aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ldap: make uid the default account name

Browse Source 
I fail to understand how mail became the uidAttribute way back when LDAP
support was introduced, but it was unintentional and clearly a mistake.

The uid attribute is the standard system login name per RFC4519 2.39 and
what we default to going forward.
This commit is contained in:
Martin Weinelt
2026-03-12 02:33:06 +01:00
parent a87d01ea79
commit 762f553643
4 changed files with 36 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
default.nix
+13 -5
View File
@@ -445,8 +445,11 @@ in
dovecot = {
userFilter = mkOption {
type = types.str;
default = "mail=%{user}";
example = "(&(objectClass=inetOrgPerson)(mail=%{user}))";
default = with cfg.ldap.attributes; "(|(${mail}=%{user})(${username}=%{user}))";
defaultText = literalExpression ''
with config.mailserver.ldap.attributes; "(|(''${mail}=%{user})(''${username}=%{user}))";
'';
example = "(|(mail=%{user})(uid=%{user}))";
description = ''
LDAP filter used for LMTP delivery from Postfix and post-login
information construction, like the home directory.
@@ -459,8 +462,13 @@ in
passFilter = mkOption {
type = types.nullOr types.str;
default = "mail=%{user}";
example = "(&(objectClass=inetOrgPerson)(mail=%{user}))";
default = with cfg.ldap.attributes; "${username}=%{user}";
defaultText = lib.literalExpression ''
with config.mailserver.ldap.attributes; "''${username}=%{user}";
'';
example =
with cfg.ldap.attributes;
"(&(memberOf=cn=mail_users,ou=groups,dc=example,dc=com)(${username}=%{user}))";
description = ''
LDAP filter used to restrict which users are eligible to
authenticate against Dovecot.
@@ -479,7 +487,7 @@ in
defaultText = lib.literalExpression ''
with config.mailserver.ldap.attributes; "''${mail}=%s";
'';
example = "(&(objectClass=inetOrgPerson)(mail=%s))";
example = "(mail=%s)";
description = ''
LDAP filter used to search for an account by mail, where `%s` is a
substitute for the address in question.