osuosl-cookbooks / osl-imap

Apache License 2.0
0 stars 0 forks source link

LDAP Authentication #2

Open TravisWhitehead opened 6 years ago

TravisWhitehead commented 6 years ago

In the future we may wish to use LDAP authentication with Dovecot.

LDAP can be used with Dovecot in two manners: with authentication binds or password lookups. (Password lookups are probably more desirable unless we don't want Dovecot to be able to access LDAP hashes for security reasons.)

Overview:

  1. Research and decide between authentication binds or password lookups
  2. Create recipe included with its own enable_userdb and enable_passdb attributes, see how osl-imap::auth_sql and osl-imap::auth_system are set up for examples
  3. Determine changes needed on LDAP's end (depends on decision in step 1, see Dovecot's wiki)

Relevant:

TravisWhitehead commented 5 years ago

Another alternative would be to setup LDAP on the system level via NSS & PAM and then tell Dovecot to use the system/passdb/PAM userdb & passdb.