1 (edited by JCA 2025-08-25 21:12:28)

Topic: Dovecot LDAP multiple queries

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.7.4 OPENLDAP edition.
- Deployed with iRedMail Easy or the downloadable installer: downloadable installer
- Linux/BSD distribution name and version: Debian 12 (bookworm)
- Store mail accounts in which backend: LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro: No
====

Hello. I'm looking for clarification regarding multiple LDAP queries \ sub-queries in Dovecot user DB (version 2.3).
The doc says there is such a thing, but the rest is unclear (doc.dovecot.org/2.3/configuration_manual/authentication/ldap_userdb/#authentication-ldap-userdb)
I would like to use user's primary group name in home path when setting it in user_attrs.

Here is my current dovecot-ldap.conf:

iterate_attrs   = userPrincipalName=user
iterate_filter  = (&(userPrincipalName=*)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
 
user_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT
 
 
user_attrs = \
#  mail=master_user,mail=user, \
  =home=/var/vmail/vmail1/%{if;%{ldap:department};~;(^$)|[^a-zA-Z0-9\_-];%{user};%L{ldap:department}}, \ #Check if department field is set and not containing unsafe characters
  =mail=maildir:~/Maildir:INDEXPVT=~/Index/%{user},

I'm currently using user's department field, but I would really like to use name of user's primary group.
The problem is that a user has only primaryGroupID. Is it possible to use multiple queries or a sub-query to retrieve user's primaryGroupID and then retrieve the name of the group with this ID?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.