Mercurial > dovecot > original-hg > dovecot-1.2
changeset 5384:2a6ff0bbc932 HEAD
Renamed dovecot-sql/ldap.conf to dovecot-sql/ldap-example.conf. make install
now installs them to sysconfdir.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Fri, 23 Mar 2007 02:04:52 +0200 |
parents | 8b5844d257e7 |
children | 284f2994ea5f |
files | doc/Makefile.am doc/dovecot-ldap-example.conf doc/dovecot-ldap.conf doc/dovecot-sql-example.conf doc/dovecot-sql.conf dovecot-example.conf |
diffstat | 6 files changed, 249 insertions(+), 245 deletions(-) [+] |
line wrap: on
line diff
--- a/doc/Makefile.am Fri Mar 23 01:33:01 2007 +0200 +++ b/doc/Makefile.am Fri Mar 23 02:04:52 2007 +0200 @@ -1,5 +1,10 @@ docdir = $(datadir)/doc/dovecot +confdir = $(sysconfdir) +conf_DATA = \ + dovecot-ldap-example.conf \ + dovecot-sql-example.conf + doc_DATA = \ USE-WIKI-INSTEAD \ auth-protocol.txt \ @@ -9,6 +14,5 @@ EXTRA_DIST = \ mkcert.sh \ dovecot-openssl.cnf \ - dovecot-ldap.conf \ - dovecot-sql.conf \ - $(doc_DATA) + $(doc_DATA) \ + $(conf_DATA)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/dovecot-ldap-example.conf Fri Mar 23 02:04:52 2007 +0200 @@ -0,0 +1,121 @@ +# This file is opened as root, so it should be owned by root and mode 0600. +# +# http://wiki.dovecot.org/AuthDatabase/LDAP +# +# NOTE: If you're not using authentication binds, you'll need to give +# dovecot-auth read access to userPassword field in the LDAP server. +# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should +# already be something like this: + +# access to attribute=userPassword +# by dn="<dovecot's dn>" read # add this +# by anonymous auth +# by self write +# by * none + +# Space separated list of LDAP hosts to use. host:port is allowed too. +#hosts = + +# LDAP URIs to use. You can use this instead of hosts list. Note that this +# setting isn't supported by all LDAP libraries. +#uris = + +# Distinguished Name - the username used to login to the LDAP server +#dn = + +# Password for LDAP server +#dnpass = + +# Use SASL binding instead of the simple binding. Note that this changes +# ldap_version automatically to be 3 if it's lower. Also note that SASL binds +# and auth_bind=yes don't work together. +#sasl_bind = no +# SASL mechanism name to use. +#sasl_mech = +# SASL realm to use. +#sasl_realm = +# SASL authorization ID, ie. the dnpass is for this "master user", but the +# dn is still the logged in user. Normally you want to keep this empty. +#sasl_authz_id = + +# Use TLS to connect to the LDAP server. +#tls = no + +# Use authentication binding for verifying password's validity. This works by +# logging into LDAP server using the username and password given by client. +# The pass_filter is used to find the DN for the user. Note that the pass_attrs +# is still used, only the password field is ignored in it. Before doing any +# search, the binding is switched back to the default DN. +#auth_bind = no + +# If authentication binding is used, you can save one LDAP request per login +# if users' DN can be specified with a common template. The template can use +# the standard %variables (see user_filter). Note that you can't +# use any pass_attrs if you use this setting. +# +# If you use this setting, it's a good idea to use a different +# dovecot-ldap.conf for userdb (it can even be a symlink, just as long as the +# filename is different in userdb's args). That way one connection is used only +# for LDAP binds and another connection is used for user lookups. Otherwise +# the binding is changed to the default DN before each user lookup. +# +# For example: +# auth_bind_userdn = cn=%u,ou=people,o=org +# +#auth_bind_userdn = + +# LDAP protocol version to use. Likely 2 or 3. +#ldap_version = 2 + +# LDAP base. %variables can be used here. +base = uid=someone, dc=foo, dc=bar, dc=org + +# Dereference: never, searching, finding, always +#deref = never + +# Search scope: base, onelevel, subtree +#scope = subtree + +# User attributes are given in LDAP-name=dovecot-internal-name list. The +# internal names are: +# uid - System UID +# gid - System GID +# home - Home directory +# mail - Mail location +# +# There are also other special fields which can be