Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
- # CRC32 d372c2c5
- dn: olcDatabase={1}mdb
- objectClass: olcDatabaseConfig
- objectClass: olcMdbConfig
- olcDatabase: {1}mdb
- olcDbDirectory: /var/lib/ldap
- olcSuffix: dc=example,dc=com
- olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * non
- e
- olcAccess: {1}to attrs=shadowLastChange by self write by * read
- olcAccess: {2}to * by * read
- olcLastMod: TRUE
- olcRootDN: cn=diradmin,dc=example,dc=com
- olcDbCheckpoint: 512 30
- olcDbIndex: objectClass eq
- olcDbIndex: cn,uid eq
- olcDbIndex: uidNumber,gidNumber eq
- olcDbIndex: member,memberUid eq
- olcDbMaxSize: 1073741824
- structuralObjectClass: olcMdbConfig
- entryUUID: fed6b8a2-97ef-1038-8643-a149e041a590
- creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
- createTimestamp: 20181219153919Z
- olcRootPW:: cnZ3MTIz
- entryCSN: 20181220125956.316222Z#000000#000#000000
- modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
- modifyTimestamp: 20181220125956Z
- # extended LDIF
- #
- # LDAPv3
- # base <dc=example,dc=com> with scope subtree
- # filter: (objectclass=*)
- # requesting: ALL
- #
- # example.com
- dn: dc=example,dc=com
- dc: example
- o: Example Company
- objectClass: top
- objectClass: dcObject
- objectClass: organization
- # diradmin, example.com
- dn: cn=diradmin,dc=example,dc=com
- objectClass: organizationalRole
- objectClass: top
- cn: diradmin
- # Domains, example.com
- dn: ou=Domains,dc=example,dc=com
- objectClass: organizationalUnit
- objectClass: top
- ou: Domains
- # Users, example.com
- dn: ou=Users,dc=example,dc=com
- objectClass: organizationalUnit
- objectClass: top
- ou: Users
- # Services, example.com
- dn: ou=Services,dc=example,dc=com
- objectClass: organizationalUnit
- objectClass: top
- ou: Services
- # rvw.xxxxxx.org, Domains, example.com
- dn: dc=rvw.xxxxxx.org,ou=Domains,dc=example,dc=com
- dc: rvw.xxxxxx.org
- objectClass: dNSDomain
- objectClass: top
- o: postfixUser
- userPassword:: e0NSWVBUfXdRd0VQdGh3dEtUYTY=
- # Richard Williams, Users, example.com
- dn: cn=Richard Williams,ou=Users,dc=example,dc=com
- cn: Richard Williams
- mailacceptinggeneralid: rvw.xxxxxx.org
- maildrop: richardwilliams@rvw.xxxxxx.org
- mailEnabled: TRUE
- mailGidNumber: 5000
- mailUidNumber: 5000
- objectClass: extensibleObject
- objectClass: inetOrgPerson
- objectClass: organizationalPerson
- objectClass: person
- objectClass: PostfixBookMailAccount
- objectClass: postfixUser
- objectClass: top
- sn: Williams
- uid: richardwiliams
- userPassword:: e01ENX10YTc1cE80QjNwOWtJRFFuVUsxeUpRPT0=
- mail: richardwilliams@rvw.xxxxxx.org
- mailAlias: richard@rvw.xxxxxx.org
- mailAlias: postmaster@rvw.xxxxxx.org
- mailAlias: abuse@rvw.xxxxxx.org
- mailHomeDirectory: /home/vmail
- mailStorageDirectory: maildir:/home/vmail/richardwilliams@rvw.xxxxxx.org/Maild
- ir
- uniqueIdentifier: richardwilliams@rvw.xxxxxx.org
- # phamm, example.com
- dn: cn=phamm,dc=example,dc=com
- cn: phamm
- objectClass: organizationalRole
- objectClass: simpleSecurityObject
- objectClass: top
- userPassword:: e01ENX10YTc1cE80QjNwOWtJRFFuVUsxeUpRPT0=
- # dovecot, Services, example.com
- dn: uid=dovecot,ou=Services,dc=example,dc=com
- objectClass: account
- objectClass: simpleSecurityObject
- objectClass: top
- userPassword:: e01ENX10YTc1cE80QjNwOWtJRFFuVUsxeUpRPT0=
- uid: dovecot
- # search result
- search: 2
- result: 0 Success
- # numResponses: 10
- # numEntries: 9
- Jan 5 16:01:58 broadband dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libauthdb_ldap.so
- Jan 5 16:01:58 broadband dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
- Jan 5 16:01:58 broadband dovecot: auth: Debug: auth client connected (pid=1232)
- Jan 5 16:02:24 broadband dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=j1UfH7h+8tgAAAAAAAAAAAAAAAAAAAAB#011lip=::1#011rip=::1#011lport=143#011rport=55538#011resp=<hidden>
- Jan 5 16:02:24 broadband dovecot: auth: Debug: ldap(richardwilliams@rvw.xxxxxx.org,::1,<j1UfH7h+8tgAAAAAAAAAAAAAAAAAAAAB>): pass search: base=ou=Users,dc=example,dc=com scope=subtree filter=(&(objectClass=inetOrgPerson)(mail=richardwilliams@rvw.xxxxxx.org)) fields=mail,userPassword
- Jan 5 16:02:24 broadband dovecot: auth: Debug: ldap(richardwilliams@rvw.xxxxxx.org,::1,<j1UfH7h+8tgAAAAAAAAAAAAAAAAAAAAB>): result: mail=richardwilliams@rvw.xxxxxx.org; mail unused
- Jan 5 16:02:24 broadband dovecot: auth: Debug: ldap(richardwilliams@rvw.xxxxxx.org,::1,<j1UfH7h+8tgAAAAAAAAAAAAAAAAAAAAB>): result: mail=richardwilliams@rvw.xxxxxx.org; userPassword missing
- Jan 5 16:02:24 broadband dovecot: auth: ldap(richardwilliams@rvw.xxxxxx.org,::1,<j1UfH7h+8tgAAAAAAAAAAAAAAAAAAAAB>): No password returned (and no nopassword)
- Jan 5 16:02:26 broadband dovecot: auth: Debug: client passdb out: FAIL#0111#011user=richardwilliams@rvw.xxxxxx.org
- Jan 5 16:02:31 broadband dovecot: imap-login: Disconnected (auth failed, 1 attempts in 7 secs): user=<richardwilliams@rvw.xxxxxx.org>, method=PLAIN, rip=::1, lip=::1, secured, session=<j1UfH7h+8tgAAAAAAAAAAAAAAAAAAAAB>
- # This file is commonly accessed via passdb {} or userdb {} section in
- # conf.d/auth-ldap.conf.ext
- # This file is opened as root, so it should be owned by root and mode 0600.
- #
- # http://wiki2.dovecot.org/AuthDatabase/LDAP
- #
- # NOTE: If you're not using authentication binds, you'll need to give
- # dovecot-auth read access to userPassword field in the LDAP server.
- # With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
- # already be something like this:
- # access to attribute=userPassword
- # by dn="<dovecot's dn>" read # add this
- # by anonymous auth
- # by self write
- # by * none
- # Space separated list of LDAP hosts to use. host:port is allowed too.
- hosts = 127.0.0.1
- # LDAP URIs to use. You can use this instead of hosts list. Note that this
- # setting isn't supported by all LDAP libraries.
- #uris =
- # Distinguished Name - the username used to login to the LDAP server.
- # Leave it commented out to bind anonymously (useful with auth_bind=yes).
- #dn =
- # Password for LDAP server, if dn is specified.
- #dnpass =
- # Use SASL binding instead of the simple binding. Note that this changes
- # ldap_version automatically to be 3 if it's lower.
- #sasl_bind = no
- # SASL mechanism name to use.
- #sasl_mech =
- # SASL realm to use.
- #sasl_realm =
- # SASL authorization ID, ie. the dnpass is for this "master user", but the
- # dn is still the logged in user. Normally you want to keep this empty.
- #sasl_authz_id =
- # Use TLS to connect to the LDAP server.
- #tls = no
- # TLS options, currently supported only with OpenLDAP:
- #tls_ca_cert_file =
- #tls_ca_cert_dir =
- #tls_cipher_suite =
- # TLS cert/key is used only if LDAP server requires a client certificate.
- #tls_cert_file =
- #tls_key_file =
- # Valid values: never, hard, demand, allow, try
- #tls_require_cert =
- # Use the given ldaprc path.
- #ldaprc_path =
- # LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h.
- # -1 = everything. You may need to recompile OpenLDAP with debugging enabled
- # to get enough output.
- debug_level = 0
- # Use authentication binding for verifying password's validity. This works by
- # logging into LDAP server using the username and password given by client.
- # The pass_filter is used to find the DN for the user. Note that the pass_attrs
- # is still used, only the password field is ignored in it. Before doing any
- # search, the binding is switched back to the default DN.
- auth_bind = no
- # If authentication binding is used, you can save one LDAP request per login
- # if users' DN can be specified with a common template. The template can use
- # the standard %variables (see user_filter). Note that you can't
- # use any pass_attrs if you use this setting.
- #
- # If you use this setting, it's a good idea to use a different
- # dovecot-ldap.conf.ext for userdb (it can even be a symlink, just as long as
- # the filename is different in userdb's args). That way one connection is used
- # only for LDAP binds and another connection is used for user lookups.
- # Otherwise the binding is changed to the default DN before each user lookup.
- #
- # For example:
- # auth_bind_userdn = cn=%u,ou=people,o=org
- #
- #auth_bind_userdn =
- # LDAP protocol version to use. Likely 2 or 3.
- ldap_version = 3
- # LDAP base. %variables can be used here.
- # For example: dc=mail, dc=example, dc=org
- base = ou=Users,dc=example,dc=com
- # Dereference: never, searching, finding, always
- deref = never
- # Search scope: base, onelevel, subtree
- scope = subtree
- # User attributes are given in LDAP-name=dovecot-internal-name list. The
- # internal names are:
- # uid - System UID
- # gid - System GID
- # home - Home directory
- # mail - Mail location
- #
- # There are also other special fields which can be returned, see
- # http://wiki2.dovecot.org/UserDatabase/ExtraFields
- user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
- # Filter for user lookup. Some variables can be used (see
- # http://wiki2.dovecot.org/Variables for full list):
- # %u - username
- # %n - user part in user@domain, same as %u if there's no domain
- # %d - domain part in user@domain, empty if user there's no domain
- user_filter = (&(objectClass=inetOrgPerson)(mail=%u))
- # Password checking attributes:
- # user: Virtual user name (user@domain), if you wish to change the
- # user-given username to something else
- # password: Password, may optionally start with {type}, eg. {crypt}
- # There are also other special fields which can be returned, see
- # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
- pass_attrs = mail=user,userPassword=password
- # If you wish to avoid two LDAP lookups (passdb + userdb), you can use
- # userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
- # also have to include user_attrs in pass_attrs field prefixed with "userdb_"
- # string. For example:
- #pass_attrs = uid=user,userPassword=password,
- # homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid
- # Filter for password lookups
- pass_filter = (&(objectClass=inetOrgPerson)(mail=%u))
- # Attributes and filter to get a list of all users
- #iterate_attrs = uid=user
- #iterate_filter = (objectClass=posixAccount)
- # Default password scheme. "{scheme}" before password overrides this.
- # List of supported schemes is in: http://wiki2.dovecot.org/Authentication
- default_pass_scheme = md5
- # This file is commonly accessed via passdb {} or userdb {} section in
- # conf.d/auth-ldap.conf.ext
- # This file is opened as root, so it should be owned by root and mode 0600.
- #
- # http://wiki2.dovecot.org/AuthDatabase/LDAP
- #
- # NOTE: If you're not using authentication binds, you'll need to give
- # dovecot-auth read access to userPassword field in the LDAP server.
- # With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
- # already be something like this:
- # access to attribute=userPassword
- # by dn="<dovecot's dn>" read # add this
- # by anonymous auth
- # by self write
- # by * none
- # Space separated list of LDAP hosts to use. host:port is allowed too.
- hosts = 127.0.0.1
- # LDAP URIs to use. You can use this instead of hosts list. Note that this
- # setting isn't supported by all LDAP libraries.
- #uris =
- # Distinguished Name - the username used to login to the LDAP server.
- # Leave it commented out to bind anonymously (useful with auth_bind=yes).
- #dn =
- # Password for LDAP server, if dn is specified.
- #dnpass =
- # Use SASL binding instead of the simple binding. Note that this changes
- # ldap_version automatically to be 3 if it's lower.
- #sasl_bind = no
- # SASL mechanism name to use.
- #sasl_mech =
- # SASL realm to use.
- #sasl_realm =
- # SASL authorization ID, ie. the dnpass is for this "master user", but the
- # dn is still the logged in user. Normally you want to keep this empty.
- #sasl_authz_id =
- # Use TLS to connect to the LDAP server.
- #tls = no
- # TLS options, currently supported only with OpenLDAP:
- #tls_ca_cert_file =
- #tls_ca_cert_dir =
- #tls_cipher_suite =
- # TLS cert/key is used only if LDAP server requires a client certificate.
- #tls_cert_file =
- #tls_key_file =
- # Valid values: never, hard, demand, allow, try
- #tls_require_cert =
- # Use the given ldaprc path.
- #ldaprc_path =
- # LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h.
- # -1 = everything. You may need to recompile OpenLDAP with debugging enabled
- # to get enough output.
- debug_level = 0
- # Use authentication binding for verifying password's validity. This works by
- # logging into LDAP server using the username and password given by client.
- # The pass_filter is used to find the DN for the user. Note that the pass_attrs
- # is still used, only the password field is ignored in it. Before doing any
- # search, the binding is switched back to the default DN.
- auth_bind = no
- # If authentication binding is used, you can save one LDAP request per login
- # if users' DN can be specified with a common template. The template can use
- # the standard %variables (see user_filter). Note that you can't
- # use any pass_attrs if you use this setting.
- #
- # If you use this setting, it's a good idea to use a different
- # dovecot-ldap.conf.ext for userdb (it can even be a symlink, just as long as
- # the filename is different in userdb's args). That way one connection is used
- # only for LDAP binds and another connection is used for user lookups.
- # Otherwise the binding is changed to the default DN before each user lookup.
- #
- # For example:
- # auth_bind_userdn = cn=%u,ou=people,o=org
- #
- #auth_bind_userdn =
- # LDAP protocol version to use. Likely 2 or 3.
- ldap_version = 3
- # LDAP base. %variables can be used here.
- # For example: dc=mail, dc=example, dc=org
- base = ou=Users,dc=example,dc=com
- # Dereference: never, searching, finding, always
- deref = never
- # Search scope: base, onelevel, subtree
- scope = subtree
- # User attributes are given in LDAP-name=dovecot-internal-name list. The
- # internal names are:
- # uid - System UID
- # gid - System GID
- # home - Home directory
- # mail - Mail location
- #
- # There are also other special fields which can be returned, see
- # http://wiki2.dovecot.org/UserDatabase/ExtraFields
- user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
- # Filter for user lookup. Some variables can be used (see
- # http://wiki2.dovecot.org/Variables for full list):
- # %u - username
- # %n - user part in user@domain, same as %u if there's no domain
- # %d - domain part in user@domain, empty if user there's no domain
- user_filter = (&(objectClass=inetOrgPerson)(mail=%u))
- # Password checking attributes:
- # user: Virtual user name (user@domain), if you wish to change the
- # user-given username to something else
- # password: Password, may optionally start with {type}, eg. {crypt}
- # There are also other special fields which can be returned, see
- # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
- pass_attrs = mail=user,userPassword=password
- # If you wish to avoid two LDAP lookups (passdb + userdb), you can use
- # userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
- # also have to include user_attrs in pass_attrs field prefixed with "userdb_"
- # string. For example:
- #pass_attrs = uid=user,userPassword=password,
- # homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid
- # Filter for password lookups
- pass_filter = (&(objectClass=inetOrgPerson)(mail=%u))
- # Attributes and filter to get a list of all users
- #iterate_attrs = uid=user
- #iterate_filter = (objectClass=posixAccount)
- # Default password scheme. "{scheme}" before password overrides this.
