This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.

Compile OpenLDAP with 

        --enable-crypt

Create the ldap user and group.

/etc/rc.conf 

slapd_enable="YES"
slapd_args='-u ldap -g ldap -h "ldap://localhost ldap://<IP address> ldapi://%2fvar%2frun%2fopenldap/???x-mod=0777"'

/usr/local/etc/rc.d/slapd.sh You may not have either of the following lines. 

# Uncomment one of the following:

slapd_args="-u ldap -g ldap"

/usr/local/etc/openldap/slapd.conf 

include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema
password-hash {CRYPT}
pidfile         /var/run/ldap/slapd.pid
argsfile        /var/run/ldap/slapd.args
access to dn.children="ou=postoffice,dc=wibble,dc=net"
        by dn="cn=dovecot,ou=postoffice,dc=wibble,dc=net" read
        by anonymous auth
database        bdb
suffix          "dc=wibble,dc=net"
rootdn          "cn=Manager,dc=wibble,dc=net"
rootpw          hemmelighet
directory       /var/db/openldap-data
index   objectClass     eq

Compile Dovecot with 

        --with-rawlog --with-ldap

/usr/local/etc/dovecot-ldap.conf 

hosts = localhost
dn = cn=dovecot,ou=postoffice,dc=wibble,dc=net
dnpass = flop
ldap_version = 3
base = ou=postoffice,dc=wibble,dc=net
deref = never
scope = subtree
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=posixAccount)(uid=%u))
pass_attrs = uid=user,userPassword=password
pass_filter = (&(objectClass=posixAccount)(uid=%u))
default_pass_scheme = CRYPT
user_global_uid = 3000
user_global_gid = 8

/usr/local/etc/dovecot.conf 

base_dir = /var/run/dovecot/
protocols = imap
ssl_disable = yes
verbose_proctitle = yes
first_valid_uid = 3000
last_valid_uid = 3000
first_valid_gid = 8
last_valid_gid = 8
valid_chroot_dirs = /var/mail
mail_location = mbox:/var/mail/%u # or maildir
maildir_copy_with_hardlinks = yes

protocol imap {
  client_workarounds = oe6-fetch-no-newmail outlook-idle
}

auth_verbose = yes

auth default {
  mechanisms = plain
  user = dovecot-auth
  passdb ldap {
    args = /usr/local/etc/dovecot-ldap.conf
  }
  userdb ldap {
    args = /usr/local/etc/dovecot-ldap.conf
  }
}

/usr/local/etc/openldap/wibble.ldif 

dn: dc=wibble,dc=net
        objectClass: top
        objectClass: dcObject
        objectClass: organization
        o: Wibble Corp.
        dc: wibble
        description: Wibble, with Ole Wobble and Ole Wubble

dn: ou=accounts,dc=wibble,dc=net
        objectClass: top
        objectClass: organizationalUnit
        ou: accounts

dn: cn=dovecot,ou=accounts,dc=wibble,dc=net
        objectClass: top
        objectclass: person
        cn: dovecot
        sn: dovecot
        
dn: uid=ole_wobble,ou=accounts,dc=wibble,dc=net
        objectClass: top
        objectclass: person
        objectClass: posixAccount
        cn: Ole Wobble Olson
        sn: Olson
        uid: ole_wobble
        uidNumber: 3000
        gidNumber: 8
        homeDirectory: /usr/home/postoffice
        
dn: uid=ole_wubble,ou=accounts,dc=wibble,dc=net
        objectClass: top
        objectclass: person
        objectClass: posixAccount
        cn: Ole Wubble Olson
        sn: Olson
        uid: ole_wubble
        uidNumber: 3000
        gidNumber: 8
        homeDirectory: /usr/home/postoffice

HowTo/DoveLdapCheatSheet (last edited 2009-03-15 22:35:14 by localhost)