wibble

2 files changed, 9 insertions, 7 deletions

diff --git a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
index 15eb306..0b38f00 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
+++ b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
@@ -3,35 +3,37 @@
 # <doc/wiki/AuthDatabase.LDAP.txt>
 
 passdb {
   driver = ldap
 
   # Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
   args = /etc/dovecot/dovecot-ldap.conf.ext
 }
 
 # "prefetch" user database means that the passdb already provided the
 # needed information and there's no need to do a separate userdb lookup.
 # <doc/wiki/UserDatabase.Prefetch.txt>
 #userdb {
 #  driver = prefetch
 #}
 
 #userdb {
 #  driver = ldap
 #  # This should be a different file from the passdb's, in order to perform
 #  # asynchronous requests.
+#
 #  args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
-#  
+#
 #  # Default fields can be used to specify defaults that LDAP may override
 #  default_fields = home=/home/mail/%d/%n
 #}
 
 # If you don't have any user-specific settings, you can avoid the userdb LDAP
 # lookup by using userdb static instead of userdb ldap, for example:
 # <doc/wiki/UserDatabase.Static.txt>
 userdb {
   driver = static
+
   # The MTA has already verified the existence of users when doing alias resolution,
   # so we can skip the passdb lookup here.
   args = home=/home/mail/%d/%n allow_all_users=yes
 }
diff --git a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext
index 1c504d3..77edba8 100644
--- a/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext
+++ b/roles/IMAP/files/etc/dovecot/dovecot-ldap.conf.ext
@@ -1,48 +1,48 @@
 # This file is opened as root, so it should be owned by root and mode 0600.
 #
 # http://wiki2.dovecot.org/AuthDatabase/LDAP
 #
 # NOTE: If you're not using authentication binds, you'll need to give
 # dovecot-auth read access to userPassword field in the LDAP server.
 # With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
 # already be something like this:
 
 # access to attribute=userPassword
 #        by dn="<dovecot's dn>" read # add this
 #        by anonymous auth
 #        by self write
 #        by * none
 
 # Space separated list of LDAP hosts to use. host:port is allowed too.
-hosts = localhost
+#hosts =
 
 # LDAP URIs to use. You can use this instead of hosts list. Note that this
 # setting isn't supported by all LDAP libraries.
 uris = ldapi://
 
 # Distinguished Name - the username used to login to the LDAP server.
 # Leave it commented out to bind anonymously (useful with auth_bind=yes).
-#dn = 
+#dn =
 
 # Password for LDAP server, if dn is specified.
-#dnpass = 
+#dnpass =
 
 # Use SASL binding instead of the simple binding. Note that this changes
 # ldap_version automatically to be 3 if it's lower. Also note that SASL binds
 # and auth_bind=yes don't work together.
 #sasl_bind = no
 # SASL mechanism name to use.
 #sasl_mech =
 # SASL realm to use.
 #sasl_realm =
 # SASL authorization ID, ie. the dnpass is for this "master user", but the
 # dn is still the logged in user. Normally you want to keep this empty.
 #sasl_authz_id =
 
 # Use TLS to connect to the LDAP server.
 #tls = no
 # TLS options, currently supported only with OpenLDAP:
 #tls_ca_cert_file =
 #tls_ca_cert_dir =
 #tls_cipher_suite =
 # TLS cert/key is used only if LDAP server requires a client certificate.
@@ -102,39 +102,39 @@ scope = base
 #   home - Home directory
 #   mail - Mail location
 #
 # There are also other special fields which can be returned, see
 # http://wiki2.dovecot.org/UserDatabase/ExtraFields
 user_attrs =
 
 # Filter for user lookup. Some variables can be used (see
 # http://wiki2.dovecot.org/Variables for full list):
 #   %u - username
 #   %n - user part in user@domain, same as %u if there's no domain
 #   %d - domain part in user@domain, empty if user there's no domain
 user_filter =
 
 # Password checking attributes:
 #  user: Virtual user name (user@domain), if you wish to change the
 #        user-given username to something else
 #  password: Password, may optionally start with {type}, eg. {crypt}
 # There are also other special fields which can be returned, see
 # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
-pass_attrs = fvl=user
+pass_attrs =
 
 # If you wish to avoid two LDAP lookups (passdb + userdb), you can use
 # userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
 # also have to include user_attrs in pass_attrs field prefixed with "userdb_"
 # string. For example:
 #pass_attrs = uid=user,userPassword=password,\
 #  homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid
 
-# Filter for password lookups
-pass_filter = (&(objectClass=FripostVirtualUser)(fvl=%n)(isActive=TRUE))
+# Filter for password lookups (ignored for auth binds)
+pass_filter = (&(objectClass=FripostVirtualUser)(fvl=%n)(fripostIsStatusActive=TRUE))
 
 # Attributes and filter to get a list of all users
 #iterate_attrs = uid=user
 #iterate_filter = (objectClass=posixAccount)
 
 # Default password scheme. "{scheme}" before password overrides this.
 # List of supported schemes is in: http://wiki2.dovecot.org/Authentication
 #default_pass_scheme = CRYPT