Size: 1551
Comment:
|
Size: 2205
Comment:
|
Deletions are marked like this. | Additions are marked like this. |
Line 3: | Line 3: |
The primary purpose of a password database lookup is the return the password for a given user. It may however also return other fields which are treated specially: | The primary purpose of a password database lookup is to return the password for a given user. It may however also return other fields which are treated specially: |
Line 5: | Line 5: |
* [wiki:PasswordDatabase/ExtraFields/User user]: Change the username (eg. lowercase it). * [wiki:PasswordDatabase/ExtraFields/AllowNets allow_nets]: Allow user to log in from only specified IPs. * [wiki:PasswordDatabase/ExtraFields/Proxy proxy]: Proxy the connection to another IMAP/POP3 server. * [wiki:PasswordDatabase/ExtraFields/Host host]: Send login referral to client. * [wiki:PasswordDatabase/ExtraFields/NoLogin nologin]: User isn't actually allowed to log in even if the password matches. Typically used with [wiki:PasswordDatabase/ExtraFields/Reason reason]. * [wiki:PasswordDatabase/ExtraFields/Reason reason]: If the authentication fails, show this as the reason for the client. * [wiki:PasswordDatabase/ExtraFields/NoDelay nodelay]: Don't delay replying to client of the authentication failure. |
* [:PasswordDatabase/ExtraFields/User:user]: Change the username (eg. lowercase it). * [:PasswordDatabase/ExtraFields/AllowNets:allow_nets]: Allow user to log in from only specified IPs. * [:PasswordDatabase/ExtraFields/Proxy:proxy and proxy_maybe]: Proxy the connection to another IMAP/POP3 server. * [:PasswordDatabase/ExtraFields/Host:host]: Send login referral to client. * [:PasswordDatabase/ExtraFields/NoLogin:nologin]: User isn't actually allowed to log in even if the password matches, with optionally a different reason given as the authentication failure message. * [:PasswordDatabase/ExtraFields/NoDelay:nodelay]: Don't delay reply to client in case of an authentication failure. * nopassword: v1.1+: If you want to allow all passwords, use an empty password and this field. |
Line 13: | Line 13: |
How to return these extra fields depends on the password database you use. See the [wiki:PasswordDatabase password database] pages how to do it. Some passdbs however don't support returning them at all, such as [wiki:PasswordDatabase/PAM PAM]. | How to return these extra fields depends on the password database you use. See the [wiki:PasswordDatabase password database] pages on how to do it. Some passdbs however don't support returning them at all, such as [wiki:PasswordDatabase/PAM PAM]. |
Line 16: | Line 16: |
Note that boolean fields are true always if the field exists. So `nodelay`, `nodelay=yes`, `nodelay=no` and `nodelay=0` all mean that the nodelay field is true. With SQL the field is considered to be non-existent if its value is NULL. == Examples == === SQL === dovecot-sql.conf: {{{ password_query = SELECT userid as user, password, 'Y' as proxy, host \ FROM users WHERE userid = '%u' # NOTE: Dovecot doesn't really support line splitting with '\' currently }}} === LDAP === dovecot-ldap.conf: {{{ pass_attrs=uid=user,userPassword=password,proxy,hostName=host }}} === passwd-file === {{{ user:{plain}pass::::::proxy=y host=127.0.0.1 }}} |
Password database extra fields
The primary purpose of a password database lookup is to return the password for a given user. It may however also return other fields which are treated specially:
[:PasswordDatabase/ExtraFields/User:user]: Change the username (eg. lowercase it).
[:PasswordDatabase/ExtraFields/AllowNets:allow_nets]: Allow user to log in from only specified IPs.
[:PasswordDatabase/ExtraFields/Proxy:proxy and proxy_maybe]: Proxy the connection to another IMAP/POP3 server.
[:PasswordDatabase/ExtraFields/Host:host]: Send login referral to client.
[:PasswordDatabase/ExtraFields/NoLogin:nologin]: User isn't actually allowed to log in even if the password matches, with optionally a different reason given as the authentication failure message.
[:PasswordDatabase/ExtraFields/NoDelay:nodelay]: Don't delay reply to client in case of an authentication failure.
- nopassword: v1.1+: If you want to allow all passwords, use an empty password and this field.
How to return these extra fields depends on the password database you use. See the [wiki:PasswordDatabase password database] pages on how to do it. Some passdbs however don't support returning them at all, such as [wiki:PasswordDatabase/PAM PAM].
The password database may also return fields prefixed with userdb_. These fields are only saved and used later as if they came from the [wiki:UserDatabase user database]'s extra fields. Typically this is done only when using [wiki:UserDatabase/Prefetch prefetch userdb].
Note that boolean fields are true always if the field exists. So nodelay, nodelay=yes, nodelay=no and nodelay=0 all mean that the nodelay field is true. With SQL the field is considered to be non-existent if its value is NULL.
Examples
SQL
dovecot-sql.conf:
password_query = SELECT userid as user, password, 'Y' as proxy, host \ FROM users WHERE userid = '%u' # NOTE: Dovecot doesn't really support line splitting with '\' currently
LDAP
dovecot-ldap.conf:
pass_attrs=uid=user,userPassword=password,proxy,hostName=host
passwd-file
user:{plain}pass::::::proxy=y host=127.0.0.1