1##VERSION: $Id: 098f1a6ea09983825bf6156d57a871f5fcf27b35-20210515150130$ 2# 3# Copyright 2012 Double Precision, Inc. See COPYING for 4# distribution information. 5# 6# Do not alter lines that begin with ##, they are used when upgrading 7# this configuration. 8# 9# authsqliterc created from authsqliterc.dist by sysconftool 10# 11# Each line in this file must follow the following format: 12# 13# field[spaces|tabs]value 14# 15# That is, the name of the field, followed by spaces or tabs, followed by 16# field value. Trailing spaces are prohibited. 17 18 19##NAME: LOCATION:0 20# 21# The SQLite database. You must create this database beforehand, and create 22# the users table, as defined below. 23 24SQLITE_DATABASE /var/users.db 25 26##NAME: SQLITE_USER_TABLE:0 27# 28# Suggested format of the table specified by SQLITE_USER_TABLE: 29# 30# CREATE TABLE passwd ( 31# id text not null primary key, 32# crypt text, # Either... 33# clear text, # ... or 34# name text, 35# uid int, 36# gid int, 37# home text not null, 38# maildir text, 39# defaultdelivery text, 40# quota text, 41# options text); 42# 43# Use either crypt or clear, to specify whether cleartext or crypted passwords 44# get used (and define either SQLITE_CRYPT_PWFIELD or SQLITE_CLEAR_PWFIELD, 45# below, accordingly). 46 47SQLITE_USER_TABLE passwd 48 49##NAME: SQLITE_CRYPT_PWFIELD:0 50# 51# Either SQLITE_CRYPT_PWFIELD or SQLITE_CLEAR_PWFIELD must be defined. Both 52# are OK too. crypted passwords go into SQLITE_CRYPT_PWFIELD, cleartext 53# passwords go into SQLITE_CLEAR_PWFIELD. Cleartext passwords allow 54# CRAM-MD5 authentication to be implemented. 55 56SQLITE_CRYPT_PWFIELD crypt 57 58##NAME: SQLITE_CLEAR_PWFIELD:0 59# 60# 61# SQLITE_CLEAR_PWFIELD clear 62 63##NAME: SQLITE_DEFAULT_DOMAIN:0 64# 65# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user', 66# we will search for 'user@DEFAULT_DOMAIN' instead. 67# 68# 69# DEFAULT_DOMAIN example.com 70 71##NAME: SQLITE_UID_FIELD:0 72# 73# Other fields in the sqlite table: 74# 75# SQLITE_UID_FIELD - contains the numerical userid of the account 76# 77SQLITE_UID_FIELD uid 78 79##NAME: SQLITE_GID_FIELD:0 80# 81# Numerical groupid of the account 82 83SQLITE_GID_FIELD gid 84 85##NAME: SQLITE_LOGIN_FIELD:0 86# 87# The login id, default is id. Basically the query is: 88# 89# SELECT SQLITE_UID_FIELD, SQLITE_GID_FIELD, ... WHERE id='loginid' 90# 91 92SQLITE_LOGIN_FIELD id 93 94##NAME: SQLITE_HOME_FIELD:0 95# 96 97SQLITE_HOME_FIELD home 98 99##NAME: SQLITE_NAME_FIELD:0 100# 101# The user's name (optional) 102 103SQLITE_NAME_FIELD name 104 105##NAME: SQLITE_MAILDIR_FIELD:0 106# 107# This is an optional field, and can be used to specify an arbitrary 108# location of the maildir for the account, which normally defaults to 109# $HOME/Maildir (where $HOME is read from SQLITE_HOME_FIELD). 110# 111# You still need to provide a SQLITE_HOME_FIELD, even if you uncomment this 112# out. 113# 114# SQLITE_MAILDIR_FIELD maildir 115 116##NAME: SQLITE_DEFAULTDELIVERY:0 117# 118# Courier mail server only: optional field specifies custom mail delivery 119# instructions for this account (if defined) -- essentially overrides 120# DEFAULTDELIVERY from ${sysconfdir}/courierd 121# 122# SQLITE_DEFAULTDELIVERY defaultdelivery 123 124##NAME: SQLITE_QUOTA_FIELD:0 125# 126# Define SQLITE_QUOTA_FIELD to be the name of the field that can optionally 127# specify a maildir quota. See README.maildirquota for more information 128# 129# SQLITE_QUOTA_FIELD quota 130 131##NAME: SQLITE_AUXOPTIONS:0 132# 133# Auxiliary options. The SQLITE_AUXOPTIONS field should be a char field that 134# contains a single string consisting of comma-separated "ATTRIBUTE=NAME" 135# pairs. These names are additional attributes that define various per-account 136# "options", as given in INSTALL's description of the "Account OPTIONS" 137# setting. 138# 139# SQLITE_AUXOPTIONS_FIELD options 140# 141# You might want to try something like this, if you'd like to use a bunch 142# of individual fields, instead of a single text blob: 143# 144# SQLITE_AUXOPTIONS_FIELD "disableimap=" || disableimap || ",disablepop3=" || disablepop3 || ",disablewebmail=" || disablewebmail || ",sharedgroup=" || sharedgroup 145# 146# This will let you define fields called "disableimap", etc, with the end result 147# being something that the OPTIONS parser understands. 