Documentation for maddy LDAP can be found here.
Maddy will automatically create an imap-acct if a new user connects via LDAP.
Replace dc=example,dc=com
with your LLDAP configured domain.
Depending on the mail client(s) the simple setup can work for you. However, if this does not work for you, follow the instructions in the Advanced Setup
section.
You only have to specify the dn template:
dn_template "cn={username},ou=people,dc=example,dc=com"
Example maddy configuration with LLDAP running in docker.
You can replace local_authdb
with another name if you want to use multiple auth backends.
If you only want to use one storage backend make sure to disable auth.pass_table local_authdb
in your config if it is still active.
auth.ldap local_authdb {
urls ldap://lldap:3890
dn_template "cn={username},ou=people,dc=example,dc=com"
starttls off
debug off
connect_timeout 1m
}
If the simple setup does not work for you, you can use a proper lookup.
If you have a service account in LLDAP with restricted rights (e.g. lldap_strict_readonly
), replace admin
with your LLDAP service account.
Replace admin_password
with the password of either the admin or service account.
bind plain "cn=admin,ou=people,dc=example,dc=com" "admin_password"
If you do not want to use plain auth check the maddy LDAP page for other options.
base_dn "dc=example,dc=com"
Depending on the mail client, maddy receives and sends either the username or the full E-Mail address as username (even if the username is not an E-Mail).
For the username use:
filter "(&(objectClass=person)(uid={username}))"
For mapping the username (as E-Mail):
filter "(&(objectClass=person)(mail={username}))"
For allowing both, username and username as E-Mail use:
filter "(&(|(uid={username})(mail={username}))(objectClass=person))"
Example maddy configuration with LLDAP running in docker.
You can replace local_authdb
with another name if you want to use multiple auth backends.
If you only want to use one storage backend make sure to disable auth.pass_table local_authdb
in your config if it is still active.
auth.ldap local_authdb {
urls ldap://lldap:3890
bind plain "cn=admin,ou=people,dc=example,dc=com" "admin_password"
base_dn "dc=example,dc=com"
filter "(&(|(uid={username})(mail={username}))(objectClass=person))"
starttls off
debug off
connect_timeout 1m
}