1# This file is commonly accessed via passdb {} or userdb {} section in 2# conf.d/auth-sql.conf.ext 3 4# This file is opened as root, so it should be owned by root and mode 0600. 5# 6# http://wiki2.dovecot.org/AuthDatabase/SQL 7# 8# For the sql passdb module, you'll need a database with a table that 9# contains fields for at least the username and password. If you want to 10# use the user@domain syntax, you might want to have a separate domain 11# field as well. 12# 13# If your users all have the same uig/gid, and have predictable home 14# directories, you can use the static userdb module to generate the home 15# dir based on the username and domain. In this case, you won't need fields 16# for home, uid, or gid in the database. 17# 18# If you prefer to use the sql userdb module, you'll want to add fields 19# for home, uid, and gid. Here is an example table: 20# 21# CREATE TABLE users ( 22# username VARCHAR(128) NOT NULL, 23# domain VARCHAR(128) NOT NULL, 24# password VARCHAR(64) NOT NULL, 25# home VARCHAR(255) NOT NULL, 26# uid INTEGER NOT NULL, 27# gid INTEGER NOT NULL, 28# active CHAR(1) DEFAULT 'Y' NOT NULL 29# ); 30 31# Database driver: mysql, pgsql, sqlite 32#driver = 33 34# Database connection string. This is driver-specific setting. 35# 36# HA / round-robin load-balancing is supported by giving multiple host 37# settings, like: host=sql1.host.org host=sql2.host.org 38# 39# pgsql: 40# For available options, see the PostgreSQL documentation for the 41# PQconnectdb function of libpq. 42# Use maxconns=n (default 5) to change how many connections Dovecot can 43# create to pgsql. 44# 45# mysql: 46# Basic options emulate PostgreSQL option names: 47# host, port, user, password, dbname 48# 49# But also adds some new settings: 50# client_flags - See MySQL manual 51# connect_timeout - Connect timeout in seconds (default: 5) 52# read_timeout - Read timeout in seconds (default: 30) 53# write_timeout - Write timeout in seconds (default: 30) 54# ssl_ca, ssl_ca_path - Set either one or both to enable SSL 55# ssl_cert, ssl_key - For sending client-side certificates to server 56# ssl_cipher - Set minimum allowed cipher security (default: HIGH) 57# ssl_verify_server_cert - Verify that the name in the server SSL certificate 58# matches the host (default: no) 59# option_file - Read options from the given file instead of 60# the default my.cnf location 61# option_group - Read options from the given group (default: client) 62# 63# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock 64# Note that currently you can't use spaces in parameters. 65# 66# sqlite: 67# The path to the database file. 68# 69# Examples: 70# connect = host=192.168.1.1 dbname=users 71# connect = host=sql.example.com dbname=virtual user=virtual password=blarg 72# connect = /usr/local/etc/dovecot/authdb.sqlite 73# 74#connect = 75 76# Default password scheme. 77# 78# List of supported schemes is in 79# http://wiki2.dovecot.org/Authentication/PasswordSchemes 80# 81#default_pass_scheme = MD5 82 83# passdb query to retrieve the password. It can return fields: 84# password - The user's password. This field must be returned. 85# user - user@domain from the database. Needed with case-insensitive lookups. 86# username and domain - An alternative way to represent the "user" field. 87# 88# The "user" field is often necessary with case-insensitive lookups to avoid 89# e.g. "name" and "nAme" logins creating two different mail directories. If 90# your user and domain names are in separate fields, you can return "username" 91# and "domain" fields instead of "user". 92# 93# The query can also return other fields which have a special meaning, see 94# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields 95# 96# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables 97# for full list): 98# %u = entire user@domain 99# %n = user part of user@domain 100# %d = domain part of user@domain 101# 102# Note that these can be used only as input to SQL query. If the query outputs 103# any of these substitutions, they're not touched. Otherwise it would be 104# difficult to have eg. usernames containing '%' characters. 105# 106# Example: 107# password_query = SELECT userid AS user, pw AS password \ 108# FROM users WHERE userid = '%u' AND active = 'Y' 109# 110#password_query = \ 111# SELECT username, domain, password \ 112# FROM users WHERE username = '%n' AND domain = '%d' 113 114# userdb query to retrieve the user information. It can return fields: 115# uid - System UID (overrides mail_uid setting) 116# gid - System GID (overrides mail_gid setting) 117# home - Home directory 118# mail - Mail location (overrides mail_location setting) 119# 120# None of these are strictly required. If you use a single UID and GID, and 121# home or mail directory fits to a template string, you could use userdb static 122# instead. For a list of all fields that can be returned, see 123# http://wiki2.dovecot.org/UserDatabase/ExtraFields 124# 125# Examples: 126# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u' 127# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u' 128# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u' 129# 130#user_query = \ 131# SELECT home, uid, gid \ 132# FROM users WHERE username = '%n' AND domain = '%d' 133 134# If you wish to avoid two SQL lookups (passdb + userdb), you can use 135# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll 136# also have to return userdb fields in password_query prefixed with "userdb_" 137# string. For example: 138#password_query = \ 139# SELECT userid AS user, password, \ 140# home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \ 141# FROM users WHERE userid = '%u' 142 143# Query to get a list of all usernames. 144#iterate_query = SELECT username AS user FROM users 145