diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ccb244..88cda25 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ This file is used to list changes made in each version of `dovecot` cookbook. -## v2.2.0 (2015-07-23) +## v2.2.1 (2015-07-23) * Travis CI: Fix `test-kitchen` integration tests. diff --git a/Gemfile b/Gemfile index 09abf1b..3be409a 100644 --- a/Gemfile +++ b/Gemfile @@ -33,7 +33,7 @@ group :integration do end group :integration_docker do - gem 'kitchen-docker', '~> 2.1' + gem 'kitchen-docker', '~> 2.1.0' end group :integration_vagrant do diff --git a/README.md b/README.md index ceb362c..def9eeb 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ Description =========== [![Cookbook Version](https://img.shields.io/cookbook/v/dovecot.svg?style=flat)](https://supermarket.chef.io/cookbooks/dovecot) +[![GitHub Source](https://img.shields.io/badge/source-GitHub-blue.svg?style=flat)](https://github.com/onddo/dovecot-cookbook) [![Dependency Status](http://img.shields.io/gemnasium/onddo/dovecot-cookbook.svg?style=flat)](https://gemnasium.com/onddo/dovecot-cookbook) [![Code Climate](http://img.shields.io/codeclimate/github/onddo/dovecot-cookbook.svg?style=flat)](https://codeclimate.com/github/onddo/dovecot-cookbook) [![Build Status](http://img.shields.io/travis/onddo/dovecot-cookbook/2.2.1.svg?style=flat)](https://travis-ci.org/onddo/dovecot-cookbook) @@ -87,868 +88,204 @@ Attributes To see a more complete description of the attributes, go to the [Dovecot wiki2 configuration section](http://wiki2.dovecot.org/#Dovecot_configuration) or read the comments in the templates and generated configuration files. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['install_from']Determines how Dovecot is installed from. Only "package" is supported for now."package"
node['dovecot']['user']Dovecot system user. Should no be changed."dovecot"
node['dovecot']['group']Dovecot system group. Should no be changed."dovecot"
node['dovecot']['lib_path']Dovecot library path. Should no be changed.calculated
node['dovecot']['conf_path']Dovecot configuration files path. Should no be changed."/etc/dovecot"
node['dovecot']['conf_files_user']System user owner of configuration files."root"
node['dovecot']['conf_files_group']System group owner of configuration files.node["dovecot"]["group"]
node['dovecot']['conf_files_mode']Configuration files system file mode bits.00644
node['dovecot']['sensitive_files']An array of dovecot sensitive configuration files. Each array item can be a glob expression or a fixed file name. These file names should be relative to node["dovecot"]["conf_path"] directory. Example: [ "dovecot-sql.conf.ext", "*-auth.conf.ext", "conf.d/auth-supersecret.conf.ext" ][ "*.conf.ext" ]
node['dovecot']['sensitive_files_mode']Configuration files system file mode bits for sensitve files.00640
node['dovecot']['conf_files']['core']Dovecot core configuration files list.[
-   "conf.d/10-auth.conf",
-   "conf.d/10-director.conf",
-   "conf.d/10-logging.conf",
-   "conf.d/10-mail.conf",
-   "conf.d/10-master.conf",
-   "conf.d/10-ssl.conf",
-   "conf.d/10-tcpwrapper.conf",
-   "conf.d/15-lda.conf",
-   "conf.d/15-mailboxes.conf",
-   "conf.d/90-acl.conf",
-   "conf.d/90-plugin.conf",
-   "conf.d/90-quota.conf",
-   "conf.d/auth-checkpassword.conf.ext",
-   "conf.d/auth-deny.conf.ext",
-   "conf.d/auth-master.conf.ext",
-   "conf.d/auth-passwdfile.conf.ext",
-   "conf.d/auth-sql.conf.ext",
-   "conf.d/auth-static.conf.ext",
-   "conf.d/auth-system.conf.ext",
-   "conf.d/auth-vpopmail.conf.ext",
-   "dovecot.conf",
-   "dovecot-db.conf.ext",
-   "dovecot-dict-sql.conf.ext",
-   "dovecot-sql.conf.ext"
- ]
node['dovecot']['conf_files']['imap']Dovecot IMAP configuration files list.["conf.d/20-imap.conf"]
node['dovecot']['conf_files']['pop3']Dovecot POP3 configuration files list.["conf.d/20-pop3.conf"]
node['dovecot']['conf_files']['lmtp']Dovecot LMTP configuration files list.["conf.d/20-lmtp.conf"]
node['dovecot']['conf_files']['sieve']Dovecot Sieve configuration files list.[
-   "conf.d/20-managesieve.conf",
-   "conf.d/90-sieve.conf"
- ]
node['dovecot']['conf_files']['ldap']Dovecot LDAP configuration files list.[
-   "dovecot-ldap.conf.ext",
-   "conf.d/auth-ldap.conf.ext"
- ]
node['dovecot']['auth']Dovecot Authentication Databases as a hash of hashes (see the examples below). Supported authdbs: checkpassword, deny, ldap, master, passwdfile, sql, system and vpopmail.{}
node['dovecot']['namespaces']Dovecot Namespaces as an array of hashes (see the example below).[]
node['dovecot']['plugins']Dovecot Plugins configuration as a hash of hashes (see the examples below). Supported plugins: mail_log, acl and quota.{
-   "sieve" => {
-     "sieve" => "~/.dovecot.sieve",
-     "sieve_dir" => "~/sieve",
-   }
- }
node['dovecot']['protocols']Dovecot Protocols configuration as a hash of hashes (see the example below). Supported protocols: lda, imap, lmtp, sieve and pop3.{}
node['dovecot']['services']Dovecot Services configuration as a hash of hashes (see the examples below). Supported services: anvil, director, imap-login, pop3-login, lmtp, imap, pop3, auth, auth-worker, dict, tcpwrap, managesieve-login and managesieve.{}
node['dovecot']['conf']['mail_plugins']Dovecot default enabled mail_plugins.[]
node['dovecot']['ohai_plugin']['build-options']Whether to enable reading build options inside ohai plugin. Can be disabled to be lighter.true
+| Attribute | Default | Description | +|:--------------------------------------------------|:---------------------------|:-------------------------------| +| `node['dovecot']['install_from']` | `'package'` | Determines how Dovecot is installed from. Only `'package'` is supported for now. +| `node['dovecot']['user']` | `'dovecot'` | Dovecot system user. Should no be changed. +| `node['dovecot']['group']` | `'dovecot'` | Dovecot system group. Should no be changed. +| `node['dovecot']['lib_path']` | *calculated* | Dovecot library path. Should no be changed. +| `node['dovecot']['conf_path']` | `'/etc/dovecot'` | Dovecot configuration files path. Should no be changed. +| `node['dovecot']['conf_files_user']` | `'root'` | System user owner of configuration files. +| `node['dovecot']['conf_files_group']` | `node['dovecot']['group']` | System group owner of configuration files. +| `node['dovecot']['conf_files_mode']` | `00644` | Configuration files system file mode bits. +| `node['dovecot']['sensitive_files']` | `['*.conf.ext']` | An array of dovecot sensitive configuration files. Each array item can be a glob expression or a fixed file name. These file names should be relative to `node['dovecot']['conf_path']` directory. Example: `['dovecot-sql.conf.ext', '*-auth.conf.ext', 'conf.d/auth-supersecret.conf.ext']` +| `node['dovecot']['sensitive_files_mode']` | `00640` | Configuration files system