diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2020-05-19 02:40:48 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2020-05-19 07:56:01 +0200 |
| commit | 829f4d830aefedd95a75e61cfc9aa3e03f039c6f (patch) | |
| tree | 490438022f44a06498730a38f4dfc4a5fb141008 /roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext | |
| parent | 82e6b29ad39bfaee2d4036f98d1362ab8e689006 (diff) | |
IMAP: Update role to Debian Buster.
For `ssl_cipher_list` we pick the suggested value from
https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1d
At the moment it's equivalent (modulo order) to adding ‘EDH+AESGCM+aRSA’
to ‘EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL’.
Diffstat (limited to 'roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext')
| -rw-r--r-- | roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext index 1b97a0e..a455616 100644 --- a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext +++ b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext @@ -113,30 +113,39 @@ user_attrs = # %u - username # %n - user part in user@domain, same as %u if there's no domain # %d - domain part in user@domain, empty if user there's no domain user_filter = # Password checking attributes: # user: Virtual user name (user@domain), if you wish to change the # user-given username to something else # password: Password, may optionally start with {type}, eg. {crypt} # There are also other special fields which can be returned, see # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields pass_attrs = # If you wish to avoid two LDAP lookups (passdb + userdb), you can use # userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll # also have to include user_attrs in pass_attrs field prefixed with "userdb_" # string. For example: #pass_attrs = uid=user,userPassword=password,\ # homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid -# Filter for password lookups (ignored for auth binds) +# Filter for password lookups pass_filter = (&(objectClass=FripostVirtualUser)(fvl=%n)(fripostIsStatusActive=TRUE)) # Attributes and filter to get a list of all users #iterate_attrs = uid=user #iterate_filter = (objectClass=posixAccount) # Default password scheme. "{scheme}" before password overrides this. # List of supported schemes is in: http://wiki2.dovecot.org/Authentication #default_pass_scheme = CRYPT + +# By default all LDAP lookups are performed by the auth master process. +# If blocking=yes, auth worker processes are used to perform the lookups. +# Each auth worker process creates its own LDAP connection so this can +# increase parallelism. With blocking=no the auth master process can +# keep 8 requests pipelined for the LDAP connection, while with blocking=yes +# each connection has a maximum of 1 request running. For small systems the +# blocking=no is sufficient and uses less resources. +#blocking = no |