> >>
> >> I really got your point, but how you will implement aliases
> > has nothing to do with dovecot, sendmail can get those from ldap.
> >
> >> or domain
> > sendmail gets these from ldap (but requires a restart)
> >
> >> query or maybe quota? You still need to access ldap directly for
> other
But this is something old that I had and am not using. This allows the
cn=dovecot to also access the password field. I am not sure if that is
necessary/wanted.
LDAP server directly using the login and password provided by the
client. To perform authentication, it must execute a BIND by an
in
Le 28/05/2023 à 21:36, Marc a écrit :
Am I understanding correctly that the auth_bind option, regardless of
whether it is set to yes or no, and even if anonymous access to the LDAP
directory is blocked, must be used with dn=cn=manager,dc=example,dc=com
and dnpass=password to enable authentication
>
> Am I understanding correctly that the auth_bind option, regardless of
> whether it is set to yes or no, and even if anonymous access to the LDAP
> directory is blocked, must be used with dn=cn=manager,dc=example,dc=com
> and dnpass=password to enable authentication?
Forget about using manager
Hi,
I would like to ask about one more thing regarding LDAP server
authentication.
Am I understanding correctly that the auth_bind option, regardless of
whether it is set to yes or no, and even if anonymous access to the LDAP
directory is blocked, must be used with dn=cn=manager,dc=example,dc=com
Hi,
I reviewed your guidelines and focused only on how olcAccess works to block
anonymous users. I installed a blank native Debian and interestingly, the
default Debian rules also allow anonymous reading of the LDAP directory.
olcAccess by Debian olcAccess: {0} to attrs=userPassword by self write
On 5/21/23 12:42, Marc wrote:
My LDAP server is installed on a Proxmox container using the TurnKey
Linux template. I always thought it was a clean Debian installation. I
tried it on a fresh Debian installation, and both olcAccess and the LDAP
tree differ significantly from what is provided in
>
> My LDAP server is installed on a Proxmox container using the TurnKey
> Linux template. I always thought it was a clean Debian installation. I
> tried it on a fresh Debian installation, and both olcAccess and the LDAP
> tree differ significantly from what is provided in the template.
>
> I
Hi,
My LDAP server is installed on a Proxmox container using the TurnKey Linux
template. I always thought it was a clean Debian installation. I tried it
on a fresh Debian installation, and both olcAccess and the LDAP tree differ
significantly from what is provided in the template.
I need to pract
You can check if the acl's are correct using ldapsearch .
This second bind without dn is weird so you need to check from where it
come.
Anyway I think is better to have a special user for binding because you
can't use the %u if you have multiple organisational units which will
occur in the
Hi,
Thank you for your response. What you wrote makes sense, and it was
definitely my mistake.
I have made the necessary changes in the settings.
auth_bind_userdn = cn=%u,ou=Users,dc=example,dc=com
I changed the user's cn to u...@example.com.
It appears that there is indeed a specific BIND attemp
> Here are my default olcAccess settings after installation:
don't put samba stuff here, just focus on one application's access.
> olcAccess: {10} to * by * read
>
> However, I am not satisfied with these settings because using the
> anonymous user, anyone can browse the entire LDAP tree. While
I think you need also add "by users read" but the problem in this setup
is to find the user you have a filter so you need to search for this .
So you need either specify a special binding account or the format of
the biding user
This is from the default config on debian :
# For example:
#
Hi,
I'm trying to set up a production mail server. I have installed Dovecot on
Debian from the package. For authentication, I have another machine running
OpenLDAP, also installed on Debian. I would like the end mail client to
authenticate with Dovecot using the login and password set in LDAP.
In
14 matches
Mail list logo
