Mercurial > dovecot > original-hg > dovecot-1.2

changeset 5384:2a6ff0bbc932 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Renamed dovecot-sql/ldap.conf to dovecot-sql/ldap-example.conf. make install now installs them to sysconfdir.
author Timo Sirainen <tss@iki.fi>
date Fri, 23 Mar 2007 02:04:52 +0200
parents 8b5844d257e7
children 284f2994ea5f
files doc/Makefile.am doc/dovecot-ldap-example.conf doc/dovecot-ldap.conf doc/dovecot-sql-example.conf doc/dovecot-sql.conf dovecot-example.conf
diffstat 6 files changed, 249 insertions(+), 245 deletions(-) [+]
line wrap: on
line diff
--- a/doc/Makefile.am	Fri Mar 23 01:33:01 2007 +0200
+++ b/doc/Makefile.am	Fri Mar 23 02:04:52 2007 +0200
@@ -1,5 +1,10 @@
 docdir = $(datadir)/doc/dovecot
 
+confdir = $(sysconfdir)
+conf_DATA = \
+	dovecot-ldap-example.conf \
+	dovecot-sql-example.conf
+
 doc_DATA = \
 	USE-WIKI-INSTEAD \
 	auth-protocol.txt \
@@ -9,6 +14,5 @@
 EXTRA_DIST = \
 	mkcert.sh \
 	dovecot-openssl.cnf \
-	dovecot-ldap.conf \
-	dovecot-sql.conf \
-	$(doc_DATA)
+	$(doc_DATA) \
+	$(conf_DATA)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/dovecot-ldap-example.conf	Fri Mar 23 02:04:52 2007 +0200
@@ -0,0 +1,121 @@
+# This file is opened as root, so it should be owned by root and mode 0600.
+#
+# http://wiki.dovecot.org/AuthDatabase/LDAP
+#
+# NOTE: If you're not using authentication binds, you'll need to give
+# dovecot-auth read access to userPassword field in the LDAP server.
+# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
+# already be something like this:
+
+# access to attribute=userPassword
+#        by dn="<dovecot's dn>" read # add this
+#        by anonymous auth
+#        by self write
+#        by * none
+
+# Space separated list of LDAP hosts to use. host:port is allowed too.
+#hosts =
+
+# LDAP URIs to use. You can use this instead of hosts list. Note that this
+# setting isn't supported by all LDAP libraries.
+#uris = 
+
+# Distinguished Name - the username used to login to the LDAP server
+#dn = 
+
+# Password for LDAP server
+#dnpass = 
+
+# Use SASL binding instead of the simple binding. Note that this changes
+# ldap_version automatically to be 3 if it's lower. Also note that SASL binds
+# and auth_bind=yes don't work together.
+#sasl_bind = no
+# SASL mechanism name to use.
+#sasl_mech =
+# SASL realm to use.
+#sasl_realm =
+# SASL authorization ID, ie. the dnpass is for this "master user", but the
+# dn is still the logged in user. Normally you want to keep this empty.
+#sasl_authz_id =
+
+# Use TLS to connect to the LDAP server.
+#tls = no
+
+# Use authentication binding for verifying password's validity. This works by
+# logging into LDAP server using the username and password given by client.
+# The pass_filter is used to find the DN for the user. Note that the pass_attrs
+# is still used, only the password field is ignored in it. Before doing any
+# search, the binding is switched back to the default DN.
+#auth_bind = no
+
+# If authentication binding is used, you can save one LDAP request per login
+# if users' DN can be specified with a common template. The template can use
+# the standard %variables (see user_filter). Note that you can't
+# use any pass_attrs if you use this setting.
+#
+# If you use this setting, it's a good idea to use a different
+# dovecot-ldap.conf for userdb (it can even be a symlink, just as long as the
+# filename is different in userdb's args). That way one connection is used only
+# for LDAP binds and another connection is used for user lookups. Otherwise
+# the binding is changed to the default DN before each user lookup.
+#
+# For example:
+#   auth_bind_userdn = cn=%u,ou=people,o=org
+#
+#auth_bind_userdn =
+
+# LDAP protocol version to use. Likely 2 or 3.
+#ldap_version = 2
+
+# LDAP base. %variables can be used here.
+base = uid=someone, dc=foo, dc=bar, dc=org
+
+# Dereference: never, searching, finding, always
+#deref = never
+
+# Search scope: base, onelevel, subtree
+#scope = subtree
+
+# User attributes are given in LDAP-name=dovecot-internal-name list. The
+# internal names are:
+#   uid - System UID
+#   gid - System GID
+#   home - Home directory
+#   mail - Mail location
+#
+# There are also other special fields which can be returned, see
+# http://wiki.dovecot.org/UserDatabase/ExtraFields
+#user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
+
+# Filter for user lookup. Some variables can be used (see
+# http://wiki.dovecot.org/Variables for full list):
+#   %u - username
+#   %n - user part in user@domain, same as %u if there's no domain
+#   %d - domain part in user@domain, empty if user there's no domain
+#user_filter = (&(objectClass=posixAccount)(uid=%u))
+
+# Password checking attributes:
+#  user: Virtual user name (user@domain), if you wish to change the
+#        user-given username to something else
+#  password: Password, may optionally start with {type}, eg. {crypt}
+# There are also other special fields which can be returned, see
+# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
+#pass_attrs = uid=user,userPassword=password
+
+# If you wish to avoid two LDAP lookups (passdb + userdb), you can use
+# userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
+# also have to include user_attrs in pass_attrs field prefixed with "userdb_"
+# string. For example:
+#pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid
+
+# Filter for password lookups
+#pass_filter = (&(objectClass=posixAccount)(uid=%u))
+
+# Default password scheme. "{scheme}" before password overrides this.
+# List of supported schemes is in: http://wiki.dovecot.org/Authentication
+#default_pass_scheme = CRYPT
+
+# You can use same UID and GID for all user accounts if you really want to.
+# If the UID/GID is still found from LDAP reply, it overrides these values.
+#user_global_uid = 
+#user_global_gid = 
--- a/doc/dovecot-ldap.conf	Fri Mar 23 01:33:01 2007 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,121 +0,0 @@
-# This file is opened as root, so it should be owned by root and mode 0600.
-#
-# http://wiki.dovecot.org/AuthDatabase/LDAP
-#
-# NOTE: If you're not using authentication binds, you'll need to give
-# dovecot-auth read access to userPassword field in the LDAP server.
-# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
-# already be something like this:
-
-# access to attribute=userPassword
-#        by dn="<dovecot's dn>" read # add this
-#        by anonymous auth
-#        by self write
-#        by * none
-
-# Space separated list of LDAP hosts to use. host:port is allowed too.
-#hosts =
-
-# LDAP URIs to use. You can use this instead of hosts list. Note that this
-# setting isn't supported by all LDAP libraries.
-#uris = 
-
-# Distinguished Name - the username used to login to the LDAP server
-#dn = 
-
-# Password for LDAP server
-#dnpass = 
-
-# Use SASL binding instead of the simple binding. Note that this changes
-# ldap_version automatically to be 3 if it's lower. Also note that SASL binds
-# and auth_bind=yes don't work together.
-#sasl_bind = no
-# SASL mechanism name to use.
-#sasl_mech =
-# SASL realm to use.
-#sasl_realm =
-# SASL authorization ID, ie. the dnpass is for this "master user", but the
-# dn is still the logged in user. Normally you want to keep this empty.
-#sasl_authz_id =
-
-# Use TLS to connect to the LDAP server.
-#tls = no
-
-# Use authentication binding for verifying password's validity. This works by
-# logging into LDAP server using the username and password given by client.
-# The pass_filter is used to find the DN for the user. Note that the pass_attrs
-# is still used, only the password field is ignored in it. Before doing any
-# search, the binding is switched back to the default DN.
-#auth_bind = no
-
-# If authentication binding is used, you can save one LDAP request per login
-# if users' DN can be specified with a common template. The template can use
-# the standard %variables (see user_filter). Note that you can't
-# use any pass_attrs if you use this setting.
-#
-# If you use this setting, it's a good idea to use a different
-# dovecot-ldap.conf for userdb (it can even be a symlink, just as long as the
-# filename is different in userdb's args). That way one connection is used only
-# for LDAP binds and another connection is used for user lookups. Otherwise
-# the binding is changed to the default DN before each user lookup.
-#
-# For example:
-#   auth_bind_userdn = cn=%u,ou=people,o=org
-#
-#auth_bind_userdn =
-
-# LDAP protocol version to use. Likely 2 or 3.
-#ldap_version = 2
-
-# LDAP base. %variables can be used here.
-base = uid=someone, dc=foo, dc=bar, dc=org
-
-# Dereference: never, searching, finding, always
-#deref = never
-
-# Search scope: base, onelevel, subtree
-#scope = subtree
-
-# User attributes are given in LDAP-name=dovecot-internal-name list. The
-# internal names are:
-#   uid - System UID
-#   gid - System GID
-#   home - Home directory
-#   mail - Mail location
-#
-# There are also other special fields which can be returned, see
-# http://wiki.dovecot.org/UserDatabase/ExtraFields
-#user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
-
-# Filter for user lookup. Some variables can be used (see
-# http://wiki.dovecot.org/Variables for full list):
-#   %u - username
-#   %n - user part in user@domain, same as %u if there's no domain
-#   %d - domain part in user@domain, empty if user there's no domain
-#user_filter = (&(objectClass=posixAccount)(uid=%u))
-
-# Password checking attributes:
-#  user: Virtual user name (user@domain), if you wish to change the
-#        user-given username to something else
-#  password: Password, may optionally start with {type}, eg. {crypt}
-# There are also other special fields which can be returned, see
-# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
-#pass_attrs = uid=user,userPassword=password
-
-# If you wish to avoid two LDAP lookups (passdb + userdb), you can use
-# userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
-# also have to include user_attrs in pass_attrs field prefixed with "userdb_"
-# string. For example:
-#pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid
-
-# Filter for password lookups
-#pass_filter = (&(objectClass=posixAccount)(uid=%u))
-
-# Default password scheme. "{scheme}" before password overrides this.
-# List of supported schemes is in: http://wiki.dovecot.org/Authentication
-#default_pass_scheme = CRYPT
-
-# You can use same UID and GID for all user accounts if you really want to.
-# If the UID/GID is still found from LDAP reply, it overrides these values.
-#user_global_uid = 
-#user_global_gid = 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/dovecot-sql-example.conf	Fri Mar 23 02:04:52 2007 +0200
@@ -0,0 +1,117 @@
+# This file is opened as root, so it should be owned by root and mode 0600.
+#
+# http://wiki.dovecot.org/AuthDatabase/SQL
+#
+# For the sql passdb module, you'll need a database with a table that
+# contains fields for at least the userid and password. If you want to
+# use the user@domain syntax, you might want to have a separate domain
+# field as well.
+#
+# If your users all have the same uig/gid, and have predictable home
+# directories, you can use the static userdb module to generate the home
+# dir based on the userid and domain. In this case, you won't need fields
+# for home, uid, or gid in the database.
+#
+# If you prefer to use the sql userdb module, you'll want to add fields
+# for home, uid, and gid. Here is an example table:
+#
+# CREATE TABLE users (
+#     userid VARCHAR(128) NOT NULL,
+#     password VARCHAR(64) NOT NULL,
+#     home VARCHAR(255) NOT NULL,
+#     uid INTEGER NOT NULL,
+#     gid INTEGER NOT NULL,
+#     active CHAR(1) DEFAULT 'Y' NOT NULL
+# );
+
+# Database driver: mysql, pgsql, sqlite
+#driver = 
+
+# Database connection string. This is driver-specific setting.
+#
+# pgsql:
+#   For available options, see the PostgreSQL documention for the
+#   PQconnectdb function of libpq.
+#
+# mysql:
+#   Basic options emulate PostgreSQL option names:
+#     host, port, user, password, dbname
+#
+#   But also adds some new settings:
+#     client_flags        - See MySQL manual
+#     ssl_ca, ssl_ca_path - Set either one or both to enable SSL
+#     ssl_cert, ssl_key   - For sending client-side certificates to server
+#     ssl_cipher          - Set minimum allowed cipher security (default: HIGH)
+# 
+#   You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
+#   Note that currently you can't use spaces in parameters.
+#
+# sqlite:
+#   The path to the database file.