file mode bits for sensitve files. +| `node['dovecot']['conf_files']['core']` | *calculated* | Dovecot core configuration files list. +| `node['dovecot']['conf_files']['imap']` | `['conf.d/20-imap.conf']` | Dovecot IMAP configuration files list. +| `node['dovecot']['conf_files']['pop3']` | `['conf.d/20-pop3.conf']` | Dovecot POP3 configuration files list. +| `node['dovecot']['conf_files']['lmtp']` | `['conf.d/20-lmtp.conf']` | Dovecot LMTP configuration files list. +| `node['dovecot']['conf_files']['sieve']` | *calculated* | Dovecot Sieve configuration files list. +| `node['dovecot']['conf_files']['ldap']` | *calculated* | Dovecot LDAP configuration files list. +| `node['dovecot']['auth']` | `{}` | Dovecot Authentication Databases as a hash of hashes ([see the examples below](#authentication-database-examples)). Supported authdbs: checkpassword, deny, ldap, master, passwdfile, sql, system and vpopmail. +| `node['dovecot']['namespaces']` | `[]` | Dovecot Namespaces as an array of hashes ([see the example below](#namespaces-example)). +| `node['dovecot']['plugins']` | *calculated* | Dovecot Plugins configuration as a hash of hashes ([see the examples below](#plugins-examples)). Supported plugins: mail_log, acl and quota. +| `node['dovecot']['protocols']` | `{}` | Dovecot Protocols configuration as a hash of hashes ([see the example below](#protocols-example)). Supported protocols: lda, imap, lmtp, sieve and pop3. +| `node['dovecot']['services']` | `{}` | Dovecot Services configuration as a hash of hashes ([see the examples below](#service-examples)). Supported services: anvil, director, imap-login, pop3-login, lmtp, imap, pop3, auth, auth-worker, dict, tcpwrap, managesieve-login and managesieve. +| `node['dovecot']['conf']['mail_plugins']` | `[]` | Dovecot default enabled mail_plugins. +| `node['dovecot']['ohai_plugin']['build-options']` | `true` | Whether to enable reading build options inside ohai plugin. Can be disabled to be lighter. ## Main Configuration Attributes * Configuration file: `dovecot.conf`. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['conf']['listen']A comma separated list of IPs or hosts where to listen in for connections.nil
node['dovecot']['conf']['base_dir']Base directory where to store runtime data.nil
node['dovecot']['conf']['instance_name']Name of this instance. Used to prefix all Dovecot processes in ps output.nil
node['dovecot']['conf']['login_greeting']Greeting message for clients.nil
node['dovecot']['conf']['login_trusted_networks']Space separated list of trusted network ranges.nil
node['dovecot']['conf']['login_access_sockets']Space separated list of login access check sockets.nil
node['dovecot']['conf']['auth_proxy_self']With proxy_maybe=yes if proxy destination matches any of these IPs, don't do proxying.nil
node['dovecot']['conf']['verbose_proctitle']Show more verbose process titles (in ps).nil
node['dovecot']['conf']['shutdown_clients']Should all processes be killed when Dovecot master process shuts down.nil
node['dovecot']['conf']['doveadm_worker_count']If non-zero, run mail commands via this many connections to doveadm server.nil
node['dovecot']['conf']['doveadm_socket_path']UNIX socket or host:port used for connecting to doveadm server.nil
node['dovecot']['conf']['import_environment']Space separated list of environment variables that are preserved on Dovecot startup and his childs.nil
node['dovecot']['conf']['dict']Dictionary server settings as a hash.nil
+| Attribute | Default | Description | +|:----------------------------------------------------|:--------|:-------------------------------| +| `node['dovecot']['conf']['listen']` | *nil* | A comma separated list of IPs or hosts where to listen in for connections. +| `node['dovecot']['conf']['base_dir']` | *nil* | Base directory where to store runtime data. +| `node['dovecot']['conf']['instance_name']` | *nil* | Name of this instance. Used to prefix all Dovecot processes in ps output. +| `node['dovecot']['conf']['login_greeting']` | *nil* | Greeting message for clients. +| `node['dovecot']['conf']['login_trusted_networks']` | *nil* | Space separated list of trusted network ranges. +| `node['dovecot']['conf']['login_access_sockets']` | *nil* | Space separated list of login access check sockets. +| `node['dovecot']['conf']['auth_proxy_self']` | *nil* | With proxy_maybe=yes if proxy destination matches any of these IPs, don't do proxying. +| `node['dovecot']['conf']['verbose_proctitle']` | *nil* | Show more verbose process titles (in ps). +| `node['dovecot']['conf']['shutdown_clients']` | *nil* | Should all processes be killed when Dovecot master process shuts down. +| `node['dovecot']['conf']['doveadm_worker_count']` | *nil* | If non-zero, run mail commands via this many connections to doveadm server. +| `node['dovecot']['conf']['doveadm_socket_path']` | *nil* | UNIX socket or host:port used for connecting to doveadm server. +| `node['dovecot']['conf']['import_environment']` | *nil* | Space separated list of environment variables that are preserved on Dovecot startup and his childs. +| `node['dovecot']['conf']['dict']` | *nil* | Dictionary server settings as a hash. ## Authentication Processes Attributes * Configuration file: `conf.d/10-auth.conf`. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['conf']['disable_plaintext_auth']Disable LOGIN command and all other plaintext authentications unless SSL/TLS is used.nil
node['dovecot']['conf']['auth_cache_size']Authentication cache size (e.g. 10M). 0 means it's disabled.nil
node['dovecot']['conf']['auth_cache_ttl']Time to live for cached data.nil
node['dovecot']['conf']['auth_cache_negative_ttl']TTL for negative hits (user not found, password mismatch).nil
node['dovecot']['conf']['auth_realms']Space separated list (or array) of realms for SASL authentication mechanisms that need them.nil
node['dovecot']['conf']['auth_default_realm']Default realm/domain to use if none was specified.nil
node['dovecot']['conf']['auth_username_chars']List of allowed characters in username.nil
node['dovecot']['conf']['auth_username_translation']Username character translations before it's looked up from databases.nil
node['dovecot']['conf']['auth_username_format']Username formatting before it's looked up from databases.nil
node['dovecot']['conf']['auth_master_user_separator']If you want to allow master users to log in by specifying the master username within the normal username string, you can specify the separator character here (format: ).nil
node['dovecot']['conf']['auth_anonymous_username']Username to use for users logging in with ANONYMOUS SASL mechanism.nil
node['dovecot']['conf']['auth_worker_max_count']Maximum number of dovecot-auth worker processes.nil
node['dovecot']['conf']['auth_gssapi_hostname']Host name to use in GSSAPI principal names.nil
