dovecot: reintroduce LDAP bind auth for passdb
LDAP bind auth used to be enabled by default (and not configurable) before the dovecot 2.4 migration. I changed the default option value to match the old Dovecot 2.3 behavior. The use of authentication bind is required for LDAP servers that simply do not have such LDAP attribute like Kanidm, or in cases where the password scheme used is not supported by Dovecot.
This commit is contained in:
emilylange
+11
-3
@@ -483,13 +483,21 @@ in
|
||||
};
|
||||
|
||||
password = mkOption {
|
||||
type = types.str;
|
||||
default = "userPassword";
|
||||
example = "unix_password";
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "userPassword";
|
||||
description = ''
|
||||
The LDAP attribute referencing the account password used to login with.
|
||||
|
||||
The account passwords stored in LDAP must be hashed with a supported
|
||||
[Password Scheme] in order for Dovecot to understand them.
|
||||
|
||||
Typically the `userPassword` attribute which is part of the `inetOrgPerson` schema.
|
||||
|
||||
If `null`, [Authentication Binds] will be used instead.
|
||||
|
||||
[Password Scheme]: https://doc.dovecot.org/2.4.4/core/config/auth/schemes.html
|
||||
[Authentication Binds]: https://doc.dovecot.org/2.4.4/core/config/auth/databases/ldap.html#authentication-binds
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user