returned, see +# http://wiki.dovecot.org/UserDatabase/ExtraFields +#user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid + +# Filter for user lookup. Some variables can be used (see +# http://wiki.dovecot.org/Variables for full list): +# %u - username +# %n - user part in user@domain, same as %u if there's no domain +# %d - domain part in user@domain, empty if user there's no domain +#user_filter = (&(objectClass=posixAccount)(uid=%u)) + +# Password checking attributes: +# user: Virtual user name (user@domain), if you wish to change the +# user-given username to something else +# password: Password, may optionally start with {type}, eg. {crypt} +# There are also other special fields which can be returned, see +# http://wiki.dovecot.org/PasswordDatabase/ExtraFields +#pass_attrs = uid=user,userPassword=password + +# If you wish to avoid two LDAP lookups (passdb + userdb), you can use +# userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll +# also have to include user_attrs in pass_attrs field prefixed with "userdb_" +# string. For example: +#pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid + +# Filter for password lookups +#pass_filter = (&(objectClass=posixAccount)(uid=%u)) + +# Default password scheme. "{scheme}" before password overrides this. +# List of supported schemes is in: http://wiki.dovecot.org/Authentication +#default_pass_scheme = CRYPT + +# You can use same UID and GID for all user accounts if you really want to. +# If the UID/GID is still found from LDAP reply, it overrides these values. +#user_global_uid = +#user_global_gid =
--- a/doc/dovecot-ldap.conf Fri Mar 23 01:33:01 2007 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,121 +0,0 @@ -# This file is opened as root, so it should be owned by root and mode 0600. -# -# http://wiki.dovecot.org/AuthDatabase/LDAP -# -# NOTE: If you're not using authentication binds, you'll need to give -# dovecot-auth read access to userPassword field in the LDAP server. -# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should -# already be something like this: - -# access to attribute=userPassword -# by dn="<dovecot's dn>" read # add this -# by anonymous auth -# by self write -# by * none - -# Space separated list of LDAP hosts to use. host:port is allowed too. -#hosts = - -# LDAP URIs to use. You can use this instead of hosts list. Note that this -# setting isn't supported by all LDAP libraries. -#uris = - -# Distinguished Name - the username used to login to the LDAP server -#dn = - -# Password for LDAP server -#dnpass = - -# Use SASL binding instead of the simple binding. Note that this changes -# ldap_version automatically to be 3 if it's lower. Also note that SASL binds -# and auth_bind=yes don't work together. -#sasl_bind = no -# SASL mechanism name to use. -#sasl_mech = -# SASL realm to use. -#sasl_realm = -# SASL authorization ID, ie. the dnpass is for this "master user", but the -# dn is still the logged in user. Normally you want to keep this empty. -#sasl_authz_id = - -# Use TLS to connect to the LDAP server. -#tls = no - -# Use authentication binding for verifying password's validity. This works by -# logging into LDAP server using the username and password given by client. -# The pass_filter is used to find the DN for the user. Note that the pass_attrs -# is still used, only the password field is ignored in it. Before doing any -# search, the binding is switched back to the default DN. -#auth_bind = no - -# If authentication binding is used, you can save one LDAP request per login -# if users' DN can be specified with a common template. The template can use -# the standard %variables (see user_filter). Note that you can't -# use any pass_attrs if you use this setting. -# -# If you use this setting, it's a good idea to use a different -# dovecot-ldap.conf for userdb (it can even be a symlink, just as long as the -# filename is different in userdb's args). That way one connection is used only -# for LDAP binds and another connection is used for user lookups. Otherwise -# the binding is changed to the default DN before each user lookup. -# -# For example: -# auth_bind_userdn = cn=%u,ou=people,o=org -# -#auth_bind_userdn = - -# LDAP protocol version to use. Likely 2 or 3. -#ldap_version = 2 - -# LDAP base. %variables can be used here. -base = uid=someone, dc=foo, dc=bar, dc=org - -# Dereference: never, searching, finding, always -#deref = never - -# Search scope: base, onelevel, subtree -#scope = subtree - -# User attributes are given in LDAP-name=dovecot-internal-name list. The -# internal names are: -# uid - System UID -# gid - System GID -# home - Home directory -# mail - Mail location -# -# There are also other special fields which can be returned, see -# http://wiki.dovecot.org/UserDatabase/ExtraFields -#user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid - -# Filter for user lookup. Some variables can be used (see -# http://wiki.dovecot.org/Variables for full list): -# %u - username -# %n - user part in user@domain, same as %u if there's no domain -# %d - domain part in user@domain, empty if user there's no domain -#user_filter = (&(objectClass=posixAccount)(uid=%u)) - -# Password checking attributes: -# user: Virtual user name (user@domain), if you wish to change the -# user-given username to something else -# password: Password, may optionally start with {type}, eg. {crypt} -# There are also other special fields which can be returned, see -# http://wiki.dovecot.org/PasswordDatabase/ExtraFields -#pass_attrs = uid=user,userPassword=password - -# If you wish to avoid two LDAP lookups (passdb + userdb), you can use -# userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll -# also have to include user_attrs in pass_attrs field prefixed with "userdb_" -# string. For example: -#pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid - -# Filter for password lookups -#pass_filter = (&(objectClass=posixAccount)(uid=%u)) - -# Default password scheme. "{scheme}" before password overrides this. -# List of supported schemes is in: http://wiki.dovecot.org/Authentication -#default_pass_scheme = CRYPT - -# You can use same UID and GID for all user accounts if you really want to. -# If the UID/GID is still found from LDAP reply, it overrides these values. -#user_global_uid = -#user_global_gid =
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/dovecot-sql-example.conf Fri Mar 23 02:04:52 2007 +0200 @@ -0,0 +1,117 @@ +# This file is opened as root, so it should be owned by root and mode 0600. +# +# http://wiki.dovecot.org/AuthDatabase/SQL +# +# For the sql passdb module, you'll need a database with a table that +# contains fields for at least the userid and password. If you want to +# use the user@domain syntax, you might want to have a separate domain +# field as well. +# +# If your users all have the same uig/gid, and have predictable home +# directories, you can use the static userdb module to generate the home +# dir based on the userid and domain. In this case, you won't need fields +# for home, uid, or gid in the database. +# +# If you prefer to use the sql userdb module, you'll want to add fields +# for home, uid, and gid. Here is an example table: +# +# CREATE TABLE users ( +# userid VARCHAR(128) NOT NULL, +# password VARCHAR(64) NOT NULL, +# home VARCHAR(255) NOT NULL, +# uid INTEGER NOT NULL, +# gid INTEGER NOT NULL, +# active CHAR(1) DEFAULT 'Y' NOT NULL +# ); + +# Database driver: mysql, pgsql, sqlite +#driver = + +# Database connection string. This is driver-specific setting. +# +# pgsql: +# For available options, see the PostgreSQL documention for the +# PQconnectdb function of libpq. +# +# mysql: +# Basic options emulate PostgreSQL option names: +# host, port, user, password, dbname +# +# But also adds some new settings: +# client_flags - See MySQL manual +# ssl_ca, ssl_ca_path - Set either one or both to enable SSL +# ssl_cert, ssl_key - For sending client-side certificates to server +# ssl_cipher - Set minimum allowed cipher security (default: HIGH) +# +# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock +# Note that currently you can't use spaces in parameters. +# +# sqlite: +# The path to the database file. +# +# Examples: +# connect = host=192.168.1.1 dbname=users +# connect = host=sql.example.com dbname=virtual user=virtual password=blarg +# connect = /etc/dovecot/authdb.sqlite +# +#connect = dbname=virtual user=virtual + +# Default password scheme. +# +# List of supported schemes is in +# http://wiki.dovecot.org/Authentication/PasswordSchemes +# +#default_pass_scheme = PLAIN-MD5 + +# Query to retrieve the password. +# +# This query must return only one row with "user" and "password" columns. +# The query can also return other fields which have a special meaning, see +# http://wiki.dovecot.org/PasswordDatabase/ExtraFields +# +# The "user" column is needed to make sure the username gets used with exactly +# the same casing as it's in the database. Note that if you store username and +# domain in separate fields, you most likely want to return a combination of +# them as the "user" column, otherwise the domain gets stripped. +# +# Commonly used available substitutions (see +# http://wiki.dovecot.org/Variables for full list): +# %u = entire userid +# %n = user part of user@domain +# %d = domain part of user@domain +# +# Note that these can be used only as input to SQL query. If the query outputs +# any of these substitutions, they're not touched. Otherwise it would be +# difficult to have eg. usernames containing '%' characters. +# +# Example: +# password_query = SELECT concat(userid, '@', domain) AS user, password FROM users WHERE userid = '%n' AND domain = '%d' +# password_query = SELECT pw AS password FROM users WHERE userid = '%u' AND active = 'Y' +# +#password_query = SELECT userid as user, password FROM users WHERE userid = '%u' + +# Query to retrieve the user information. +# +# The query must return only one row. Commonly returned columns are: +# uid - System UID +# gid - System GID +# home - Home directory +# mail - Mail location +# +# Either home or mail is required. uid and gid are required. If more than one +# row is returned or there are missing fields, the login will fail. For a list +# of all fields that can be returned, see +# http://wiki.dovecot.org/UserDatabase/ExtraFields +# +# Examples +# user_query = SELECT home, uid, gid FROM users WHERE userid = '%n' AND domain = '%d' +# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' +# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' +# +#user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' + +# If you wish to avoid two SQL lookups (passdb + userdb), you can use +# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll +# also have to return userdb fields in password_query prefixed with "userdb_" +# string. For example: +#password_query = SELECT userid as user, password, home as userdb_home, uid as userdb_uid, gid as userdb_gid FROM users WHERE userid = '%u'
--- a/doc/dovecot-sql.conf Fri Mar 23 01:33:01 2007 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,117 +0,0 @@ -# This file is opened as root, so it should be owned by root and mode 0600. -# -# http://wiki.dovecot.org/AuthDatabase/SQL -# -# For the sql passdb module, you'll need a database with a table that -# contains fields for at least the userid and password. If you want to -# use the user@domain syntax, you might want to have a separate domain -# field as well. -# -# If your users all have the same uig/gid, and have predictable home -# directories, you can use the static userdb module to generate the home -# dir based on the userid and domain. In this case, you won't need fields -# for home, uid, or gid in the database. -# -# If you prefer to use the sql userdb module, you'll want to add fields -# for home, uid, and gid. Here is an example table: -# -# CREATE TABLE users ( -# userid VARCHAR(128) NOT NULL, -# password VARCHAR(64) NOT NULL, -# home VARCHAR(255) NOT NULL, -# uid INTEGER NOT NULL, -# gid INTEGER NOT NULL, -# active CHAR(1) DEFAULT 'Y' NOT NULL -# ); - -# Database driver: mysql, pgsql, sqlite -#driver = - -# Database connection string. This is driver-specific setting. -# -# pgsql: -# For available options, see the PostgreSQL documention for the -# PQconnectdb function of libpq. -# -# mysql: -# Basic options emulate PostgreSQL option names: -# host, port, user, password, dbname -# -# But also adds some new settings: -# client_flags - See MySQL manual -# ssl_ca, ssl_ca_path - Set either one or both to enable