node['dovecot']['conf']['auth_krb5_keytab']Kerberos keytab to use for the GSSAPI mechanism.nil
node['dovecot']['conf']['auth_use_winbind']Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and ntlm_auth helper.nil
node['dovecot']['conf']['auth_winbind_helper_path']Path for Samba's ntlm_auth helper binary.nil
node['dovecot']['conf']['auth_failure_delay']Time to delay before replying to failed authentications.nil
node['dovecot']['conf']['auth_ssl_require_client_cert']Take the username from client's SSL certificate, using X509_NAME_get_text_by_NID() which returns the subject's DN's CommonName.nil
node['dovecot']['conf']['auth_mechanisms']Space separated list of wanted authentication mechanisms: plain, login, digest-md5, cram-md5, ntlm, rpa, apop, anonymous, gssapi, otp, skey, gss-spnego"plain"
+| Attribute | Default | Description | +|:----------------------------------------------------------|:----------|:-------------------------------| +| `node['dovecot']['conf']['disable_plaintext_auth']` | *nil* | Disable LOGIN command and all other plaintext authentications unless SSL/TLS is used. +| `node['dovecot']['conf']['auth_cache_size']` | *nil* | Authentication cache size (e.g. 10M). 0 means it's disabled. +| `node['dovecot']['conf']['auth_cache_ttl']` | *nil* | Time to live for cached data. +| `node['dovecot']['conf']['auth_cache_negative_ttl']` | *nil* | TTL for negative hits (user not found, password mismatch). +| `node['dovecot']['conf']['auth_realms']` | *nil* | Space separated list (or array) of realms for SASL authentication mechanisms that need them. +| `node['dovecot']['conf']['auth_default_realm']` | *nil* | Default realm/domain to use if none was specified. +| `node['dovecot']['conf']['auth_username_chars']` | *nil* | List of allowed characters in username. +| `node['dovecot']['conf']['auth_username_translation']` | *nil* | Username character translations before it's looked up from databases. +| `node['dovecot']['conf']['auth_username_format']` | *nil* | Username formatting before it's looked up from databases. +| `node['dovecot']['conf']['auth_master_user_separator']` | *nil* | If you want to allow master users to log in by specifying the master username within the normal username string, you can specify the separator character here (format: ). +| `node['dovecot']['conf']['auth_anonymous_username']` | *nil* | Username to use for users logging in with ANONYMOUS SASL mechanism. +| `node['dovecot']['conf']['auth_worker_max_count']` | *nil* | Maximum number of dovecot-auth worker processes. +| `node['dovecot']['conf']['auth_gssapi_hostname']` | *nil* | Host name to use in GSSAPI principal names. +| `node['dovecot']['conf']['auth_krb5_keytab']` | *nil* | Kerberos keytab to use for the GSSAPI mechanism. +| `node['dovecot']['conf']['auth_use_winbind']` | *nil* | Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and ntlm_auth helper. +| `node['dovecot']['conf']['auth_winbind_helper_path']` | *nil* | Path for Samba's ntlm_auth helper binary. +| `node['dovecot']['conf']['auth_failure_delay']` | *nil* | Time to delay before replying to failed authentications. +| `node['dovecot']['conf']['auth_ssl_require_client_cert']` | *nil* | Take the username from client's SSL certificate, using X509_NAME_get_text_by_NID() which returns the subject's DN's CommonName. +| `node['dovecot']['conf']['auth_mechanisms']` | `'plain'` | Space separated list of wanted authentication mechanisms: plain, login, digest-md5, cram-md5, ntlm, rpa, apop, anonymous, gssapi, otp, skey, gss-spnego ## Director-specific Attributes * Configuration file: `conf.d/10-director.conf`. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['conf']['director_servers']List of IPs or hostnames to all director servers, including ourself (as a string or as an array).nil
node['dovecot']['conf']['director_mail_servers']List of IPs or hostnames to all backend mail servers.nil
node['dovecot']['conf']['director_user_expire']How long to redirect users to a specific server after it no longer has any connections.nil
node['dovecot']['conf']['director_doveadm_port']TCP/IP port that accepts doveadm connections (instead of director connections).nil
node['dovecot']['conf']['director_username_hash']How the username is translated before being hashed.nil
+| Attribute | Default | Description | +|:----------------------------------------------------|:--------|:-------------------------------| +| `node['dovecot']['conf']['director_servers']` | *nil* | List of IPs or hostnames to all director servers, including ourself (as a string or as an array). +| `node['dovecot']['conf']['director_mail_servers']` | *nil* | List of IPs or hostnames to all backend mail servers. +| `node['dovecot']['conf']['director_user_expire']` | *nil* | How long to redirect users to a specific server after it no longer has any connections. +| `node['dovecot']['conf']['director_doveadm_port']` | *nil* | TCP/IP port that accepts doveadm connections (instead of director connections). +| `node['dovecot']['conf']['director_username_hash']` | *nil* | How the username is translated before being hashed. ## Log Destination Attributes * Configuration file: `conf.d/10-logging.conf`. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['conf']['log_path']Log file to use for error messages. "syslog" logs to syslog, /dev/stderr logs to stderr.nil
node['dovecot']['conf']['info_log_path']Log file to use for informational messages. Defaults to log_path.nil
node['dovecot']['conf']['debug_log_path']Log file to use for debug messages. Defaults to info_log_path.nil
node['dovecot']['conf']['syslog_facility']Syslog facility to use if you're logging to syslog.nil
node['dovecot']['conf']['auth_verbose']Log unsuccessful authentication attempts and the reasons why they failed.nil
node['dovecot']['conf']['auth_verbose_passwords']In case of password mismatches, log the attempted password.nil
node['dovecot']['conf']['auth_debug']Even more verbose logging for debugging purposes.nil
node['dovecot']['conf']['auth_debug_passwords']In case of password mismatches, log the passwords and used scheme so the problem can be debugged.nil
node['dovecot']['conf']['mail_debug']Enable mail process debugging.nil
node['dovecot']['conf']['verbose_ssl']Show protocol level SSL errors.nil
node['dovecot']['conf']['log_timestamp']Prefix for each line written to log file.nil
node['dovecot']['conf']['login_log_format_elements']Space-separated list (or array) of elements we want to log.nil
node['dovecot']['conf']['login_log_format']Login log format.nil
node['dovecot']['conf']['mail_log_prefix']Log prefix for mail processes.nil
node['dovecot']['conf']['deliver_log_format']Format to use for logging mail deliveries.nil
