commit | author | age
|
fdb514
|
1 |
# This file is opened as root, so it should be owned by root and mode 0600. |
T |
2 |
# |
|
3 |
# http://wiki.dovecot.org/AuthDatabase/SQL |
|
4 |
# |
|
5 |
# For the sql passdb module, you'll need a database with a table that |
|
6 |
# contains fields for at least the username and password. If you want to |
|
7 |
# use the user@domain syntax, you might want to have a separate domain |
|
8 |
# field as well. |
|
9 |
# |
|
10 |
# If your users all have the same uig/gid, and have predictable home |
|
11 |
# directories, you can use the static userdb module to generate the home |
|
12 |
# dir based on the username and domain. In this case, you won't need fields |
|
13 |
# for home, uid, or gid in the database. |
|
14 |
# |
|
15 |
# If you prefer to use the sql userdb module, you'll want to add fields |
|
16 |
# for home, uid, and gid. Here is an example table: |
|
17 |
# |
|
18 |
# CREATE TABLE users ( |
|
19 |
# username VARCHAR(128) NOT NULL, |
|
20 |
# domain VARCHAR(128) NOT NULL, |
|
21 |
# password VARCHAR(64) NOT NULL, |
|
22 |
# home VARCHAR(255) NOT NULL, |
|
23 |
# uid INTEGER NOT NULL, |
|
24 |
# gid INTEGER NOT NULL, |
|
25 |
# active CHAR(1) DEFAULT 'Y' NOT NULL |
|
26 |
# ); |
|
27 |
|
|
28 |
# Database driver: mysql, pgsql, sqlite |
|
29 |
#driver = |
|
30 |
|
|
31 |
# Database connection string. This is driver-specific setting. |
|
32 |
# |
|
33 |
# pgsql: |
|
34 |
# For available options, see the PostgreSQL documention for the |
|
35 |
# PQconnectdb function of libpq. |
|
36 |
# |
|
37 |
# mysql: |
|
38 |
# Basic options emulate PostgreSQL option names: |
|
39 |
# host, port, user, password, dbname |
|
40 |
# |
|
41 |
# But also adds some new settings: |
|
42 |
# client_flags - See MySQL manual |
|
43 |
# ssl_ca, ssl_ca_path - Set either one or both to enable SSL |
|
44 |
# ssl_cert, ssl_key - For sending client-side certificates to server |
|
45 |
# ssl_cipher - Set minimum allowed cipher security (default: HIGH) |
|
46 |
# option_file - Read options from the given file instead of |
|
47 |
# the default my.cnf location |
|
48 |
# option_group - Read options from the given group (default: client) |
|
49 |
# |
|
50 |
# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock |
|
51 |
# Note that currently you can't use spaces in parameters. |
|
52 |
# |
|
53 |
# MySQL supports multiple host parameters for load balancing / HA. |
|
54 |
# |
|
55 |
# sqlite: |
|
56 |
# The path to the database file. |
|
57 |
# |
|
58 |
# Examples: |
|
59 |
# connect = host=192.168.1.1 dbname=users |
|
60 |
# connect = host=sql.example.com dbname=virtual user=virtual password=blarg |
|
61 |
# connect = /etc/dovecot/authdb.sqlite |
|
62 |
# |
|
63 |
#connect = |
|
64 |
|
|
65 |
# Default password scheme. |
|
66 |
# |
|
67 |
# List of supported schemes is in |
|
68 |
# http://wiki.dovecot.org/Authentication/PasswordSchemes |
|
69 |
# |
|
70 |
#default_pass_scheme = MD5 |
|
71 |
|
|
72 |
# passdb query to retrieve the password. It can return fields: |
|
73 |
# password - The user's password. This field must be returned. |
|
74 |
# user - user@domain from the database. Needed with case-insensitive lookups. |
|
75 |
# username and domain - An alternative way to represent the "user" field. |
|
76 |
# |
|
77 |
# The "user" field is often necessary with case-insensitive lookups to avoid |
|
78 |
# e.g. "name" and "nAme" logins creating two different mail directories. If |
|
79 |
# your user and domain names are in separate fields, you can return "username" |
|
80 |
# and "domain" fields instead of "user". |
|
81 |
# |
|
82 |
# The query can also return other fields which have a special meaning, see |
|
83 |
# http://wiki.dovecot.org/PasswordDatabase/ExtraFields |
|
84 |
# |
|
85 |
# Commonly used available substitutions (see http://wiki.dovecot.org/Variables |
|
86 |
# for full list): |
|
87 |
# %u = entire user@domain |
|
88 |
# %n = user part of user@domain |
|
89 |
# %d = domain part of user@domain |
|
90 |
# |
|
91 |
# Note that these can be used only as input to SQL query. If the query outputs |
|
92 |
# any of these substitutions, they're not touched. Otherwise it would be |
|
93 |
# difficult to have eg. usernames containing '%' characters. |
|
94 |
# |
|
95 |
# Example: |
|
96 |
# password_query = SELECT userid AS user, pw AS password \ |
|
97 |
# FROM users WHERE userid = '%u' AND active = 'Y' |
|
98 |
# |
|
99 |
#password_query = \ |
|
100 |
# SELECT username, domain, password \ |
|
101 |
# FROM users WHERE username = '%n' AND domain = '%d' |
|
102 |
|
|
103 |
# userdb query to retrieve the user information. It can return fields: |
|
104 |
# uid - System UID (overrides mail_uid setting) |
|
105 |
# gid - System GID (overrides mail_gid setting) |
|
106 |
# home - Home directory |
|
107 |
# mail - Mail location (overrides mail_location setting) |
|
108 |
# |
|
109 |
# None of these are strictly required. If you use a single UID and GID, and |
|
110 |
# home or mail directory fits to a template string, you could use userdb static |
|
111 |
# instead. For a list of all fields that can be returned, see |
|
112 |
# http://wiki.dovecot.org/UserDatabase/ExtraFields |
|
113 |
# |
|
114 |
# Examples: |
|
115 |
# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' |
|
116 |
# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' |
|
117 |
# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' |
|
118 |
# |
|
119 |
#user_query = \ |
|
120 |
# SELECT home, uid, gid \ |
|
121 |
# FROM users WHERE username = '%n' AND domain = '%d' |
|
122 |
|
|
123 |
# If you wish to avoid two SQL lookups (passdb + userdb), you can use |
|
124 |
# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll |
|
125 |
# also have to return userdb fields in password_query prefixed with "userdb_" |
|
126 |
# string. For example: |
|
127 |
#password_query = \ |
|
128 |
# SELECT userid AS user, password, \ |
|
129 |
# home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \ |
|
130 |
# FROM users WHERE userid = '%u' |
|
131 |
|
|
132 |
driver = mysql |
82e9b9
|
133 |
connect = host={mysql_server_host} dbname={mysql_server_database} user={mysql_server_ispconfig_user} password={mysql_server_ispconfig_password} port={mysql_server_port} |
fdb514
|
134 |
default_pass_scheme = CRYPT |
T |
135 |
|
03b633
|
136 |
# password-query with prefetch |
f339eb
|
137 |
password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' |
D |
138 |
user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '{server_id}' |
bfcdef
|
139 |
|
T |
140 |
# The iterate_query is required for the doveadm command only and works only on dovecot 2 servers. |
|
141 |
# Do not enable it on Dovecot 1.x servers |
|
142 |
# iterate_query = SELECT email as user FROM mail_user |