148 149 150##NAME: SQLITE_WHERE_CLAUSE:0 151# 152# This is optional, SQLITE_WHERE_CLAUSE can be basically set to an arbitrary 153# fixed string that is appended to the WHERE clause of our query 154# 155# SQLITE_WHERE_CLAUSE server='mailhost.example.com' 156 157##NAME: SQLITE_SELECT_CLAUSE:0 158# 159# This is optional, SQLITE_SELECT_CLAUSE can be set when you have a database, 160# which is structuraly different from the proposed layout. The fixed string will 161# be used to do a SELECT operation on database, which should return fields 162# in order specified bellow: 163# 164# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options 165# 166# The username field should include the domain (see example below). 167# 168# Enabling this option causes ignorance of any other field-related 169# options, excluding default domain. 170# 171# There are two variables, which you can use. Substitution will be made 172# for them, so you can put entered username (local part) and domain name 173# in the right place of your query. These variables are: 174# $(local_part), $(domain), $(service) 175# 176# If a $(domain) is empty (not given by the remote user) the default domain 177# name is used in its place. 178# 179# $(service) will expand out to the service being authenticated: imap, imaps, 180# pop3 or pop3s. Courier mail server only: service will also expand out to 181# "courier", when searching for local mail account's location. In this case, 182# if the "maildir" field is not empty it will be used in place of 183# DEFAULTDELIVERY. Courier mail server will also use esmtp when doing 184# authenticated ESMTP. 185# 186# For example: 187# 188# SQLITE_SELECT_CLAUSE SELECT popbox.local_part || '@' || popbox.domain_name,\ 189# '{MD5}' || popbox.password_hash), \ 190# popbox.clearpw, \ 191# domain.uid, \ 192# domain.gid, \ 193# domain.path || '/' || popbox.mbox_name, \ 194# '', \ 195# domain.quota, \ 196# '', \ 197# "disableimap=" || disableimap || ",disablepop3=" || \ 198# disablepop3 || ",disablewebmail=" || disablewebmail || \ 199# ",sharedgroup=" || sharedgroup \ 200# FROM popbox, domain \ 201# WHERE popbox.local_part = '$(local_part)' \ 202# AND popbox.domain_name = '$(domain)' \ 203# AND popbox.domain_name = domain.domain_name 204 205 206##NAME: SQLITE_ENUMERATE_CLAUSE:1 207# 208# Optional custom SQL query used to enumerate accounts for authenumerate, 209# in order to compile a list of accounts for shared folders. The query 210# should return the following fields: name, uid, gid, homedir, maildir, options 211# 212# Example: 213# SQLITE_ENUMERATE_CLAUSE SELECT popbox.local_part || '@' || popbox.domain_name, \ 214# domain.uid, \ 215# domain.gid, \ 216# domain.path || '/' || popbox.mbox_name, \ 217# '', \ 218# 'sharedgroup=' || sharedgroup \ 219# FROM popbox, domain \ 220# WHERE popbox.local_part = '$(local_part)' \ 221# AND popbox.domain_name = '$(domain)' \ 222# AND popbox.domain_name = domain.domain_name 223 224 225##NAME: SQLITE_CHPASS_CLAUSE:0 226# 227# This is optional, SQLITE_CHPASS_CLAUSE can be set when you have a database, 228# which is structuraly different from proposed. The fixed string will 229# be used to do an UPDATE operation on database. In other words, it is 230# used, when changing passwords. This is used by sqwebmail/Courier webmail. 231# 232# There are four variables, which you can use. Substitution will be made 233# for them, so you can put entered username (local part) and domain name 234# in the right place of your query. There variables are: 235# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt) 236# 237# If a $(domain) is empty (not given by the remote user) the default domain 238# name is used in its place. 239# $(newpass) contains plain password 240# $(newpass_crypt) contains its crypted form 241# 242# SQLITE_CHPASS_CLAUSE UPDATE popbox \ 243# SET clearpw='$(newpass)', \ 244# password_hash='$(newpass_crypt)' \ 245# WHERE local_part='$(local_part)' \ 246# AND domain_name='$(domain)' 247# 248 249##NAME: MARKER:0 250# 251# Do not remove this section from this configuration file. This section 252# must be present at the end of this file. 253