+| Attribute | Default | Description | +|:-------------------------------------------------------|:--------|:-------------------------------| +| `node['dovecot']['conf']['log_path']` | *nil* | Log file to use for error messages. "syslog" logs to syslog, /dev/stderr logs to stderr. +| `node['dovecot']['conf']['info_log_path']` | *nil* | Log file to use for informational messages. Defaults to log_path. +| `node['dovecot']['conf']['debug_log_path']` | *nil* | Log file to use for debug messages. Defaults to info_log_path. +| `node['dovecot']['conf']['syslog_facility']` | *nil* | Syslog facility to use if you're logging to syslog. +| `node['dovecot']['conf']['auth_verbose']` | *nil* | Log unsuccessful authentication attempts and the reasons why they failed. +| `node['dovecot']['conf']['auth_verbose_passwords']` | *nil* | In case of password mismatches, log the attempted password. +| `node['dovecot']['conf']['auth_debug']` | *nil* | Even more verbose logging for debugging purposes. +| `node['dovecot']['conf']['auth_debug_passwords']` | *nil* | In case of password mismatches, log the passwords and used scheme so the problem can be debugged. +| `node['dovecot']['conf']['mail_debug']` | *nil* | Enable mail process debugging. +| `node['dovecot']['conf']['verbose_ssl']` | *nil* | Show protocol level SSL errors. +| `node['dovecot']['conf']['log_timestamp']` | *nil* | Prefix for each line written to log file. +| `node['dovecot']['conf']['login_log_format_elements']` | *nil* | Space-separated list (or array) of elements we want to log. +| `node['dovecot']['conf']['login_log_format']` | *nil* | Login log format. +| `node['dovecot']['conf']['mail_log_prefix']` | *nil* | Log prefix for mail processes. +| `node['dovecot']['conf']['deliver_log_format']` | *nil* | Format to use for logging mail deliveries. ## Mailbox Locations and Namespaces Attributes * Configuration file: `conf.d/10-mail.conf`. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['conf']['mail_location']Location for user's mailboxes.nil
node['dovecot']['conf']['mail_shared_explicit_inbox']Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"?nil
node['dovecot']['conf']['mail_uid']System user used to access mails.nil
node['dovecot']['conf']['mail_gid']System group used to access mails.nil
node['dovecot']['conf']['mail_privileged_group']Group to enable temporarily for privileged operations.nil
node['dovecot']['conf']['mail_access_groups']Grant access to these supplementary groups for mail processes.nil
node['dovecot']['conf']['mail_full_filesystem_access']Allow full filesystem access to clients.nil
node['dovecot']['conf']['mail_attribute_dict']Dictionary for key=value mailbox attributes. Currently used by URLAUTH.nil
node['dovecot']['conf']['mmap_disable']Don't use mmap() at all.nil
node['dovecot']['conf']['dotlock_use_excl']Rely on O_EXCL to work when creating dotlock files.nil
node['dovecot']['conf']['mail_fsync']When to use fsync() or fdatasync() calls: optimized, always or nevernil
node['dovecot']['conf']['mail_nfs_storage']Mail storage exists in NFS.nil
node['dovecot']['conf']['mail_nfs_index']Mail index files also exist in NFS.nil
node['dovecot']['conf']['lock_method']Locking method for index files: fcntl, flock or dotlock.nil
node['dovecot']['conf']['mail_temp_dir']Directory in which LDA/LMTP temporarily stores incoming mails >128 kB.nil
node['dovecot']['conf']['first_valid_uid']Valid UID range for users, defaults to 500 and above.nil
node['dovecot']['conf']['last_valid_uid']Valid UID range for users, defaults to 500 and above.nil
node['dovecot']['conf']['first_valid_gid']Valid GID range for users, defaults to non-root/wheel.nil
node['dovecot']['conf']['last_valid_gid']Valid GID range for users, defaults to non-root/wheel.nil
node['dovecot']['conf']['mail_max_keyword_length']Maximum allowed length for mail keyword name.nil
node['dovecot']['conf']['valid_chroot_dirs']':' separated list of directories under which chrooting is allowed for mail processes.nil
node['dovecot']['conf']['mail_chroot']Default chroot directory for mail processes.nil
node['dovecot']['conf']['auth_socket_path']UNIX socket path to master authentication server to find users.nil
node['dovecot']['conf']['mail_plugin_dir']Directory where to look up mail plugins.nil
node['dovecot']['conf']['mail_cache_min_mail_count']The minimum number of mails in a mailbox before updates are done to cache file.nil
node['dovecot']['conf']['mailbox_idle_check_interval']When IDLE command is running, mailbox is checked once in a while to see if there are any new mails or other changes.nil
node['dovecot']['conf']['mail_save_crlf']Save mails with CR+LF instead of plain LF.nil
node['dovecot']['conf']['mail_prefetch_count']Max number of mails to keep open and prefetch to memory.nil
node['dovecot']['conf']['mail_temp_scan_interval']How often to scan for stale temporary files and delete them (0 = never).nil
node['dovecot']['conf']['maildir_stat_dirs']By default LIST command returns all entries in maildir beginning with a dot.nil
node['dovecot']['conf']['maildir_copy_with_hardlinks']When copying a message, do it with hard links whenever possible.nil
node['dovecot']['conf']['maildir_very_dirty_syncs']Assume Dovecot is the only MUA accessing Maildir.nil
node['dovecot']['conf']['maildir_broken_filename_sizes']If enabled, Dovecot doesn't use the S= in the Maildir filenames for getting the mail's physical size, except when recalculating Maildir++ quota.nil
node['dovecot']['conf']['maildir_empty_new']Always move mails from new/ directory to cur/, even when the \Recent flags aren't being reset.nil
node['dovecot']['conf']['mbox_read_locks']Which read locking methods to use for locking mbox: dotlock, dotlock_try, fcntl, flock or lockfyynil
node['dovecot']['conf']['mbox_write_locks']Which write locking methods to use for locking mbox: dotlock, dotlock_try, fcntl, flock or lockfyynil
node['dovecot']['conf']['mbox_lock_timeout']Maximum time to wait for lock (all of them) before aborting.nil
node['dovecot']['conf']['mbox_dotlock_change_timeout']If dotlock exists but the mailbox isn't modified in any way, override the lock file after this much time.nil
node['dovecot']['conf']['mbox_dirty_syncs']When mbox changes unexpectedly simply read the new mails but still safely fallbacks to re-reading the whole mbox file whenever something in mbox isn't how it's expected to be.nil
node['dovecot']['conf']['mbox_very_dirty_syncs']Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE, EXPUNGE or CHECK commands.nil
node['dovecot']['conf']['mbox_lazy_writes']Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK commands and when closing the mailbox).nil
node['dovecot']['conf']['mbox_min_index_size']If mbox size is smaller than this (e.g. 100k), don't write index files.nil
node['dovecot']['conf']['mbox_md5']Mail header selection algorithm to use for MD5 POP3 UIDLs when pop3_uidl_format=%m.nil
node['dovecot']['conf']['mdbox_rotate_size']Maximum dbox file size until it's rotated.nil
