mirrors
/
lldap
mirror of https://github.com/nitnelave/lldap.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
lldap/example_configs/maddy.md

2.7 KiB
Raw Permalink Blame History

Configuration for Maddy Mail Server

Documentation for maddy LDAP can be found here.
Maddy will automatically create an imap-acct if a new user connects via LDAP.
Replace dc=example,dc=com with your LLDAP configured domain.

Simple Setup

Depending on the mail client(s) the simple setup can work for you. However, if this does not work for you, follow the instructions in the Advanced Setup section.

DN Template

You only have to specify the dn template:

dn_template "cn={username},ou=people,dc=example,dc=com"

Config Example with Docker

Example maddy configuration with LLDAP running in docker.
You can replace local_authdb with another name if you want to use multiple auth backends.
If you only want to use one storage backend make sure to disable auth.pass_table local_authdb in your config if it is still active.

auth.ldap local_authdb {
    urls ldap://lldap:3890

    dn_template "cn={username},ou=people,dc=example,dc=com"

    starttls off
    debug off
    connect_timeout 1m
}

Advanced Setup

If the simple setup does not work for you, you can use a proper lookup.

Bind Credentials

If you have a service account in LLDAP with restricted rights (e.g. lldap_strict_readonly), replace admin with your LLDAP service account.
Replace admin_password with the password of either the admin or service account.

bind plain "cn=admin,ou=people,dc=example,dc=com" "admin_password"

If you do not want to use plain auth check the maddy LDAP page for other options.

Base DN

base_dn "dc=example,dc=com"

Filter

Depending on the mail client, maddy receives and sends either the username or the full E-Mail address as username (even if the username is not an E-Mail).
For the username use:

filter "(&(objectClass=person)(uid={username}))"

For mapping the username (as E-Mail):

filter "(&(objectClass=person)(mail={username}))"

For allowing both, username and username as E-Mail use:

filter "(&(|(uid={username})(mail={username}))(objectClass=person))"

Config Example with Docker

Example maddy configuration with LLDAP running in docker.
You can replace local_authdb with another name if you want to use multiple auth backends.
If you only want to use one storage backend make sure to disable auth.pass_table local_authdb in your config if it is still active.

auth.ldap local_authdb {
    urls ldap://lldap:3890

    bind plain "cn=admin,ou=people,dc=example,dc=com" "admin_password"
    base_dn "dc=example,dc=com"
    filter "(&(|(uid={username})(mail={username}))(objectClass=person))"

    starttls off
    debug off
    connect_timeout 1m
}