- # List of supported schemes is in: http://wiki2.dovecot.org/Authentication
- default_pass_scheme = md5
- #default_process_limit = 100
- #default_client_limit = 1000
- # Default VSZ (virtual memory size) limit for service processes. This is mainly
- # intended to catch and kill processes that leak memory before they eat up
- # everything.
- #default_vsz_limit = 256M
- # Login user is internally used by login processes. This is the most untrusted
- # user in Dovecot system. It shouldn't have access to anything at all.
- #default_login_user = dovenull
- # Internal user is used by unprivileged processes. It should be separate from
- # login user, so that login processes can't disturb other processes.
- #default_internal_user = dovecot
- service imap-login {
- inet_listener imap {
- #port = 143
- }
- inet_listener imaps {
- #port = 993
- #ssl = yes
- }
- # Number of connections to handle before starting a new process. Typically
- # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
- # is faster. <doc/wiki/LoginProcess.txt>
- #service_count = 1
- # Number of processes to always keep waiting for more connections.
- #process_min_avail = 0
- # If you set service_count=0, you probably need to grow this.
- #vsz_limit = $default_vsz_limit
- }
- service pop3-login {
- inet_listener pop3 {
- #port = 110
- }
- inet_listener pop3s {
- #port = 995
- #ssl = yes
- }
- }
- service lmtp {
- unix_listener lmtp {
- #mode = 0666
- }
- # Create inet listener only if you can't use the above UNIX socket
- #inet_listener lmtp {
- # Avoid making LMTP visible for the entire internet
- #address =
- #port =
- #}
- }
- service imap {
- # Most of the memory goes to mmap()ing files. You may need to increase this
- # limit if you have huge mailboxes.
- #vsz_limit = $default_vsz_limit
- # Max. number of IMAP processes (connections)
- #process_limit = 1024
- }
- service pop3 {
- # Max. number of POP3 processes (connections)
- #process_limit = 1024
- }
- service auth {
- # auth_socket_path points to this userdb socket by default. It's typically
- # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
- # full permissions to this socket are able to get a list of all usernames and
- # get the results of everyone's userdb lookups.
- #
- # The default 0666 mode allows anyone to connect to the socket, but the
- # userdb lookups will succeed only if the userdb returns an "uid" field that
- # matches the caller process's UID. Also if caller's uid or gid matches the
- # socket's uid or gid the lookup succeeds. Anything else causes a failure.
- #
- # To give the caller full permissions to lookup all users, set the mode to
- # something else than 0666 and Dovecot lets the kernel enforce the
- # permissions (e.g. 0777 allows everyone full permissions).
- unix_listener auth-userdb {
- mode = 0666
- user = vmail
- group = vmail
- }
- # Postfix smtp-auth
- unix_listener /var/spool/postfix/private/auth {
- mode = 0660
- user = postfix
- group = postfix
- }
- # Auth process is run as this user.
- # user = $default_internal_user
- }
- service auth-worker {
- # Auth worker process is run as root by default, so that it can access
- # /etc/shadow. If this isn't necessary, the user should be changed to
- # $default_internal_user.
- #user = root
- }
- service dict {
- # If dict proxy is used, mail processes should have access to its socket.
- # For example: mode=0660, group=vmail and global mail_access_groups=vmail
- unix_listener dict {
- #mode = 0600
- #user =
- #group =
- }
- }
- ##
- ## Authentication processes
- ##
- # Disable LOGIN command and all other plaintext authentications unless
- # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
- # matches the local IP (ie. you're connecting from the same computer), the
- # connection is considered secure and plaintext authentication is allowed.
- # See also ssl=required setting.
- #disable_plaintext_auth = yes
- # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
- # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
- #auth_cache_size = 0
- # Time to live for cached data. After TTL expires the cached record is no
- # longer used, *except* if the main database lookup returns internal failure.
