2 files changed, 20 insertions, 0 deletions

diff --git a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
index 360727e..9917753 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
+++ b/roles/IMAP/files/etc/dovecot/conf.d/auth-ldap.conf.ext
@@ -20,20 +20,28 @@ passdb {
 #  driver = ldap
 #  # This should be a different file from the passdb's, in order to perform
 #  # asynchronous requests.
 #
 #  args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
 #
 #  # Default fields can be used to specify defaults that LDAP may override
 #  default_fields = home=/home/mail/virtual/%d/%n
 #}
 
 # If you don't have any user-specific settings, you can avoid the userdb LDAP
 # lookup by using userdb static instead of userdb ldap, for example:
 # <doc/wiki/UserDatabase.Static.txt>
 userdb {
   driver = static
 
   # The MTA has already verified the existence of users when doing alias resolution,
   # so we can skip the passdb lookup here.
   args = home=/home/mail/virtual/%d/%n allow_all_users=yes
 }
+
+# Used only for iteration as the static userdb above always succeeds
+userdb {
+  driver = dict
+  skip = found
+  result_internalfail = return-fail
+  args = /etc/dovecot/dovecot-dict-auth.conf.ext
+}
diff --git a/roles/IMAP/files/etc/dovecot/dovecot-dict-auth.conf.ext b/roles/IMAP/files/etc/dovecot/dovecot-dict-auth.conf.ext
new file mode 100644
index 0000000..ecd7134
--- /dev/null
+++ b/roles/IMAP/files/etc/dovecot/dovecot-dict-auth.conf.ext
@@ -0,0 +1,12 @@
+# This file is commonly accessed via passdb {} or userdb {} section in
+# conf.d/auth-dict.conf.ext
+
+# Dictionary URI
+uri = proxy:/var/run/dovecot/auth-proxy:
+
+# Username iteration prefix. Keys under this are assumed to contain usernames.
+iterate_prefix = userdb/
+
+# Should iteration be disabled for this userdb? If this userdb acts only as a
+# cache there's no reason to try to iterate the (partial & duplicate) users.
+iterate_disable = no