+#
+# Examples:
+#   connect = host=192.168.1.1 dbname=users
+#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
+#   connect = /etc/dovecot/authdb.sqlite
+#
+#connect = dbname=virtual user=virtual
+
+# Default password scheme.
+#
+# List of supported schemes is in
+# http://wiki.dovecot.org/Authentication/PasswordSchemes
+#
+#default_pass_scheme = PLAIN-MD5
+
+# Query to retrieve the password.
+#
+# This query must return only one row with "user" and "password" columns.
+# The query can also return other fields which have a special meaning, see
+# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
+#
+# The "user" column is needed to make sure the username gets used with exactly
+# the same casing as it's in the database. Note that if you store username and
+# domain in separate fields, you most likely want to return a combination of
+# them as the "user" column, otherwise the domain gets stripped.
+#
+# Commonly used available substitutions (see
+# http://wiki.dovecot.org/Variables for full list):
+#   %u = entire userid
+#   %n = user part of user@domain
+#   %d = domain part of user@domain
+# 
+# Note that these can be used only as input to SQL query. If the query outputs
+# any of these substitutions, they're not touched. Otherwise it would be
+# difficult to have eg. usernames containing '%' characters.
+#
+# Example:
+#   password_query = SELECT concat(userid, '@', domain) AS user, password FROM users WHERE userid = '%n' AND domain = '%d'
+#   password_query = SELECT pw AS password FROM users WHERE userid = '%u' AND active = 'Y'
+#
+#password_query = SELECT userid as user, password FROM users WHERE userid = '%u'
+
+# Query to retrieve the user information.
+#
+# The query must return only one row. Commonly returned columns are:
+#   uid - System UID
+#   gid - System GID
+#   home - Home directory
+#   mail - Mail location
+#
+# Either home or mail is required. uid and gid are required. If more than one
+# row is returned or there are missing fields, the login will fail. For a list
+# of all fields that can be returned, see 
+# http://wiki.dovecot.org/UserDatabase/ExtraFields
+#
+# Examples
+#   user_query = SELECT home, uid, gid FROM users WHERE userid = '%n' AND domain = '%d'
+#   user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
+#   user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
+#
+#user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
+
+# If you wish to avoid two SQL lookups (passdb + userdb), you can use
+# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
+# also have to return userdb fields in password_query prefixed with "userdb_"
+# string. For example:
+#password_query = SELECT userid as user, password, home as userdb_home, uid as userdb_uid, gid as userdb_gid FROM users WHERE userid = '%u'
--- a/doc/dovecot-sql.conf	Fri Mar 23 01:33:01 2007 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,117 +0,0 @@
-# This file is opened as root, so it should be owned by root and mode 0600.
-#
-# http://wiki.dovecot.org/AuthDatabase/SQL
-#
-# For the sql passdb module, you'll need a database with a table that
-# contains fields for at least the userid and password. If you want to
-# use the user@domain syntax, you might want to have a separate domain
-# field as well.
-#
-# If your users all have the same uig/gid, and have predictable home
-# directories, you can use the static userdb module to generate the home
-# dir based on the userid and domain. In this case, you won't need fields
-# for home, uid, or gid in the database.
-#
-# If you prefer to use the sql userdb module, you'll want to add fields
-# for home, uid, and gid. Here is an example table:
-#
-# CREATE TABLE users (
-#     userid VARCHAR(128) NOT NULL,
-#     password VARCHAR(64) NOT NULL,
-#     home VARCHAR(255) NOT NULL,
-#     uid INTEGER NOT NULL,
-#     gid INTEGER NOT NULL,
-#     active CHAR(1) DEFAULT 'Y' NOT NULL
-# );
-
-# Database driver: mysql, pgsql, sqlite
-#driver = 
-
-# Database connection string. This is driver-specific setting.
-#
-# pgsql:
-#   For available options, see the PostgreSQL documention for the
-#   PQconnectdb function of libpq.
-#
-# mysql:
-#   Basic options emulate PostgreSQL option names:
-#     host, port, user, password, dbname
-#
-#   But also adds some new settings:
-#     client_flags        - See MySQL manual
-#     ssl_ca, ssl_ca_path - Set either one or both to enable SSL
-#     ssl_cert, ssl_key   - For sending client-side certificates to server
-#     ssl_cipher          - Set minimum allowed cipher security (default: HIGH)
-# 
-#   You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
-#   Note that currently you can't use spaces in parameters.
