This documentation is for Dovecot v1.x, see wiki2 for v2.x documentation.

Password database extra fields

The primary purpose of a password database lookup is to return the password for a given user. It may however also return other fields which are treated specially:

How to return these extra fields depends on the password database you use. See the password database pages on how to do it. Some passdbs however don't support returning them at all, such as PAM.

The password database may also return fields prefixed with userdb_. These fields are only saved and used later as if they came from the user database's extra fields. Typically this is done only when using prefetch userdb.

Note that boolean fields are true always if the field exists. So nodelay, nodelay=yes, nodelay=no and nodelay=0 all mean that the nodelay field is true. With SQL the field is considered to be non-existent if its value is NULL.




password_query = SELECT userid as user, password, 'Y' as proxy, host \
  FROM users WHERE userid = '%u'
# NOTE: Dovecot doesn't really support line splitting with '\' currently



format is <ldap attribute 1>=<dovecot field 1>,<ldap attribute 2>=<dovecot field 2>,...


Note about the "proxy" or "proxy_maybe" fields: these represent an existence test.

In LDAP, this translates to "will proxy (or proxy_maybe) if this attribute exists". This allows the proxy behaviour to be selectable per user. To have it "always" on, use a template, e.g.:



user:{plain}pass::::::proxy=y host=

PasswordDatabase/ExtraFields (last edited 2010-12-05 05:48:15 by TimoSirainen)