-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 2 Jun 2017, Sandbox wrote:
On Fri, 2 Jun 2017, Sandbox wrote:
I have two LDAP domains, which has some equal users, eg:
a...@domain1.com
a...@domain2.com
This works fine except one thing: i cant set up the ldap query to choose
the correct maildir if the user names are equal.
| Well the most problem is that you have two LDAP servers with different
content.
Unfortunately i cant do anything with this. :S
Is it possible to use a user_filter which will choose the correct maildir
and user/domain from the email address?
My current ldap.conf for domain1:
hosts = ldap.domain1.com
base = ou=People,dc=domain1,dc=com
ldap_version = 3
user_attrs = uid=user
user_filter = (uid=%n)
pass_attrs = uid=user,userPassword=password
pass_filter = (uid=%n)
default_pass_scheme = MD5
and for domain2:
hosts = ldap.domain2.com
base = ou=People,dc=domain2,dc=com
ldap_version = 3
user_attrs = \
=mail=maildir:/home/vmail/%{ldap:departmentNumber)/%n/Maildir
user_filter = (uid=%n)
pass_attrs = uid=%n,userPassword=password
pass_filter = (uid=%n)
default_pass_scheme = MD5
| you have one LDAP conf per domain and two userdb's, right?
Nop, I have two ldap.conf files, one for domain1 and one for domain2 and
two userdb setting in dovecot.conf for each ldap.conf files.
| Can you make use of ${domain} in one of the LDAP servers, is the domain
present in the user entries?
Uhm, what do you mean? "Can you make use of ${domain} in one of the LDAP
servers"?
Only the mail address and the departmentNumber contains the domain in the
user entries, to be clear, the first domain's (this is the "old" one) user
entries does not contain any departmentNumber data so those e-mails are
going to the current /home/vmail/user/maildir directory, the second domain
(which is the "new" one) contains the departmentnumber data, so those
emails are going to the /home/vmail/domain2.com/user/maildir directory.
The main problem that I have the same usernames in both domains, thats why
i cant use only one domain.
Actually i have one ldap server with two domains configured.
Just thinking about the problem, is that not possible to fill up a not used
LDAP record eg: labeledURI with the user's second e-mail address? So in the
ldap.conf i have to use a filter which can decide which e-mail address is
used -> where to store the mail.
Or, use two mail record.
Both requires e-mail address filtering where i have to use the domain part
as a decision parameter....what do you think?
Then use
(&(uid=%n)(mail=*@%{domain}))
or something similar.
However, I don't know, whether %{domain} is populated in your config.
Did you checked out Aki's answer. If that works as described,
username_format would make it easier.
2017-06-02 10:13 GMT+02:00 Steffen Kaiser <skdove...@smail.inf.fh-brs.de>:
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEVAwUBWTFYqHz1H7kL/d9rAQJ41AgAmyu8Uw+BQCmSQ7PHlFUIh/YO8IQy10Sv
WzgorCAqtyL3KBU48tE1lUyQT58NV4QR7SGEbFxsSN1WQXzFTsc43kLfGvmk7/WQ
bAtvqZaw0uiiPrt2p69e4jfd7GR7NIgM8UP2IM74anmLRzx/uMTBH3MyufChb6gW
EDXjn/rTNlm0FaUYGL6JZuyQMZb8YubHVtl1BXMvdULXgewdmCv9UqodUBKVDlDG
f8RwUzAjTiITFINC+4RGBwJKVK8J4MxA4BUs9yZomMXd6384JYogCACmvuK4Je13
5BwTfxT97NER3LIxsLeTZPA6SHq89IlDS3HD/wqW5wMgDzp+BWlOiQ==
=mipf
-----END PGP SIGNATURE-----