-#
-# sqlite:
-#   The path to the database file.
-#
-# Examples:
-#   connect = host=192.168.1.1 dbname=users
-#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
-#   connect = /etc/dovecot/authdb.sqlite
-#
-#connect = dbname=virtual user=virtual
-
-# Default password scheme.
-#
-# List of supported schemes is in
-# http://wiki.dovecot.org/Authentication/PasswordSchemes
-#
-#default_pass_scheme = PLAIN-MD5
-
-# Query to retrieve the password.
-#
-# This query must return only one row with "user" and "password" columns.
-# The query can also return other fields which have a special meaning, see
-# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
-#
-# The "user" column is needed to make sure the username gets used with exactly
-# the same casing as it's in the database. Note that if you store username and
-# domain in separate fields, you most likely want to return a combination of
-# them as the "user" column, otherwise the domain gets stripped.
-#
-# Commonly used available substitutions (see
-# http://wiki.dovecot.org/Variables for full list):
-#   %u = entire userid
-#   %n = user part of user@domain
-#   %d = domain part of user@domain
-# 
-# Note that these can be used only as input to SQL query. If the query outputs
-# any of these substitutions, they're not touched. Otherwise it would be
-# difficult to have eg. usernames containing '%' characters.
-#
-# Example:
-#   password_query = SELECT concat(userid, '@', domain) AS user, password FROM users WHERE userid = '%n' AND domain = '%d'
-#   password_query = SELECT pw AS password FROM users WHERE userid = '%u' AND active = 'Y'
-#
-#password_query = SELECT userid as user, password FROM users WHERE userid = '%u'
-
-# Query to retrieve the user information.
-#
-# The query must return only one row. Commonly returned columns are:
-#   uid - System UID
-#   gid - System GID
-#   home - Home directory
-#   mail - Mail location
-#
-# Either home or mail is required. uid and gid are required. If more than one
-# row is returned or there are missing fields, the login will fail. For a list
-# of all fields that can be returned, see 
-# http://wiki.dovecot.org/UserDatabase/ExtraFields
-#
-# Examples
-#   user_query = SELECT home, uid, gid FROM users WHERE userid = '%n' AND domain = '%d'
-#   user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
-#   user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
-#
-#user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
-
-# If you wish to avoid two SQL lookups (passdb + userdb), you can use
-# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
-# also have to return userdb fields in password_query prefixed with "userdb_"
-# string. For example:
-#password_query = SELECT userid as user, password, home as userdb_home, uid as userdb_uid, gid as userdb_gid FROM users WHERE userid = '%u'
--- a/dovecot-example.conf	Fri Mar 23 01:33:01 2007 +0200
+++ b/dovecot-example.conf	Fri Mar 23 02:04:52 2007 +0200
@@ -861,14 +861,14 @@
   # SQL database
   # http://wiki.dovecot.org/AuthDatabase/SQL
   #passdb sql {
-    # Path for SQL configuration file, see doc/dovecot-sql.conf for example
+    # Path for SQL configuration file, see doc/dovecot-sql-example.conf
     #args = 
   #}
 
   # LDAP database
   # http://wiki.dovecot.org/AuthDatabase/LDAP
   #passdb ldap {
-    # Path for LDAP configuration file, see doc/dovecot-ldap.conf for example
+    # Path for LDAP configuration file, see doc/dovecot-ldap-example.conf
     #args = 
   #}
 
@@ -926,14 +926,14 @@
   # SQL database
   # http://wiki.dovecot.org/AuthDatabase/SQL
   #userdb sql {
-    # Path for SQL configuration file, see doc/dovecot-sql.conf for example
+    # Path for SQL configuration file, see doc/dovecot-sql-example.conf
     #args = 
   #}
 
   # LDAP database
   # http://wiki.dovecot.org/AuthDatabase/LDAP
   #userdb ldap {
-    # Path for LDAP configuration file, see doc/dovecot-ldap.conf for example
+    # Path for LDAP configuration file, see doc/dovecot-ldap-example.conf
     #args = 
   #}