- # We also try to handle password changes automatically: If user's previous
- # authentication was successful, but this one wasn't, the cache isn't used.
- # For now this works only with plaintext authentication.
- #auth_cache_ttl = 1 hour
- # TTL for negative hits (user not found, password mismatch).
- # 0 disables caching them completely.
- #auth_cache_negative_ttl = 1 hour
- # Space separated list of realms for SASL authentication mechanisms that need
- # them. You can leave it empty if you don't want to support multiple realms.
- # Many clients simply use the first one listed here, so keep the default realm
- # first.
- #auth_realms =
- # Default realm/domain to use if none was specified. This is used for both
- # SASL realms and appending @domain to username in plaintext logins.
- #auth_default_realm =
- # List of allowed characters in username. If the user-given username contains
- # a character not listed in here, the login automatically fails. This is just
- # an extra check to make sure user can't exploit any potential quote escaping
- # vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
- # set this value to empty.
- #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
- # Username character translations before it's looked up from databases. The
- # value contains series of from -> to characters. For example "#@/@" means
- # that '#' and '/' characters are translated to '@'.
- #auth_username_translation =
- # Username formatting before it's looked up from databases. You can use
- # the standard variables here, eg. %Lu would lowercase the username, %n would
- # drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
- # "-AT-". This translation is done after auth_username_translation changes.
- #auth_username_format = %Lu
- # If you want to allow master users to log in by specifying the master
- # username within the normal username string (ie. not using SASL mechanism's
- # support for it), you can specify the separator character here. The format
- # is then <username><separator><master username>. UW-IMAP uses "*" as the
- # separator, so that could be a good choice.
- #auth_master_user_separator =
- # Username to use for users logging in with ANONYMOUS SASL mechanism
- #auth_anonymous_username = anonymous
- # Maximum number of dovecot-auth worker processes. They're used to execute
- # blocking passdb and userdb queries (eg. MySQL and PAM). They're
- # automatically created and destroyed as needed.
- #auth_worker_max_count = 30
- # Host name to use in GSSAPI principal names. The default is to use the
- # name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
- # entries.
- #auth_gssapi_hostname =
- # Kerberos keytab to use for the GSSAPI mechanism. Will use the system
- # default (usually /etc/krb5.keytab) if not specified. You may need to change
- # the auth service to run as root to be able to read this file.
- #auth_krb5_keytab =
- # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
- # ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
- #auth_use_winbind = no
- # Path for Samba's ntlm_auth helper binary.
- #auth_winbind_helper_path = /usr/bin/ntlm_auth
- # Time to delay before replying to failed authentications.
- #auth_failure_delay = 2 secs
- # Require a valid SSL client certificate or the authentication fails.
- #auth_ssl_require_client_cert = no
- # Take the username from client's SSL certificate, using
- # X509_NAME_get_text_by_NID() which returns the subject's DN's
- # CommonName.
- #auth_ssl_username_from_cert = no
- # Space separated list of wanted authentication mechanisms:
- # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
- # gss-spnego
- # NOTE: See also disable_plaintext_auth setting.
- auth_mechanisms = plain login
- ##
- ## Password and user databases
- ##
- #
- # Password database is used to verify user's password (and nothing more).
- # You can have multiple passdbs and userdbs. This is useful if you want to
- # allow both system users (/etc/passwd) and virtual users to login without
- # duplicating the system users into virtual database.
- #
- # <doc/wiki/PasswordDatabase.txt>
- #
- # User database specifies where mails are located and what user/group IDs
- # own them. For single-UID configuration use "static" userdb.
- #
- # <doc/wiki/UserDatabase.txt>
- #!include auth-deny.conf.ext
- #!include auth-master.conf.ext
- #!include auth-system.conf.ext
- #!include auth-sql.conf.ext
- !include auth-ldap.conf.ext
- #!include auth-passwdfile.conf.ext
- #!include auth-checkpassword.conf.ext
- #!include auth-vpopmail.conf.ext
- #!include auth-static.conf.ext
Add Comment
Please, Sign In to add comment