SSL -# ssl_cert, ssl_key - For sending client-side certificates to server -# ssl_cipher - Set minimum allowed cipher security (default: HIGH) -# -# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock -# Note that currently you can't use spaces in parameters. -# -# sqlite: -# The path to the database file. -# -# Examples: -# connect = host=192.168.1.1 dbname=users -# connect = host=sql.example.com dbname=virtual user=virtual password=blarg -# connect = /etc/dovecot/authdb.sqlite -# -#connect = dbname=virtual user=virtual - -# Default password scheme. -# -# List of supported schemes is in -# http://wiki.dovecot.org/Authentication/PasswordSchemes -# -#default_pass_scheme = PLAIN-MD5 - -# Query to retrieve the password. -# -# This query must return only one row with "user" and "password" columns. -# The query can also return other fields which have a special meaning, see -# http://wiki.dovecot.org/PasswordDatabase/ExtraFields -# -# The "user" column is needed to make sure the username gets used with exactly -# the same casing as it's in the database. Note that if you store username and -# domain in separate fields, you most likely want to return a combination of -# them as the "user" column, otherwise the domain gets stripped. -# -# Commonly used available substitutions (see -# http://wiki.dovecot.org/Variables for full list): -# %u = entire userid -# %n = user part of user@domain -# %d = domain part of user@domain -# -# Note that these can be used only as input to SQL query. If the query outputs -# any of these substitutions, they're not touched. Otherwise it would be -# difficult to have eg. usernames containing '%' characters. -# -# Example: -# password_query = SELECT concat(userid, '@', domain) AS user, password FROM users WHERE userid = '%n' AND domain = '%d' -# password_query = SELECT pw AS password FROM users WHERE userid = '%u' AND active = 'Y' -# -#password_query = SELECT userid as user, password FROM users WHERE userid = '%u' - -# Query to retrieve the user information. -# -# The query must return only one row. Commonly returned columns are: -# uid - System UID -# gid - System GID -# home - Home directory -# mail - Mail location -# -# Either home or mail is required. uid and gid are required. If more than one -# row is returned or there are missing fields, the login will fail. For a list -# of all fields that can be returned, see -# http://wiki.dovecot.org/UserDatabase/ExtraFields -# -# Examples -# user_query = SELECT home, uid, gid FROM users WHERE userid = '%n' AND domain = '%d' -# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' -# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' -# -#user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' - -# If you wish to avoid two SQL lookups (passdb + userdb), you can use -# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll -# also have to return userdb fields in password_query prefixed with "userdb_" -# string. For example: -#password_query = SELECT userid as user, password, home as userdb_home, uid as userdb_uid, gid as userdb_gid FROM users WHERE userid = '%u'
--- a/dovecot-example.conf Fri Mar 23 01:33:01 2007 +0200 +++ b/dovecot-example.conf Fri Mar 23 02:04:52 2007 +0200 @@ -861,14 +861,14 @@ # SQL database # http://wiki.dovecot.org/AuthDatabase/SQL #passdb sql { - # Path for SQL configuration file, see doc/dovecot-sql.conf for example + # Path for SQL configuration file, see doc/dovecot-sql-example.conf #args = #} # LDAP database # http://wiki.dovecot.org/AuthDatabase/LDAP #passdb ldap { - # Path for LDAP configuration file, see doc/dovecot-ldap.conf for example + # Path for LDAP configuration file, see doc/dovecot-ldap-example.conf #args = #} @@ -926,14 +926,14 @@ # SQL database # http://wiki.dovecot.org/AuthDatabase/SQL #userdb sql { - # Path for SQL configuration file, see doc/dovecot-sql.conf for example + # Path for SQL configuration file, see doc/dovecot-sql-example.conf #args = #} # LDAP database # http://wiki.dovecot.org/AuthDatabase/LDAP #userdb ldap { - # Path for LDAP configuration file, see doc/dovecot-ldap.conf for example + # Path for LDAP configuration file, see doc/dovecot-ldap-example.conf #args = #}