diff options
Diffstat (limited to 'ansible/roles/dovecot/files/dovecot/dovecot-sql.conf.ext')
-rw-r--r-- | ansible/roles/dovecot/files/dovecot/dovecot-sql.conf.ext | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/ansible/roles/dovecot/files/dovecot/dovecot-sql.conf.ext b/ansible/roles/dovecot/files/dovecot/dovecot-sql.conf.ext new file mode 100644 index 0000000..f248243 --- /dev/null +++ b/ansible/roles/dovecot/files/dovecot/dovecot-sql.conf.ext | |||
@@ -0,0 +1,150 @@ | |||
1 | # This file is commonly accessed via passdb {} or userdb {} section in | ||
2 | # conf.d/auth-sql.conf.ext | ||
3 | |||
4 | # This file is opened as root, so it should be owned by root and mode 0600. | ||
5 | # | ||
6 | # http://wiki2.dovecot.org/AuthDatabase/SQL | ||
7 | # | ||
8 | # For the sql passdb module, you'll need a database with a table that | ||
9 | # contains fields for at least the username and password. If you want to | ||
10 | # use the user@domain syntax, you might want to have a separate domain | ||
11 | # field as well. | ||
12 | # | ||
13 | # If your users all have the same uig/gid, and have predictable home | ||
14 | # directories, you can use the static userdb module to generate the home | ||
15 | # dir based on the username and domain. In this case, you won't need fields | ||
16 | # for home, uid, or gid in the database. | ||
17 | # | ||
18 | # If you prefer to use the sql userdb module, you'll want to add fields | ||
19 | # for home, uid, and gid. Here is an example table: | ||
20 | # | ||
21 | # CREATE TABLE users ( | ||
22 | # username VARCHAR(128) NOT NULL, | ||
23 | # domain VARCHAR(128) NOT NULL, | ||
24 | # password VARCHAR(64) NOT NULL, | ||
25 | # home VARCHAR(255) NOT NULL, | ||
26 | # uid INTEGER NOT NULL, | ||
27 | # gid INTEGER NOT NULL, | ||
28 | # active CHAR(1) DEFAULT 'Y' NOT NULL | ||
29 | # ); | ||
30 | |||
31 | # Database driver: mysql, pgsql, sqlite | ||
32 | driver = sqlite | ||
33 | |||
34 | # Database connection string. This is driver-specific setting. | ||
35 | # | ||
36 | # HA / round-robin load-balancing is supported by giving multiple host | ||
37 | # settings, like: host=sql1.host.org host=sql2.host.org | ||
38 | # | ||
39 | # pgsql: | ||
40 | # For available options, see the PostgreSQL documention for the | ||
41 | # PQconnectdb function of libpq. | ||
42 | # Use maxconns=n (default 5) to change how many connections Dovecot can | ||
43 | # create to pgsql. | ||
44 | # | ||
45 | # mysql: | ||
46 | # Basic options emulate PostgreSQL option names: | ||
47 | # host, port, user, password, dbname | ||
48 | # | ||
49 | # But also adds some new settings: | ||
50 | # client_flags - See MySQL manual | ||
51 | # connect_timeout - Connect timeout in seconds (default: 5) | ||
52 | # read_timeout - Read timeout in seconds (default: 30) | ||
53 | # write_timeout - Write timeout in seconds (default: 30) | ||
54 | # ssl_ca, ssl_ca_path - Set either one or both to enable SSL | ||
55 | # ssl_cert, ssl_key - For sending client-side certificates to server | ||
56 | # ssl_cipher - Set minimum allowed cipher security (default: HIGH) | ||
57 | # ssl_verify_server_cert - Verify that the name in the server SSL certificate | ||
58 | # matches the host (default: no) | ||
59 | # option_file - Read options from the given file instead of | ||
60 | # the default my.cnf location | ||
61 | # option_group - Read options from the given group (default: client) | ||
62 | # | ||
63 | # You can connect to UNIX sockets by using host: host=/var/run/mysql.sock | ||
64 | # Note that currently you can't use spaces in parameters. | ||
65 | # | ||
66 | # sqlite: | ||
67 | # The path to the database file. | ||
68 | # | ||
69 | # Examples: | ||
70 | # connect = host=192.168.1.1 dbname=users | ||
71 | # connect = host=sql.example.com dbname=virtual user=virtual password=blarg | ||
72 | # connect = /etc/dovecot/authdb.sqlite | ||
73 | # | ||
74 | connect = /etc/dovecot/authdb.sqlite | ||
75 | |||
76 | # Default password scheme. | ||
77 | # | ||
