On Tue, 2008-12-09 at 14:44 -0600, Romer Ventura wrote: > Hello, > > I am trying to use userdb prefetch so that I don't do an extra LDAP > lookup and I am having some problems: > > Here is my dovecot-ldap.conf > # cat /etc/dovecot/dovecot-ldap.conf > hosts = 192.168.50.30 192.168.50.31 > base = ou=HST-Users,dc=h-st,dc=com > ldap_version = 3 > auth_bind = yes
Auth binding is currently doing one lookup to get the DN for the user.
If your DN fits to a template, you could set auth_bind_userdn setting to
avoid the initial lookup. That way you would get the same result as with
prefetch: two LDAP lookups.
> dn = cn=ldap,cn=Users,dc=h-st,dc=com
> dnpass = <PASSWORD>
> user_attrs =
> sAMAccountName=mail=maildir:/home/vmail/%Ud/%Ln/Maildir/,=gid=1000,=uid=1001
> user_filter = (&(objectClass=person)(mail=%u))
> #pass_attrs =
> sAMAccountName=mail=maildir:/home/vmail/%Ud/%Ln/Maildir/,=gid=1000,=uid=1001
> pass_filter = (&(objectClass=person)(mail=%u))
So, if you don't set auth_bind_userdn, you can set pass_attrs to contain
all the same things as user_attrs, except with userdb_ prefix:
pass_attrs =
sAMAccountName=userdb_mail=maildir:/home/vmail/%Ud/%Ln/Maildir/,=userdb_gid=1000,=userdb_uid=1001
Although instead of setting uid/gid in the pass/user_attrs, you could
just set mail_uid and mail_gid settings in dovecot.conf.
For dovecot.conf then use:
passdb ldap {
..
}
userdb prefetch {
}
userdb ldap {
..
}
signature.asc
Description: This is a digitally signed message part
