Good morning. I was just reading https://wiki.dovecot.org/AuthDatabase/LDAP/PasswordLookups and found the following statement > When using LDA <https://wiki.dovecot.org/LDA> and static userdb, > deliver can check if destination user exists. With auth binds this > check isn't possible.
Is this still relevant? Is there a workaround? It seems like using dovecots lmtp in an active directory environment is not possible, is this correct? -------- Mensaje reenviado -------- Asunto: Re: lmtp and virtual users Fecha: Mon, 30 Sep 2019 17:14:16 -0300 De: David Wells - Alfavinil S.A. via dovecot <dovecot@dovecot.org> Responder a: David Wells - Alfavinil S.A. <dwe...@alfavinil.com> Para: Aki Tuomi <aki.tu...@open-xchange.com>, dovecot@dovecot.org Dear Aki, good afternoon. Thank you very much for your response and thank you again for the tip on how I could resolve this issue. The problem I'm facing is that I need dovecot to serve emails with two different authorization methods for imap and sasl, one through the kerberos ticket as in https://wiki.dovecot.org/Authentication/Kerberos which I have working but only with a static userdb and also with plain (over tls of course) performing an ldap bind. I also need to verify the validity of incoming emails for the lmtp process. I have only managed to get plain working with the ldap userdb, or the kerberos solution with static databases and no address verification working but not both. I believe I could set up two different dovecot instances listening on different ports or even on different ip addresses over the same ethernet device but I believe I would run into problems with the locking of files and I would like a one solution to serve them all. Is this even possible? Is there information on how to achieve this somewhere I haven't found? Thank you very much again. Best regards, David Wells. El 30/09/2019 a las 03:36, Aki Tuomi escribió: > On 27.9.2019 23.21, David Wells - Alfavinil S.A. via dovecot wrote: >> Good afternoon. >> >> I have dovecot setup to authenticate virtual users using either gssapi >> or doind a bind to an ldap server to achieve a single sign on capable >> imap server connected to a samba active directory DC. What I am also >> trying to achieve is to have dovecot's lmtp daemon handle the mails >> passed from postfix. However, the only way I've gotten this to work is >> setting allow_all_users = yes in the userdb but this causes lmtp to >> deliver mails to non existant accounts without rejection. I've been >> searching but haven't found a way to set this same thing up but having >> dovecots lmtp check the validity of the mails recipient against the same >> samba AD DC through ldap before delivering it and rejecting unknown >> email addresses. Could someone please provide some insight into how to >> achieve this? >> >> Thank you very much in advance. >> Best regards, >> David Wells. >> >> > You could setup LDAP userdb without bind authentication, and use a > service account instead. > > Aki >
