1 # This file is commonly accessed via passdb {} or userdb {} section in
2 # conf.d/auth-sql.conf.ext
4 # This file is opened as root, so it should be owned by root and mode 0600.
6 # http://wiki2.dovecot.org/AuthDatabase/SQL
8 # For the sql passdb module, you'll need a database with a table that
9 # contains fields for at least the username and password. If you want to
10 # use the user@domain syntax, you might want to have a separate domain
13 # If your users all have the same uig/gid, and have predictable home
14 # directories, you can use the static userdb module to generate the home
15 # dir based on the username and domain. In this case, you won't need fields
16 # for home, uid, or gid in the database.
18 # If you prefer to use the sql userdb module, you'll want to add fields
19 # for home, uid, and gid. Here is an example table:
21 # CREATE TABLE users (
22 # username VARCHAR(128) NOT NULL,
23 # domain VARCHAR(128) NOT NULL,
24 # password VARCHAR(64) NOT NULL,
25 # home VARCHAR(255) NOT NULL,
26 # uid INTEGER NOT NULL,
27 # gid INTEGER NOT NULL,
28 # active CHAR(1) DEFAULT 'Y' NOT NULL
31 # Database driver: mysql, pgsql, sqlite
34 # Database connection string. This is driver-specific setting.
36 # HA / round-robin load-balancing is supported by giving multiple host
37 # settings, like: host=sql1.host.org host=sql2.host.org
40 # For available options, see the PostgreSQL documention for the
41 # PQconnectdb function of libpq.
42 # Use maxconns=n (default 5) to change how many connections Dovecot can
46 # Basic options emulate PostgreSQL option names:
47 # host, port, user, password, dbname
49 # But also adds some new settings:
50 # client_flags - See MySQL manual
51 # connect_timeout - Connect timeout in seconds (default: 5)
52 # read_timeout - Read timeout in seconds (default: 30)
53 # write_timeout - Write timeout in seconds (default: 30)
54 # ssl_ca, ssl_ca_path - Set either one or both to enable SSL
55 # ssl_cert, ssl_key - For sending client-side certificates to server
56 # ssl_cipher - Set minimum allowed cipher security (default: HIGH)
57 # ssl_verify_server_cert - Verify that the name in the server SSL certificate
58 # matches the host (default: no)
59 # option_file - Read options from the given file instead of
60 # the default my.cnf location
61 # option_group - Read options from the given group (default: client)
63 # You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
64 # Note that currently you can't use spaces in parameters.
67 # The path to the database file.
70 # connect = host=192.168.1.1 dbname=users
71 # connect = host=sql.example.com dbname=virtual user=virtual password=blarg
72 # connect = /etc/dovecot/authdb.sqlite
76 # Default password scheme.
78 # List of supported schemes is in
79 # http://wiki2.dovecot.org/Authentication/PasswordSchemes
81 #default_pass_scheme = MD5
83 # passdb query to retrieve the password. It can return fields:
84 # password - The user's password. This field must be returned.
85 # user - user@domain from the database. Needed with case-insensitive lookups.
86 # username and domain - An alternative way to represent the "user" field.
88 # The "user" field is often necessary with case-insensitive lookups to avoid
89 # e.g. "name" and "nAme" logins creating two different mail directories. If
90 # your user and domain names are in separate fields, you can return "username"
91 # and "domain" fields instead of "user".
93 # The query can also return other fields which have a special meaning, see
94 # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
96 # Commonly used available substitutions (see http://wiki2.dovecot.org/Variables
98 # %u = entire user@domain
99 # %n = user part of user@domain
100 # %d = domain part of user@domain
102 # Note that these can be used only as input to SQL query. If the query outputs
103 # any of these substitutions, they're not touched. Otherwise it would be
104 # difficult to have eg. usernames containing '%' characters.
107 # password_query = SELECT userid AS user, pw AS password \
108 # FROM users WHERE userid = '%u' AND active = 'Y'
111 # SELECT username, domain, password \
112 # FROM users WHERE username = '%n' AND domain = '%d'
114 # userdb query to retrieve the user information. It can return fields:
115 # uid - System UID (overrides mail_uid setting)
116 # gid - System GID (overrides mail_gid setting)
117 # home - Home directory
118 # mail - Mail location (overrides mail_location setting)
120 # None of these are strictly required. If you use a single UID and GID, and
121 # home or mail directory fits to a template string, you could use userdb static
122 # instead. For a list of all fields that can be returned, see
123 # http://wiki2.dovecot.org/UserDatabase/ExtraFields
126 # user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
127 # user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
128 # user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
131 # SELECT home, uid, gid \
132 # FROM users WHERE username = '%n' AND domain = '%d'
134 # If you wish to avoid two SQL lookups (passdb + userdb), you can use
135 # userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
136 # also have to return userdb fields in password_query prefixed with "userdb_"
137 # string. For example:
139 # SELECT userid AS user, password, \
140 # home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
141 # FROM users WHERE userid = '%u'
143 # Query to get a list of all usernames.
144 #iterate_query = SELECT username AS user FROM users