| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140 |
- # This file is opened as root, so it should be owned by root and mode 0600.
- #
- # http://wiki2.dovecot.org/AuthDatabase/LDAP
- #
- # NOTE: If you're not using authentication binds, you'll need to give
- # dovecot-auth read access to userPassword field in the LDAP server.
- # With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
- # already be something like this:
- # access to attribute=userPassword
- # by dn="<dovecot's dn>" read # add this
- # by anonymous auth
- # by self write
- # by * none
- # Space separated list of LDAP hosts to use. host:port is allowed too.
- #hosts =
- # LDAP URIs to use. You can use this instead of hosts list. Note that this
- # setting isn't supported by all LDAP libraries.
- #uris =
- # Distinguished Name - the username used to login to the LDAP server.
- # Leave it commented out to bind anonymously (useful with auth_bind=yes).
- #dn =
- # Password for LDAP server, if dn is specified.
- #dnpass =
- # Use SASL binding instead of the simple binding. Note that this changes
- # ldap_version automatically to be 3 if it's lower. Also note that SASL binds
- # and auth_bind=yes don't work together.
- #sasl_bind = no
- # SASL mechanism name to use.
- #sasl_mech =
- # SASL realm to use.
- #sasl_realm =
- # SASL authorization ID, ie. the dnpass is for this "master user", but the
- # dn is still the logged in user. Normally you want to keep this empty.
- #sasl_authz_id =
- # Use TLS to connect to the LDAP server.
- #tls = no
- # TLS options, currently supported only with OpenLDAP:
- #tls_ca_cert_file =
- #tls_ca_cert_dir =
- #tls_cipher_suite =
- # TLS cert/key is used only if LDAP server requires a client certificate.
- #tls_cert_file =
- #tls_key_file =
- # Valid values: never, hard, demand, allow, try
- #tls_require_cert =
- # Use the given ldaprc path.
- #ldaprc_path =
- # LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h.
- # -1 = everything. You may need to recompile OpenLDAP with debugging enabled
- # to get enough output.
- #debug_level = 0
- # Use authentication binding for verifying password's validity. This works by
- # logging into LDAP server using the username and password given by client.
- # The pass_filter is used to find the DN for the user. Note that the pass_attrs
- # is still used, only the password field is ignored in it. Before doing any
- # search, the binding is switched back to the default DN.
- #auth_bind = no
- # If authentication binding is used, you can save one LDAP request per login
- # if users' DN can be specified with a common template. The template can use
- # the standard %variables (see user_filter). Note that you can't
- # use any pass_attrs if you use this setting.
- #
- # If you use this setting, it's a good idea to use a different
- # dovecot-ldap.conf.ext for userdb (it can even be a symlink, just as long as
- # the filename is different in userdb's args). That way one connection is used
- # only for LDAP binds and another connection is used for user lookups.
- # Otherwise the binding is changed to the default DN before each user lookup.
- #
- # For example:
- # auth_bind_userdn = cn=%u,ou=people,o=org
- #
- #auth_bind_userdn =
- # LDAP protocol version to use. Likely 2 or 3.
- #ldap_version = 3
- # LDAP base. %variables can be used here.
- # For example: dc=mail, dc=example, dc=org
- base =
- # Dereference: never, searching, finding, always
- #deref = never
- # Search scope: base, onelevel, subtree
- #scope = subtree
- # User attributes are given in LDAP-name=dovecot-internal-name list. The
- # internal names are:
- # uid - System UID
- # gid - System GID
- # home - Home directory
- # mail - Mail location
- #
- # There are also other special fields which can be returned, see
- # http://wiki2.dovecot.org/UserDatabase/ExtraFields
- #user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
- # Filter for user lookup. Some variables can be used (see
- # http://wiki2.dovecot.org/Variables for full list):
- # %u - username
- # %n - user part in user@domain, same as %u if there's no domain
- # %d - domain part in user@domain, empty if user there's no domain
- #user_filter = (&(objectClass=posixAccount)(uid=%u))
- # Password checking attributes:
- # user: Virtual user name (user@domain), if you wish to change the
- # user-given username to something else
- # password: Password, may optionally start with {type}, eg. {crypt}
- # There are also other special fields which can be returned, see
- # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
- #pass_attrs = uid=user,userPassword=password
- # If you wish to avoid two LDAP lookups (passdb + userdb), you can use
- # userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
- # also have to include user_attrs in pass_attrs field prefixed with "userdb_"
- # string. For example:
- #pass_attrs = uid=user,userPassword=password,\
- # homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid
- # Filter for password lookups
- #pass_filter = (&(objectClass=posixAccount)(uid=%u))
- # Attributes and filter to get a list of all users
- #iterate_attrs = uid=user
- #iterate_filter = (objectClass=posixAccount)
- # Default password scheme. "{scheme}" before password overrides this.
- # List of supported schemes is in: http://wiki2.dovecot.org/Authentication
- #default_pass_scheme = CRYPT
|
