mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2025-08-04 01:55:29 +02:00
fix: Correctly support multiple Dovecot PassDBs (#3812)
* fix: Dovecot PassDB should restrict allowed auth mechanisms This prevents PassDBs incompatible with certain auth mechanisms from logging failures which accidentally triggers Fail2Ban. Instead only allow the PassDB to be authenticated against when it's compatible with the auth mechanism used. * tests: Use `curl` for OAuth2 login test-cases instead of netcat `curl` provides this capability for both IMAP and SMTP authentication with a bearer token. It supports both `XOAUTH2` and `OAUTHBEARER` mechanisms, as these updated test-cases demonstrate. * chore: Add entry to `CHANGELOG.md`
This commit is contained in:
parent
d40a17f7e0
commit
611a66bf98
8 changed files with 85 additions and 16 deletions
21
target/dovecot/auth-ldap.conf.ext
Normal file
21
target/dovecot/auth-ldap.conf.ext
Normal file
|
@ -0,0 +1,21 @@
|
|||
# NOTE: This is effectively the same default LDAP config shipped by Dovecot
|
||||
# The only difference is the addition of the passdb mechanisms field,
|
||||
# which restricts what auth mechanisms are supported / expected.
|
||||
# This prevents unnecessary auth failure logs triggering Fail2Ban when
|
||||
# additional passdb are enabled (OAuth2).
|
||||
|
||||
passdb {
|
||||
driver = ldap
|
||||
mechanism = plain login
|
||||
|
||||
# Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
|
||||
args = /etc/dovecot/dovecot-ldap.conf.ext
|
||||
}
|
||||
|
||||
userdb {
|
||||
driver = ldap
|
||||
args = /etc/dovecot/dovecot-ldap.conf.ext
|
||||
|
||||
# Default fields can be used to specify defaults that LDAP may override
|
||||
#default_fields = home=/home/virtual/%u
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue