lldap/example_configs/maddy.md

# Configuration for Maddy Mail Server

Documentation for maddy LDAP can be found [here](https://maddy.email/reference/auth/ldap/).  
Maddy will automatically create an imap-acct if a new user connects via LDAP.  
Replace `dc=example,dc=com` with your LLDAP configured domain.


## Simple Setup
Depending on the mail client(s) the simple setup can work for you. However, if this does not work for you, follow the instructions in the `Advanced Setup` section.

### DN Template
You only have to specify the dn template:
```
dn_template "cn={username},ou=people,dc=example,dc=com"
```

### Config Example with Docker
Example maddy configuration with LLDAP running in docker.  
You can replace `local_authdb` with another name if you want to use multiple auth backends.  
If you only want to use one storage backend make sure to disable `auth.pass_table local_authdb` in your config if it is still active.
```
auth.ldap local_authdb {
    urls ldap://lldap:3890

    dn_template "cn={username},ou=people,dc=example,dc=com"

    starttls off
    debug off
    connect_timeout 1m
}
```


## Advanced Setup
If the simple setup does not work for you, you can use a proper lookup.

### Bind Credentials
If you have a service account in LLDAP with restricted rights (e.g. `lldap_strict_readonly`), replace `admin` with your LLDAP service account.  
Replace `admin_password` with the password of either the admin or service account.  
```
bind plain "cn=admin,ou=people,dc=example,dc=com" "admin_password"
```
If you do not want to use plain auth check the [maddy LDAP page](https://maddy.email/reference/auth/ldap/) for other options.

### Base DN
```
base_dn "dc=example,dc=com"
```

### Filter
Depending on the mail client, maddy receives and sends either the username or the full E-Mail address as username (even if the username is not an E-Mail).  
For the username use:
```
filter "(&(objectClass=person)(uid={username}))"
```
For mapping the username (as E-Mail):
```
filter "(&(objectClass=person)(mail={username}))"
```
For allowing both, username and username as E-Mail use:
```
filter "(&(|(uid={username})(mail={username}))(objectClass=person))"
```

### Config Example with Docker
Example maddy configuration with LLDAP running in docker.  
You can replace `local_authdb` with another name if you want to use multiple auth backends.  
If you only want to use one storage backend make sure to disable `auth.pass_table local_authdb` in your config if it is still active.
```
auth.ldap local_authdb {
    urls ldap://lldap:3890

    bind plain "cn=admin,ou=people,dc=example,dc=com" "admin_password"
    base_dn "dc=example,dc=com"
    filter "(&(|(uid={username})(mail={username}))(objectClass=person))"

    starttls off
    debug off
    connect_timeout 1m
}
```
Added maddy example config Updated README.md for Maddy i 2024-01-18 18:09:21 +00:00			`# Configuration for Maddy Mail Server`

			`Documentation for maddy LDAP can be found [here](https://maddy.email/reference/auth/ldap/).`
			`Maddy will automatically create an imap-acct if a new user connects via LDAP.`
			Replace `dc=example,dc=com` with your LLDAP configured domain.


			`## Simple Setup`
			Depending on the mail client(s) the simple setup can work for you. However, if this does not work for you, follow the instructions in the `Advanced Setup` section.

			`### DN Template`
			`You only have to specify the dn template:`
			```
			`dn_template "cn={username},ou=people,dc=example,dc=com"`
			```

			`### Config Example with Docker`
			`Example maddy configuration with LLDAP running in docker.`
			You can replace `local_authdb` with another name if you want to use multiple auth backends.
			If you only want to use one storage backend make sure to disable `auth.pass_table local_authdb` in your config if it is still active.
			```
			`auth.ldap local_authdb {`
			`urls ldap://lldap:3890`

			`dn_template "cn={username},ou=people,dc=example,dc=com"`

			`starttls off`
			`debug off`
			`connect_timeout 1m`
			`}`
			```


			`## Advanced Setup`
			`If the simple setup does not work for you, you can use a proper lookup.`

			`### Bind Credentials`
			If you have a service account in LLDAP with restricted rights (e.g. `lldap_strict_readonly`), replace `admin` with your LLDAP service account.
			Replace `admin_password` with the password of either the admin or service account.
			```
			`bind plain "cn=admin,ou=people,dc=example,dc=com" "admin_password"`
			```
			`If you do not want to use plain auth check the [maddy LDAP page](https://maddy.email/reference/auth/ldap/) for other options.`

			`### Base DN`
			```
			`base_dn "dc=example,dc=com"`
			```

			`### Filter`
			`Depending on the mail client, maddy receives and sends either the username or the full E-Mail address as username (even if the username is not an E-Mail).`
			`For the username use:`
			```
			`filter "(&(objectClass=person)(uid={username}))"`
			```
			`For mapping the username (as E-Mail):`
			```
			`filter "(&(objectClass=person)(mail={username}))"`
			```
			`For allowing both, username and username as E-Mail use:`
			```
			`filter "(&(\|(uid={username})(mail={username}))(objectClass=person))"`
			```

			`### Config Example with Docker`
			`Example maddy configuration with LLDAP running in docker.`
			You can replace `local_authdb` with another name if you want to use multiple auth backends.
			If you only want to use one storage backend make sure to disable `auth.pass_table local_authdb` in your config if it is still active.
			```
			`auth.ldap local_authdb {`
			`urls ldap://lldap:3890`

			`bind plain "cn=admin,ou=people,dc=example,dc=com" "admin_password"`
			`base_dn "dc=example,dc=com"`
			`filter "(&(\|(uid={username})(mail={username}))(objectClass=person))"`

			`starttls off`
			`debug off`
			`connect_timeout 1m`
			`}`
			```