78 | # List of supported schemes is in | ||
79 | # http://wiki2.dovecot.org/Authentication/PasswordSchemes | ||
80 | # | ||
81 | #default_pass_scheme = SHA512-CRYPT | ||
82 | |||
83 | # passdb query to retrieve the password. It can return fields: | ||
84 | # password - The user's password. This field must be returned. | ||
85 | # user - user@domain from the database. Needed with case-insensitive lookups. | ||
86 | # username and domain - An alternative way to represent the "user" field. | ||
87 | # | ||
88 | # The "user" field is often necessary with case-insensitive lookups to avoid | ||
89 | # e.g. "name" and "nAme" logins creating two different mail directories. If | ||
90 | # your user and domain names are in separate fields, you can return "username" | ||
91 | # and "domain" fields instead of "user". | ||
92 | # | ||
93 | # The query can also return other fields which have a special meaning, see | ||
94 | # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields | ||
95 | # | ||
96 | # Commonly used available substitutions (see http://wiki2.dovecot.org/Variables | ||
97 | # for full list): | ||
98 | # %u = entire user@domain | ||
99 | # %n = user part of user@domain | ||
100 | # %d = domain part of user@domain | ||
101 | # | ||
102 | # Note that these can be used only as input to SQL query. If the query outputs | ||
103 | # any of these substitutions, they're not touched. Otherwise it would be | ||
104 | # difficult to have eg. usernames containing '%' characters. | ||
105 | # | ||
106 | # Example: | ||
107 | # password_query = SELECT userid AS user, pw AS password \ | ||
108 | # FROM users WHERE userid = '%u' AND active = 'Y' | ||
109 | # | ||
110 | password_query = \ | ||
111 | SELECT '%u' AS username, domain, password \ | ||
112 | FROM users WHERE userid = '%n' AND domain = '%d' | ||
113 | |||
114 | # You can update (or modify this a bit to insert) user passwords in a shell with: | ||
115 | # sqlite3 authdb.sqlite "update users set password='$(doveadm pw -s SHA512-CRYPT -r 1856250)' where userid='USERNAME' and domain = 'DOMAIN';" | ||
116 | |||
117 | |||
118 | # userdb query to retrieve the user information. It can return fields: | ||
119 | # uid - System UID (overrides mail_uid setting) | ||
120 | # gid - System GID (overrides mail_gid setting) | ||
121 | # home - Home directory | ||
122 | # mail - Mail location (overrides mail_location setting) | ||
123 | # | ||
124 | # None of these are strictly required. If you use a single UID and GID, and | ||
125 | # home or mail directory fits to a template string, you could use userdb static | ||
126 | # instead. For a list of all fields that can be returned, see | ||
127 | # http://wiki2.dovecot.org/UserDatabase/ExtraFields | ||
128 | # | ||
129 | # Examples: | ||
130 | # user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' | ||
131 | # user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' | ||
132 | # user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' | ||
133 | # | ||
134 | user_query = \ | ||
135 | SELECT "/var/mail/vhosts/" || '%d' || '/' || '%n' AS home, 145 as uid, 145 as gid | ||
136 | |||
137 | # If you wish to avoid two SQL lookups (passdb + userdb), you can use | ||
138 | # userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll | ||
139 | # also have to return userdb fields in password_query prefixed with "userdb_" | ||
140 | # string. For example: | ||
141 | password_query = \ | ||
142 | SELECT '%u' AS user, password, \ | ||
143 | "/var/mail/vhosts/" || '%d' || '/' || '%n' AS userdb_home, 145 AS userdb_uid, 145 AS userdb_gid \ | ||
144 | FROM users WHERE userid = '%n' AND domain = '%d' | ||
145 | |||
146 | # Query to get a list of all usernames. | ||
147 | # This iteration is used for things like globally purging zero refcount emails | ||
148 | # for all users, but to get all users, we have to iterate the user storage, | ||
149 | # hence this iterator query is required. | ||
150 | iterate_query = SELECT userid AS user FROM users | ||