Mercurial > dovecot > original-hg > dovecot-1.2
comparison doc/dovecot-ldap-example.conf @ 5384:2a6ff0bbc932 HEAD
Renamed dovecot-sql/ldap.conf to dovecot-sql/ldap-example.conf. make install
now installs them to sysconfdir.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 23 Mar 2007 02:04:52 +0200 |
parents | |
children | 526d1a860b13 |
comparison
equal
deleted
inserted
replaced
5383:8b5844d257e7 | 5384:2a6ff0bbc932 |
---|---|
1 # This file is opened as root, so it should be owned by root and mode 0600. | |
2 # | |
3 # http://wiki.dovecot.org/AuthDatabase/LDAP | |
4 # | |
5 # NOTE: If you're not using authentication binds, you'll need to give | |
6 # dovecot-auth read access to userPassword field in the LDAP server. | |
7 # With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should | |
8 # already be something like this: | |
9 | |
10 # access to attribute=userPassword | |
11 # by dn="<dovecot's dn>" read # add this | |
12 # by anonymous auth | |
13 # by self write | |
14 # by * none | |
15 | |
16 # Space separated list of LDAP hosts to use. host:port is allowed too. | |
17 #hosts = | |
18 | |
19 # LDAP URIs to use. You can use this instead of hosts list. Note that this | |
20 # setting isn't supported by all LDAP libraries. | |
21 #uris = | |
22 | |
23 # Distinguished Name - the username used to login to the LDAP server | |
24 #dn = | |
25 | |
26 # Password for LDAP server | |
27 #dnpass = | |
28 | |
29 # Use SASL binding instead of the simple binding. Note that this changes | |
30 # ldap_version automatically to be 3 if it's lower. Also note that SASL binds | |
31 # and auth_bind=yes don't work together. | |
32 #sasl_bind = no | |
33 # SASL mechanism name to use. | |
34 #sasl_mech = | |
35 # SASL realm to use. | |
36 #sasl_realm = | |
37 # SASL authorization ID, ie. the dnpass is for this "master user", but the | |
38 # dn is still the logged in user. Normally you want to keep this empty. | |
39 #sasl_authz_id = | |
40 | |
41 # Use TLS to connect to the LDAP server. | |
42 #tls = no | |
43 | |
44 # Use authentication binding for verifying password's validity. This works by | |
45 # logging into LDAP server using the username and password given by client. | |
46 # The pass_filter is used to find the DN for the user. Note that the pass_attrs | |
47 # is still used, only the password field is ignored in it. Before doing any | |
48 # search, the binding is switched back to the default DN. | |
49 #auth_bind = no | |
50 | |
51 # If authentication binding is used, you can save one LDAP request per login | |
52 # if users' DN can be specified with a common template. The template can use | |
53 # the standard %variables (see user_filter). Note that you can't | |
54 # use any pass_attrs if you use this setting. | |
55 # | |
56 # If you use this setting, it's a good idea to use a different | |
57 # dovecot-ldap.conf for userdb (it can even be a symlink, just as long as the | |
58 # filename is different in userdb's args). That way one connection is used only | |
59 # for LDAP binds and another connection is used for user lookups. Otherwise | |
60 # the binding is changed to the default DN before each user lookup. | |
61 # | |
62 # For example: | |
63 # auth_bind_userdn = cn=%u,ou=people,o=org | |
64 # | |
65 #auth_bind_userdn = | |
66 | |
67 # LDAP protocol version to use. Likely 2 or 3. | |
68 #ldap_version = 2 | |
69 | |
70 # LDAP base. %variables can be used here. | |
71 base = uid=someone, dc=foo, dc=bar, dc=org | |
72 | |
73 # Dereference: never, searching, finding, always | |
74 #deref = never | |
75 | |
76 # Search scope: base, onelevel, subtree | |
77 #scope = subtree | |
78 | |
79 # User attributes are given in LDAP-name=dovecot-internal-name list. The | |
80 # internal names are: | |
81 # uid - System UID | |
82 # gid - System GID | |
83 # home - Home directory | |
84 # mail - Mail location | |
85 # | |
86 # There are also other special fields which can be returned, see | |
87 # http://wiki.dovecot.org/UserDatabase/ExtraFields | |
88 #user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid | |
89 | |
90 # Filter for user lookup. Some variables can be used (see | |
91 # http://wiki.dovecot.org/Variables for full list): | |
92 # %u - username | |
93 # %n - user part in user@domain, same as %u if there's no domain | |
94 # %d - domain part in user@domain, empty if user there's no domain | |
95 #user_filter = (&(objectClass=posixAccount)(uid=%u)) | |
96 | |
97 # Password checking attributes: | |
98 # user: Virtual user name (user@domain), if you wish to change the | |
99 # user-given username to something else | |
100 # password: Password, may optionally start with {type}, eg. {crypt} | |
101 # There are also other special fields which can be returned, see | |
102 # http://wiki.dovecot.org/PasswordDatabase/ExtraFields | |
103 #pass_attrs = uid=user,userPassword=password | |
104 | |
105 # If you wish to avoid two LDAP lookups (passdb + userdb), you can use | |
106 # userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll | |
107 # also have to include user_attrs in pass_attrs field prefixed with "userdb_" | |
108 # string. For example: | |
109 #pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid | |
110 | |
111 # Filter for password lookups | |
112 #pass_filter = (&(objectClass=posixAccount)(uid=%u)) | |
113 | |
114 # Default password scheme. "{scheme}" before password overrides this. | |
115 # List of supported schemes is in: http://wiki.dovecot.org/Authentication | |
116 #default_pass_scheme = CRYPT | |
117 | |
118 # You can use same UID and GID for all user accounts if you really want to. | |
119 # If the UID/GID is still found from LDAP reply, it overrides these values. | |
120 #user_global_uid = | |
121 #user_global_gid = |