node['dovecot']['conf']['mdbox_rotate_interval']Maximum dbox file age until it's rotated.nil
node['dovecot']['conf']['mdbox_preallocate_space']When creating new mdbox files, immediately preallocate their size to mdbox_rotate_size.nil
node['dovecot']['conf']['mail_attachment_dir']Directory root where to store mail attachments. Disabled, if empty.nil
node['dovecot']['conf']['mail_attachment_min_size']Attachments smaller than this aren't saved externally.nil
node['dovecot']['conf']['mail_attachment_fs']Filesystem backend to use for saving attachments: posix, sis posix or sis-queue posix.nil
node['dovecot']['conf']['mail_attachment_hash']Hash format to use in attachment filenames.nil
+| Attribute | Default | Description | +|:-----------------------------------------------------------|:--------|:-------------------------------| +| `node['dovecot']['conf']['mail_location']` | *nil* | Location for user's mailboxes. +| `node['dovecot']['conf']['mail_shared_explicit_inbox']` | *nil* | Should shared INBOX be visible as "shared/user" or "shared/user/INBOX"? +| `node['dovecot']['conf']['mail_uid']` | *nil* | System user used to access mails. +| `node['dovecot']['conf']['mail_gid']` | *nil* | System group used to access mails. +| `node['dovecot']['conf']['mail_privileged_group']` | *nil* | Group to enable temporarily for privileged operations. +| `node['dovecot']['conf']['mail_access_groups']` | *nil* | Grant access to these supplementary groups for mail processes. +| `node['dovecot']['conf']['mail_full_filesystem_access']` | *nil* | Allow full filesystem access to clients. +| `node['dovecot']['conf']['mail_attribute_dict']` | *nil* | Dictionary for key=value mailbox attributes. Currently used by URLAUTH. +| `node['dovecot']['conf']['mmap_disable']` | *nil* | Don't use mmap() at all. +| `node['dovecot']['conf']['dotlock_use_excl']` | *nil* | Rely on O_EXCL to work when creating dotlock files. +| `node['dovecot']['conf']['mail_fsync']` | *nil* | When to use fsync() or fdatasync() calls: optimized, always or never +| `node['dovecot']['conf']['mail_nfs_storage']` | *nil* | Mail storage exists in NFS. +| `node['dovecot']['conf']['mail_nfs_index']` | *nil* | Mail index files also exist in NFS. +| `node['dovecot']['conf']['lock_method']` | *nil* | Locking method for index files: fcntl, flock or dotlock. +| `node['dovecot']['conf']['mail_temp_dir']` | *nil* | Directory in which LDA/LMTP temporarily stores incoming mails >128 kB. +| `node['dovecot']['conf']['first_valid_uid']` | *nil* | Valid UID range for users, defaults to 500 and above. +| `node['dovecot']['conf']['last_valid_uid']` | *nil* | Valid UID range for users, defaults to 500 and above. +| `node['dovecot']['conf']['first_valid_gid']` | *nil* | Valid GID range for users, defaults to non-root/wheel. +| `node['dovecot']['conf']['last_valid_gid']` | *nil* | Valid GID range for users, defaults to non-root/wheel. +| `node['dovecot']['conf']['mail_max_keyword_length']` | *nil* | Maximum allowed length for mail keyword name. +| `node['dovecot']['conf']['valid_chroot_dirs']` | *nil* | ':' separated list of directories under which chrooting is allowed for mail processes. +| `node['dovecot']['conf']['mail_chroot']` | *nil* | Default chroot directory for mail processes. +| `node['dovecot']['conf']['auth_socket_path']` | *nil* | UNIX socket path to master authentication server to find users. +| `node['dovecot']['conf']['mail_plugin_dir']` | *nil* | Directory where to look up mail plugins. +| `node['dovecot']['conf']['mail_cache_min_mail_count']` | *nil* | The minimum number of mails in a mailbox before updates are done to cache file. +| `node['dovecot']['conf']['mailbox_idle_check_interval']` | *nil* | When IDLE command is running, mailbox is checked once in a while to see if there are any new mails or other changes. +| `node['dovecot']['conf']['mail_save_crlf']` | *nil* | Save mails with CR+LF instead of plain LF. +| `node['dovecot']['conf']['mail_prefetch_count']` | *nil* | Max number of mails to keep open and prefetch to memory. +| `node['dovecot']['conf']['mail_temp_scan_interval']` | *nil* | How often to scan for stale temporary files and delete them (0 = never). +| `node['dovecot']['conf']['maildir_stat_dirs']` | *nil* | By default LIST command returns all entries in maildir beginning with a dot. +| `node['dovecot']['conf']['maildir_copy_with_hardlinks']` | *nil* | When copying a message, do it with hard links whenever possible. +| `node['dovecot']['conf']['maildir_very_dirty_syncs']` | *nil* | Assume Dovecot is the only MUA accessing Maildir. +| `node['dovecot']['conf']['maildir_broken_filename_sizes']` | *nil* | If enabled, Dovecot doesn't use the S= in the Maildir filenames for getting the mail's physical size, except when recalculating Maildir++ quota. +| `node['dovecot']['conf']['maildir_empty_new']` | *nil* | Always move mails from new/ directory to cur/, even when the \Recent flags aren't being reset. +| `node['dovecot']['conf']['mbox_read_locks']` | *nil* | Which read locking methods to use for locking mbox: dotlock, dotlock_try, fcntl, flock or lockfyy +| `node['dovecot']['conf']['mbox_write_locks']` | *nil* | Which write locking methods to use for locking mbox: dotlock, dotlock_try, fcntl, flock or lockfyy +| `node['dovecot']['conf']['mbox_lock_timeout']` | *nil* | Maximum time to wait for lock (all of them) before aborting. +| `node['dovecot']['conf']['mbox_dotlock_change_timeout']` | *nil* | If dotlock exists but the mailbox isn't modified in any way, override the lock file after this much time. +| `node['dovecot']['conf']['mbox_dirty_syncs']` | *nil* | When mbox changes unexpectedly simply read the new mails but still safely fallbacks to re-reading the whole mbox file whenever something in mbox isn't how it's expected to be. +| `node['dovecot']['conf']['mbox_very_dirty_syncs']` | *nil* | Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE, EXPUNGE or CHECK commands. +| `node['dovecot']['conf']['mbox_lazy_writes']` | *nil* | Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK commands and when closing the mailbox). +| `node['dovecot']['conf']['mbox_min_index_size']` | *nil* | If mbox size is smaller than this (e.g. 100k), don't write index files. +| `node['dovecot']['conf']['mbox_md5']` | *nil* | Mail header selection algorithm to use for MD5 POP3 UIDLs when pop3_uidl_format=%m. +| `node['dovecot']['conf']['mdbox_rotate_size']` | *nil* | Maximum dbox file size until it's rotated. +| `node['dovecot']['conf']['mdbox_rotate_interval']` | *nil* | Maximum dbox file age until it's rotated. +| `node['dovecot']['conf']['mdbox_preallocate_space']` | *nil* | When creating new mdbox files, immediately preallocate their size to mdbox_rotate_size. +| `node['dovecot']['conf']['mail_attachment_dir']` | *nil* | Directory root where to store mail attachments. Disabled, if empty. +| `node['dovecot']['conf']['mail_attachment_min_size']` | *nil* | Attachments smaller than this aren't saved externally. +| `node['dovecot']['conf']['mail_attachment_fs']` | *nil* | Filesystem backend to use for saving attachments: posix, sis posix or sis-queue posix. +| `node['dovecot']['conf']['mail_attachment_hash']` | *nil* | Hash format to use in attachment filenames. ## Master Configuration File Attributes * Configuration file: `conf.d/10-master.conf`. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['conf']['default_process_limit']Default process limit.nil
