summaryrefslogtreecommitdiff
path: root/templates/dovecot/dovecot-sql.conf.erb
blob: 6f7b6603a0cbb9782a72767eefc86aa8617c2d76 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# This file is opened as root, so it should be owned by root and mode 0600.
#
# http://wiki.dovecot.org/AuthDatabase/SQL
#
# For the sql passdb module, you'll need a database with a table that
# contains fields for at least the userid and password. If you want to
# use the user@domain syntax, you might want to have a separate domain
# field as well.
#
# If your users all have the same uig/gid, and have predictable home
# directories, you can use the static userdb module to generate the home
# dir based on the userid and domain. In this case, you won't need fields
# for home, uid, or gid in the database.
#
# If you prefer to use the sql userdb module, you'll want to add fields
# for home, uid, and gid. Here is an example table:
#
# CREATE TABLE users (
#     userid VARCHAR(128) NOT NULL,
#     password VARCHAR(64) NOT NULL,
#     home VARCHAR(255) NOT NULL,
#     uid INTEGER NOT NULL,
#     gid INTEGER NOT NULL,
#     active CHAR(1) DEFAULT 'Y' NOT NULL
# );

# Database driver: mysql, pgsql, sqlite
#driver = 
driver = mysql

# Database connection string. This is driver-specific setting.
#
# pgsql:
#   For available options, see the PostgreSQL documention for the
#   PQconnectdb function of libpq.
#
# mysql:
#   Basic options emulate PostgreSQL option names:
#     host, port, user, password, dbname
#
#   But also adds some new settings:
#     client_flags        - See MySQL manual
#     ssl_ca, ssl_ca_path - Set either one or both to enable SSL
#     ssl_cert, ssl_key   - For sending client-side certificates to server
#     ssl_cipher          - Set minimum allowed cipher security (default: HIGH)
# 
#   You can connect to UNIX sockets by using host: host=/var/run/mysqld/mysqld.sock
#   Note that currently you can't use spaces in parameters.
#
# sqlite:
#   The path to the database file.
#
# Examples:
#   connect = host=192.168.1.1 dbname=users
#   connect = host=sql.example.com dbname=virtual user=virtual password=blarg
#   connect = /etc/dovecot/authdb.sqlite
#
#connect = dbname=virtual user=virtual
connect = host=<%= scope.lookupvar('mail::virtual::database_host') %> dbname=<%= scope.lookupvar('mail::virtual::database_name') %> user=<%= scope.lookupvar('mail::virtual::database_user') %> password=<%= scope.lookupvar('mail::virtual::database_password') %>

# Default password scheme.
#
# List of supported schemes is in
# http://wiki.dovecot.org/Authentication/PasswordSchemes
#
#default_pass_scheme = PLAIN-MD5
default_pass_scheme = MD5-CRYPT

# Query to retrieve the password.
#
# This query must return only one row with "user" and "password" columns.
# The query can also return other fields which have a special meaning, see
# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
#
# The "user" column is needed to make sure the username gets used with exactly
# the same casing as it's in the database. Note that if you store username and
# domain in separate fields, you most likely want to return a combination of
# them as the "user" column, otherwise the domain gets stripped.
#
# Commonly used available substitutions (see
# http://wiki.dovecot.org/Variables for full list):
#   %u = entire userid
#   %n = user part of user@domain
#   %d = domain part of user@domain
# 
# Note that these can be used only as input to SQL query. If the query outputs
# any of these substitutions, they're not touched. Otherwise it would be
# difficult to have eg. usernames containing '%' characters.
#
# Example:
#   password_query = SELECT concat(userid, '@', domain) AS user, password FROM users WHERE userid = '%n' AND domain = '%d'
#   password_query = SELECT pw AS password FROM users WHERE userid = '%u' AND active = 'Y'
#
#password_query = SELECT userid as user, password FROM users WHERE userid = '%u'
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'

# Query to retrieve the user information.
#
# The query must return only one row. Commonly returned columns are:
#   uid - System UID
#   gid - System GID
#   home - Home directory
#   mail - Mail location
#
# Either home or mail is required. uid and gid are required. If more than one
# row is returned or there are missing fields, the login will fail. For a list
# of all fields that can be returned, see 
# http://wiki.dovecot.org/UserDatabase/ExtraFields
#
# Examples
#   user_query = SELECT home, uid, gid FROM users WHERE userid = '%n' AND domain = '%d'
#   user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
#   user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
#
#user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
user_query = SELECT maildir, 5000 AS uid, 5000 AS gid FROM mailbox WHERE username = '%u' AND active='1'

# If you wish to avoid two SQL lookups (passdb + userdb), you can use
# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
# also have to return userdb fields in password_query prefixed with "userdb_"
# string. For example:
#password_query = SELECT userid as user, password, home as userdb_home, uid as userdb_uid, gid as userdb_gid FROM users WHERE userid = '%u'