This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 6 and 7
Revision 6 as of 2008-01-01 14:31:45
Size: 2094
Editor: odnb-4d0aa5f5
Comment:
Revision 7 as of 2008-01-01 17:04:13
Size: 2116
Editor: odnb-4d0aa5f5
Comment:
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
How to return these extra fields depends on the password database you use. See the [wiki:PasswordDatabase password database] pages how to do it. Some passdbs however don't support returning them at all, such as [wiki:PasswordDatabase/PAM PAM]. How to return these extra fields depends on the password database you use. See the [wiki:PasswordDatabase password database] pages on how to do it. Some passdbs however don't support returning them at all, such as [wiki:PasswordDatabase/PAM PAM].
Line 16: Line 16:
Note that boolean fields are true always if the field exists. So `nodelay`, `nodelay=yes`, `nodelay=no` and `nodelay=0` all mean that the nodelay field is true. With SQL the field doesn't exist if its value is NULL. Note that boolean fields are true always if the field exists. So `nodelay`, `nodelay=yes`, `nodelay=no` and `nodelay=0` all mean that the nodelay field is true. With SQL the field is considered to be non-existant if its value is NULL.

Password database extra fields

The primary purpose of a password database lookup is to return the password for a given user. It may however also return other fields which are treated specially:

  • [wiki:PasswordDatabase/ExtraFields/User user]: Change the username (eg. lowercase it).
  • [wiki:PasswordDatabase/ExtraFields/AllowNets allow_nets]: Allow user to log in from only specified IPs.

  • [wiki:PasswordDatabase/ExtraFields/Proxy proxy]: Proxy the connection to another IMAP/POP3 server.
  • [wiki:PasswordDatabase/ExtraFields/Host host]: Send login referral to client.
  • [wiki:PasswordDatabase/ExtraFields/NoLogin nologin]: User isn't actually allowed to log in even if the password matches, with optionally a different reason given as the authentication failure message.

  • [wiki:PasswordDatabase/ExtraFields/NoDelay nodelay]: Don't delay reply to client in case of an authentication failure.

How to return these extra fields depends on the password database you use. See the [wiki:PasswordDatabase password database] pages on how to do it. Some passdbs however don't support returning them at all, such as [wiki:PasswordDatabase/PAM PAM].

The password database may also return fields prefixed with userdb_. These fields are only saved and used later as if they came from the [wiki:UserDatabase user database]'s extra fields. Typically this is done only when using [wiki:UserDatabase/Prefetch prefetch userdb].

Note that boolean fields are true always if the field exists. So nodelay, nodelay=yes, nodelay=no and nodelay=0 all mean that the nodelay field is true. With SQL the field is considered to be non-existant if its value is NULL.

Examples

SQL

dovecot-sql.conf:

password_query = SELECT userid as user, password, 'Y' as proxy, host \
  FROM users WHERE userid = '%u'
# NOTE: Dovecot doesn't really support line splitting with '\' currently

LDAP

dovecot-ldap.conf:

pass_attrs=uid=user,userPassword=password,proxy,hostName=host

passwd-file

user:{plain}pass::::::proxy=y host=127.0.0.1

None: PasswordDatabase/ExtraFields (last edited 2019-09-11 14:02:20 by MichaelSlusarz)