node['dovecot']['conf']['default_client_limit']Default client limit.nil
node['dovecot']['conf']['default_vsz_limit']Default VSZ (virtual memory size) limit for service processes.nil
node['dovecot']['conf']['default_login_user']Login user is internally used by login processes.nil
node['dovecot']['conf']['default_internal_user']Internal user is used by unprivileged processes.nil
+| Attribute | Default | Description | +|:---------------------------------------------------|:--------|:-------------------------------| +| `node['dovecot']['conf']['default_process_limit']` | *nil* | Default process limit. +| `node['dovecot']['conf']['default_client_limit']` | *nil* | Default client limit. +| `node['dovecot']['conf']['default_vsz_limit']` | *nil* | Default VSZ (virtual memory size) limit for service processes. +| `node['dovecot']['conf']['default_login_user']` | *nil* | Login user is internally used by login processes. +| `node['dovecot']['conf']['default_internal_user']` | *nil* | Internal user is used by unprivileged processes. ## SSL Attributes * Configuration file: `conf.d/10-ssl.conf`. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['conf']['ssl']SSL/TLS support: true or falsenil
node['dovecot']['conf']['ssl_cert']PEM encoded X.509 SSL/TLS certificate.calculated
node['dovecot']['conf']['ssl_key']PEM encoded X.509 SSL/TLS private key.calculated
node['dovecot']['conf']['ssl_key_password']If key file is password protected, give the password here.nil
node['dovecot']['conf']['ssl_ca']PEM encoded trusted certificate authority.nil
node['dovecot']['conf']['ssl_require_crl']Require that CRL check succeeds for client certificates.nil
node['dovecot']['conf']['ssl_client_ca_dir']Directory for trusted SSL CA certificates. These are used only when Dovecot needs to act as an SSL client.nil
node['dovecot']['conf']['ssl_client_ca_file']File for trusted SSL CA certificates. These are used only when Dovecot needs to act as an SSL client.nil
node['dovecot']['conf']['ssl_verify_client_cert']Request client to send a certificate.nil
node['dovecot']['conf']['ssl_cert_username_field']Which field from certificate to use for username.nil
node['dovecot']['conf']['ssl_parameters_regenerate']How often to regenerate the SSL parameters file.nil
node['dovecot']['conf']['ssl_dh_parameters_length']DH parameters length to use.nil
node['dovecot']['conf']['ssl_protocols']SSL protocols to use.nil
node['dovecot']['conf']['ssl_cipher_list']SSL ciphers to usenil
node['dovecot']['conf']['ssl_prefer_server_ciphers']Prefer the server's order of ciphers over client's.nil
node['dovecot']['conf']['ssl_crypto_device']SSL crypto device to use, for valid values run $ openssl engine.nil
node['dovecot']['conf']['ssl_options']SSL extra options. Currently supported options are: 'no_compression'nil
+| Attribute | Default | Description | +|:-------------------------------------------------------|:-------------|:-------------------------------| +| `node['dovecot']['conf']['ssl']` | *nil* | SSL/TLS support: true or false +| `node['dovecot']['conf']['ssl_cert']` | *calculated* | PEM encoded X.509 SSL/TLS certificate. +| `node['dovecot']['conf']['ssl_key']` | *calculated* | PEM encoded X.509 SSL/TLS private key. +| `node['dovecot']['conf']['ssl_key_password']` | *nil* | If key file is password protected, give the password here. +| `node['dovecot']['conf']['ssl_ca']` | *nil* | PEM encoded trusted certificate authority. +| `node['dovecot']['conf']['ssl_require_crl']` | *nil* | Require that CRL check succeeds for client certificates. +| `node['dovecot']['conf']['ssl_client_ca_dir']` | *nil* | Directory for trusted SSL CA certificates. These are used only when Dovecot needs to act as an SSL client. +| `node['dovecot']['conf']['ssl_client_ca_file']` | *nil* | File for trusted SSL CA certificates. These are used only when Dovecot needs to act as an SSL client. +| `node['dovecot']['conf']['ssl_verify_client_cert']` | *nil* | Request client to send a certificate. +| `node['dovecot']['conf']['ssl_cert_username_field']` | *nil* | Which field from certificate to use for username. +| `node['dovecot']['conf']['ssl_parameters_regenerate']` | *nil* | How often to regenerate the SSL parameters file. +| `node['dovecot']['conf']['ssl_dh_parameters_length']` | *nil* | DH parameters length to use. +| `node['dovecot']['conf']['ssl_protocols']` | *nil* | SSL protocols to use. +| `node['dovecot']['conf']['ssl_cipher_list']` | *nil* | SSL ciphers to use +| `node['dovecot']['conf']['ssl_prefer_server_ciphers']` | *nil* | Prefer the server's order of ciphers over client's. +| `node['dovecot']['conf']['ssl_crypto_device']` | *nil* | SSL crypto device to use, for valid values run `$ openssl engine`. +| `node['dovecot']['conf']['ssl_options']` | *nil* | SSL extra options. Currently supported options are: `'no_compression'` ## LDA Specific Attributes @@ -956,396 +293,112 @@ Also used by LMTP. * Configuration files: `conf.d/15-lda.conf`. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['conf']['postmaster_address']Address to use when sending rejection mails.nil
node['dovecot']['conf']['hostname']Hostname to use in various parts of sent mails, eg. in Message-Id.nil
node['dovecot']['conf']['quota_full_tempfail']If user is over quota, return with temporary failure instead of bouncing the mail.nil
node['dovecot']['conf']['sendmail_path']Binary to use for sending mails.nil
node['dovecot']['conf']['submission_host']If non-empty, send mails via this SMTP host[:port] instead of sendmail.nil
node['dovecot']['conf']['rejection_subject']Subject: header to use for rejection mails.nil
node['dovecot']['conf']['rejection_reason']Human readable error message for rejection mails.nil
node['dovecot']['conf']['recipient_delimiter']Delimiter character between local-part and detail in email address.nil
node['dovecot']['conf']['lda_original_recipient_header']Header where the original recipient address (SMTP's RCPT TO: address) is taken from if not available elsewhere.nil
node['dovecot']['conf']['lda_mailbox_autocreate']Should saving a mail to a nonexistent mailbox automatically create it?nil
node['dovecot']['conf']['lda_mailbox_autosubscribe']Should automatically created mailboxes be also automatically subscribed?nil
