and create a second > passdb lookup which uses only the username part to lookup credentials. > This means that, as long as you have no conflicts as usernames > 'j...@foo.com' vs 'j...@bar.com', you'd be able to support username > 'john'. Well, I think "conflict" is the keyword here. Everybody want an e-mail address called "contact" or "office" :) > > When you're able to use the password in your sql WHERE statement [1] > too, you could even work around that, because you'd only have > mismatches when 'j...@foo.com' and 'j...@bar.com' have the same > passphrase. > > [1] > http://wiki2.dovecot.org/AuthDatabase/SQL#Password_verification_by_SQL_serve > r > > Tom -- Mihai Bădici http://mihai.badici.ro
Re: Different realm for different listeners?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10-03-15 18:20, Chris Adams wrote: > I see this has been asked a few times over the years (but not in > several years), and the response was along the lines of "maybe > someday", so I figured I'd see if someday was here yet... > > I have a need to have a different default realm for different > listeners. Basically, I've a bunch of different domains, and a few > of them insist their users not be required to authenticate with > "user@domain" and just use "user", and I'm trying to make this work > without separate daemons and/or VMs. > > I'll be using Dovecot 2.2 (most likely 2.2.10 as provided by > RHEL/CentOS 7). > > Thanks. If there's not a way to do this directly in Dovecot, does > anybody have any suggestion that doesn't require several different > VMs? > You could drop the default realm completely, and create a second passdb lookup which uses only the username part to lookup credentials. This means that, as long as you have no conflicts as usernames 'j...@foo.com' vs 'j...@bar.com', you'd be able to support username 'john'. When you're able to use the password in your sql WHERE statement [1] too, you could even work around that, because you'd only have mismatches when 'j...@foo.com' and 'j...@bar.com' have the same passphrase. [1] http://wiki2.dovecot.org/AuthDatabase/SQL#Password_verification_by_SQL_server Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJU/ywgAAoJEJPfMZ19VO/1mzQP/Anz44a5c7J6ir8mUgTVZEOn bFOrkXHkntLSruOZ9FHrMJX4RYXTSbZTe9fUUx1zDXiU7Aj2VQ6LqueXt7LFUW2Z jmPsxaHXBL8fSR8suwpzZ06/blz563Qi06HEZb2ixjITyvd3iVJCSPzVu3NLdsSH oxAE50I2vzuFHqfN9JbXD98HuEdGedhOldjlw9MsXmUFthfAYN8N4AhCgzm7G1C8 wk0909pvUAjfDuY7mJU6Q9smDBRdvP4i/aZtKrs/G1ZGq8SPbClbjwLedQy88q76 F/5DcY0M+Z2hYHEZrBQimfUByANY0YvMlQubqQ/s/lsUSD2IdDX6K3lvYKIuKNSe SHgnt9p6/yTAmX3gbsnB7fbbYQQNRrTHM8Uk8KWJhkxhWZpKt3BOoPMphMa5TCKR 9sBRZqIdN1vSd31Gu/QylKv0+zDeIXay7T+HVCf82KPHq/+zFzSZ1iR14V4TdOyz SXNprdxRik49tiAHRTSMQwRmOHDel9+guhozSJVj0ISnTCeRAC5vSvGActA3Gl8l 8aMBLDf/VyS7B+Ss0aWOs8MwIrre9oAxMa937lLc3sNh48A7uw38wJmIB6L20q2n QPlsYCm39wMgWvWi84rEhi663jBdRsZKBq+/Ou7oFHXkQmVmt1ToXw0mC5Bst9Ew y832vTrhtp1Sl2Siv1RV =KWRg -END PGP SIGNATURE-
Different realm for different listeners?
I see this has been asked a few times over the years (but not in several years), and the response was along the lines of "maybe someday", so I figured I'd see if someday was here yet... I have a need to have a different default realm for different listeners. Basically, I've a bunch of different domains, and a few of them insist their users not be required to authenticate with "user@domain" and just use "user", and I'm trying to make this work without separate daemons and/or VMs. I'll be using Dovecot 2.2 (most likely 2.2.10 as provided by RHEL/CentOS 7). Thanks. If there's not a way to do this directly in Dovecot, does anybody have any suggestion that doesn't require several different VMs? -- Chris Adams
