infra/ansible-role-dovecot
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use DN lookup instead of DN template for LDAP auth

Browse source 
In our setup users require a specific LDAP group to login. We enforce this
with an LDAP filter (user_filter). With DN template, authentication always
succeeds for these users, as Dovecot only performs an LDAP BIND request.
Successful auth followed by failed userdb lookup seems to trigger a bug in
Dovecot that causes the handler processes to stay around indefinitely and fill
up the process_limit. Using DN lookup with the LDAP filter set for both
user_filter and pass_filter should cause the authentication to fail for these
users and work around the bug.
This commit is contained in:
Julian Rother 2022-07-18 00:36:18 +02:00
parent 18ab8dc6b1
commit 5267a3d716
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
templates/dovecot-ldap.conf.ext.j2
View file

@ -25,7 +25,7 @@ tls_ca_cert_file = {{ dovecot.ldap.tls.ca }}
tls_require_cert = hard tls_require_cert = hard
auth_bind = yes auth_bind = yes
auth_bind_userdn = uid=%n,{{ dovecot.ldap.base }} pass_filter = {{ dovecot.ldap.filter }}
ldap_version = 3 ldap_version = 3
base = {{ dovecot.ldap.base }} base = {{ dovecot.ldap.base }}