+| Attribute | Default | Description | +|:-----------------------------------------------------------|:--------|:-------------------------------| +| `node['dovecot']['conf']['postmaster_address']` | *nil* | Address to use when sending rejection mails. +| `node['dovecot']['conf']['hostname']` | *nil* | Hostname to use in various parts of sent mails, eg. in Message-Id. +| `node['dovecot']['conf']['quota_full_tempfail']` | *nil* | If user is over quota, return with temporary failure instead of bouncing the mail. +| `node['dovecot']['conf']['sendmail_path']` | *nil* | Binary to use for sending mails. +| `node['dovecot']['conf']['submission_host']` | *nil* | If non-empty, send mails via this SMTP host[:port] instead of sendmail. +| `node['dovecot']['conf']['rejection_subject']` | *nil* | Subject: header to use for rejection mails. +| `node['dovecot']['conf']['rejection_reason']` | *nil* | Human readable error message for rejection mails. +| `node['dovecot']['conf']['recipient_delimiter']` | *nil* | Delimiter character between local-part and detail in email address. +| `node['dovecot']['conf']['lda_original_recipient_header']` | *nil* | Header where the original recipient address (SMTP's RCPT TO: address) is taken from if not available elsewhere. +| `node['dovecot']['conf']['lda_mailbox_autocreate']` | *nil* | Should saving a mail to a nonexistent mailbox automatically create it? +| `node['dovecot']['conf']['lda_mailbox_autosubscribe']` | *nil* | Should automatically created mailboxes be also automatically subscribed? ## LMTP Specific Attributes * Configuration file: `conf.d/20-lmtp.conf` - - - - - - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['conf']['lmtp_proxy']Support proxying to other LMTP/SMTP servers by performing passdb lookups.nil
node['dovecot']['conf']['lmtp_save_to_detail_mailbox']When recipient address includes the detail (e.g. user+detail), try to save the mail to the detail mailbox.nil
node['dovecot']['conf']['lmtp_rcpt_check_quota']Verify quota before replying to RCPT TO. This adds a small overhead.nil
+| Attribute | Default | Description | +|:---------------------------------------------------------|:--------|:-------------------------------| +| `node['dovecot']['conf']['lmtp_proxy']` | *nil* | Support proxying to other LMTP/SMTP servers by performing passdb lookups. +| `node['dovecot']['conf']['lmtp_save_to_detail_mailbox']` | *nil* | When recipient address includes the detail (e.g. user+detail), try to save the mail to the detail mailbox. +| `node['dovecot']['conf']['lmtp_rcpt_check_quota']` | *nil* | Verify quota before replying to RCPT TO. This adds a small overhead. ## Berkeley DB DB_CONFIG Attributes * Configuration file: `dovecot-db.conf.ext`. - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['conf']['db']DB_CONFIG for Berkeley DB as a hash.nil
+| Attribute | Default | Description | +|:--------------------------------|:--------|:-------------------------------| +| `node['dovecot']['conf']['db']` | *nil* | DB_CONFIG for Berkeley DB as a hash. ## Dictionary Quota SQL Attributes * Configuration files: `dovecot-dict-sql.conf.ext`. - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['conf']['dict_sql']['connect']Dict sql connect configuration as a string or an array.nil
node['dovecot']['conf']['dict_sql']['maps']Dict sql database tables maps (see the example below).nil
+| Attribute | Default | Description | +|:-------------------------------------------------|:--------|:-------------------------------| +| `node['dovecot']['conf']['dict_sql']['connect']` | *nil* | Dict sql connect configuration as a string or an array. +| `node['dovecot']['conf']['dict_sql']['maps']` | *nil* | Dict sql database tables maps ([see the example below](#dictionary-quota-sql-example)). ## LDAP Authentication Attributes * Configuration files: `dovecot-ldap.conf.ext`. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['conf']['ldap']['hosts']Space separated list or array of LDAP hosts to use.nil
node['dovecot']['conf']['ldap']['uris']LDAP URIs to use.nil
node['dovecot']['conf']['ldap']['dn']Distinguished Name, the username used to login to the LDAP server.nil
node['dovecot']['conf']['ldap']['dnpass']Password for LDAP server, if dn is specified.nil
node['dovecot']['conf']['ldap']['sasl_bind']Use SASL binding instead of the simple binding.nil
node['dovecot']['conf']['ldap']['sasl_mech']SASL mechanism name to use.nil
node['dovecot']['conf']['ldap']['sasl_realm']SASL realm to use.nil
node['dovecot']['conf']['ldap']['sasl_authz_id']SASL authorization ID, ie. the dnpass is for this "master user", but the dn is still the logged in user.nil
node['dovecot']['conf']['ldap']['tls']Use TLS to connect to the LDAP server.nil
node['dovecot']['conf']['ldap']['tls_ca_cert_file']TLS options, currently supported only with OpenLDAP.nil
node['dovecot']['conf']['ldap']['tls_ca_cert_dir']TLS options, currently supported only with OpenLDAP.nil
node['dovecot']['conf']['ldap']['tls_cipher_suite']TLS options, currently supported only with OpenLDAP.nil
node['dovecot']['conf']['ldap']['tls_cert_file']TLS cert/key is used only if LDAP server requires a client certificate.nil
node['dovecot']['conf']['ldap']['tls_key_file']TLS cert/key is used only if LDAP server requires a client certificate.nil
node['dovecot']['conf']['ldap']['tls_require_cert']Valid values: never, hard, demand, allow, trynil
node['dovecot']['conf']['ldap']['ldaprc_path']Use the given ldaprc path.nil
node['dovecot']['conf']['ldap']['debug_level']LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h.nil
node['dovecot']['conf']['ldap']['auth_bind']Use authentication binding for verifying password's validity.nil
node['dovecot']['conf']['ldap']['auth_bind_userdn']If authentication binding is used, you can save one LDAP request per login if user's DN can be specified with a common template.nil
node['dovecot']['conf']['ldap']['ldap_version']LDAP protocol version to use. Likely 2 or 3.nil
node['dovecot']['conf']['ldap']['base']LDAP base. %variables can be used here.nil
node['dovecot']['conf']['ldap']['deref']Dereference: never, searching, finding or always.nil
node['dovecot']['conf']['ldap']['scope']Search scope: base, onelevel or subtree.nil
node['dovecot']['conf']['ldap']['user_attrs']User attributes are given in LDAP-name=dovecot-internal-name list.nil
node['dovecot']['conf']['ldap']['user_filter']Filter for user lookup.nil
node['dovecot']['conf']['ldap']['pass_attrs']Password checking attributes.nil
node['dovecot']['conf']['ldap']['pass_filter']Filter for password lookups.nil
node['dovecot']['conf']['ldap']['iterate_attrs']Attributes to get a list of all usersnil
node['dovecot']['conf']['ldap']['iterate_filter']Filter to get a list of all usersnil
node['dovecot']['conf']['ldap']['default_pass_scheme']Default password scheme. "{scheme}" before password overrides this.nil
