# This file is opened as root, so it should be owned by root and mode 0600. # # http://wiki.dovecot.org/AuthDatabase/SQL # # For the sql passdb module, you'll need a database with a table that # contains fields for at least the userid and password. If you want to # use the user@domain syntax, you might want to have a separate domain # field as well. # # If your users all have the same uig/gid, and have predictable home # directories, you can use the static userdb module to generate the home # dir based on the userid and domain. In this case, you won't need fields # for home, uid, or gid in the database. # # If you prefer to use the sql userdb module, you'll want to add fields # for home, uid, and gid. Here is an example table: # # CREATE TABLE users ( # userid VARCHAR(128) NOT NULL, # password VARCHAR(64) NOT NULL, # home VARCHAR(255) NOT NULL, # uid INTEGER NOT NULL, # gid INTEGER NOT NULL, # active CHAR(1) DEFAULT 'Y' NOT NULL # ); # Database driver: mysql, pgsql, sqlite #driver = driver = mysql # Database connection string. This is driver-specific setting. # # pgsql: # For available options, see the PostgreSQL documention for the # PQconnectdb function of libpq. # # mysql: # Basic options emulate PostgreSQL option names: # host, port, user, password, dbname # # But also adds some new settings: # client_flags - See MySQL manual # ssl_ca, ssl_ca_path - Set either one or both to enable SSL # ssl_cert, ssl_key - For sending client-side certificates to server # ssl_cipher - Set minimum allowed cipher security (default: HIGH) # # You can connect to UNIX sockets by using host: host=/var/run/mysqld/mysqld.sock # Note that currently you can't use spaces in parameters. # # sqlite: # The path to the database file. # # Examples: # connect = host=192.168.1.1 dbname=users # connect = host=sql.example.com dbname=virtual user=virtual password=blarg # connect = /etc/dovecot/authdb.sqlite # #connect = dbname=virtual user=virtual connect = host=<%= scope.lookupvar('mail::virtual::database_host') %> dbname=<%= scope.lookupvar('mail::virtual::database_name') %> user=<%= scope.lookupvar('mail::virtual::database_user') %> password=<%= scope.lookupvar('mail::virtual::database_password') %> # Default password scheme. # # List of supported schemes is in # http://wiki.dovecot.org/Authentication/PasswordSchemes # #default_pass_scheme = PLAIN-MD5 default_pass_scheme = MD5-CRYPT # Query to retrieve the password. # # This query must return only one row with "user" and "password" columns. # The query can also return other fields which have a special meaning, see # http://wiki.dovecot.org/PasswordDatabase/ExtraFields # # The "user" column is needed to make sure the username gets used with exactly # the same casing as it's in the database. Note that if you store username and # domain in separate fields, you most likely want to return a combination of # them as the "user" column, otherwise the domain gets stripped. # # Commonly used available substitutions (see # http://wiki.dovecot.org/Variables for full list): # %u = entire userid # %n = user part of user@domain # %d = domain part of user@domain # # Note that these can be used only as input to SQL query. If the query outputs # any of these substitutions, they're not touched. Otherwise it would be # difficult to have eg. usernames containing '%' characters. # # Example: # password_query = SELECT concat(userid, '@', domain) AS user, password FROM users WHERE userid = '%n' AND domain = '%d' # password_query = SELECT pw AS password FROM users WHERE userid = '%u' AND active = 'Y' # #password_query = SELECT userid as user, password FROM users WHERE userid = '%u' password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1' # Query to retrieve the user information. # # The query must return only one row. Commonly returned columns are: # uid - System UID # gid - System GID # home - Home directory # mail - Mail location # # Either home or mail is required. uid and gid are required. If more than one # row is returned or there are missing fields, the login will fail. For a list # of all fields that can be returned, see # http://wiki.dovecot.org/UserDatabase/ExtraFields # # Examples # user_query = SELECT home, uid, gid FROM users WHERE userid = '%n' AND domain = '%d' # user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' # user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' # #user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' user_query = SELECT maildir, 5000 AS uid, 5000 AS gid FROM mailbox WHERE username = '%u' AND active='1' # If you wish to avoid two SQL lookups (passdb + userdb), you can use # userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll # also have to return userdb fields in password_query prefixed with "userdb_" # string. For example: #password_query = SELECT userid as user, password, home as userdb_home, uid as userdb_uid, gid as userdb_gid FROM users WHERE userid = '%u'