+| Attribute | Default | Description | +|:---------------------------------------------------------|:--------|:-------------------------------| +| `node['dovecot']['conf']['ldap']['hosts']` | *nil* | Space separated list or array of LDAP hosts to use. +| `node['dovecot']['conf']['ldap']['uris']` | *nil* | LDAP URIs to use. +| `node['dovecot']['conf']['ldap']['dn']` | *nil* | Distinguished Name, the username used to login to the LDAP server. +| `node['dovecot']['conf']['ldap']['dnpass']` | *nil* | Password for LDAP server, if dn is specified. +| `node['dovecot']['conf']['ldap']['sasl_bind']` | *nil* | Use SASL binding instead of the simple binding. +| `node['dovecot']['conf']['ldap']['sasl_mech']` | *nil* | SASL mechanism name to use. +| `node['dovecot']['conf']['ldap']['sasl_realm']` | *nil* | SASL realm to use. +| `node['dovecot']['conf']['ldap']['sasl_authz_id']` | *nil* | SASL authorization ID, ie. the dnpass is for this "master user", but the dn is still the logged in user. +| `node['dovecot']['conf']['ldap']['tls']` | *nil* | Use TLS to connect to the LDAP server. +| `node['dovecot']['conf']['ldap']['tls_ca_cert_file']` | *nil* | TLS options, currently supported only with OpenLDAP. +| `node['dovecot']['conf']['ldap']['tls_ca_cert_dir']` | *nil* | TLS options, currently supported only with OpenLDAP. +| `node['dovecot']['conf']['ldap']['tls_cipher_suite']` | *nil* | TLS options, currently supported only with OpenLDAP. +| `node['dovecot']['conf']['ldap']['tls_cert_file']` | *nil* | TLS cert/key is used only if LDAP server requires a client certificate. +| `node['dovecot']['conf']['ldap']['tls_key_file']` | *nil* | TLS cert/key is used only if LDAP server requires a client certificate. +| `node['dovecot']['conf']['ldap']['tls_require_cert']` | *nil* | Valid values: never, hard, demand, allow, try +| `node['dovecot']['conf']['ldap']['ldaprc_path']` | *nil* | Use the given ldaprc path. +| `node['dovecot']['conf']['ldap']['debug_level']` | *nil* | LDAP library debug level as specified by LDAP_DEBUG_* in ldap_log.h. +| `node['dovecot']['conf']['ldap']['auth_bind']` | *nil* | Use authentication binding for verifying password's validity. +| `node['dovecot']['conf']['ldap']['auth_bind_userdn']` | *nil* | If authentication binding is used, you can save one LDAP request per login if user's DN can be specified with a common template. +| `node['dovecot']['conf']['ldap']['ldap_version']` | *nil* | LDAP protocol version to use. Likely 2 or 3. +| `node['dovecot']['conf']['ldap']['base']` | *nil* | LDAP base. %variables can be used here. +| `node['dovecot']['conf']['ldap']['deref']` | *nil* | Dereference: never, searching, finding or always. +| `node['dovecot']['conf']['ldap']['scope']` | *nil* | Search scope: base, onelevel or subtree. +| `node['dovecot']['conf']['ldap']['user_attrs']` | *nil* | User attributes are given in LDAP-name=dovecot-internal-name list. +| `node['dovecot']['conf']['ldap']['user_filter']` | *nil* | Filter for user lookup. +| `node['dovecot']['conf']['ldap']['pass_attrs']` | *nil* | Password checking attributes. +| `node['dovecot']['conf']['ldap']['pass_filter']` | *nil* | Filter for password lookups. +| `node['dovecot']['conf']['ldap']['iterate_attrs']` | *nil* | Attributes to get a list of all users +| `node['dovecot']['conf']['ldap']['iterate_filter']` | *nil* | Filter to get a list of all users +| `node['dovecot']['conf']['ldap']['default_pass_scheme']` | *nil* | Default password scheme. "{scheme}" before password overrides this. ## SQL Authentication Attributes * Configuration file: `dovecot-sql.conf.ext`. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['conf']['sql']['driver']Database driver: mysql, pgsql or sqlite.nil
node['dovecot']['conf']['sql']['connect']Database connection string or array. This is driver-specific setting.nil
node['dovecot']['conf']['sql']['default_pass_scheme']Default password scheme.nil
node['dovecot']['conf']['sql']['password_query']passdb query to retrieve the password.nil
node['dovecot']['conf']['sql']['user_query']userdb query to retrieve the user information.nil
node['dovecot']['conf']['sql']['iterate_query']Query to get a list of all usernames.nil
+| Attribute | Default | Description | +|:--------------------------------------------------------|:--------|:-------------------------------| +| `node['dovecot']['conf']['sql']['driver']` | *nil* | Database driver: mysql, pgsql or sqlite. +| `node['dovecot']['conf']['sql']['connect']` | *nil* | Database connection string or array. This is driver-specific setting. +| `node['dovecot']['conf']['sql']['default_pass_scheme']` | *nil* | Default password scheme. +| `node['dovecot']['conf']['sql']['password_query']` | *nil* | passdb query to retrieve the password. +| `node['dovecot']['conf']['sql']['user_query']` | *nil* | userdb query to retrieve the user information. +| `node['dovecot']['conf']['sql']['iterate_query']` | *nil* | Query to get a list of all usernames. ## Distribution Packages Names Attributes These attributes below contain the default required distribution packages for the supported platforms. But you are free to create your own to support other platforms. Keep in mind that all are put inside a subkey (`type`). This `node['dovecot']['packages'][type]` attribute is then used together with the `node['dovecot']['conf_files'][type]` attribute to generate the configuration files. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AttributeDescriptionDefault
node['dovecot']['packages']['core']Dovecot core package names array.calculated
node['dovecot']['packages']['imap']Dovecot IMAP package names array.calculated
node['dovecot']['packages']['pop3']Dovecot POP3 package names array.calculated
node['dovecot']['packages']['lmtp']Dovecot LMTP package names array.calculated
node['dovecot']['packages']['sieve']Dovecot Sieve package names array.calculated
node['dovecot']['packages']['ldap']Dovecot LDAP package names array.calculated
node['dovecot']['packages']['sqlite']Dovecot SQLite package names array.calculated
node['dovecot']['packages']['mysql']Dovecot MySQL package names array.calculated
node['dovecot']['packages']['pgsql']Dovecot PostgreSQL package names array.calculated
+| Attribute | Default | Description | +|:----------------------------------------|:-------------|:-------------------------------| +| `node['dovecot']['packages']['core']` | *calculated* | Dovecot core package names array. +| `node['dovecot']['packages']['imap']` | *calculated* | Dovecot IMAP package names array. +| `node['dovecot']['packages']['pop3']` | *calculated* | Dovecot POP3 package names array. +| `node['dovecot']['packages']['lmtp']` | *calculated* | Dovecot LMTP package names array. +| `node['dovecot']['packages']['sieve']` | *calculated* | Dovecot Sieve package names array. +| `node['dovecot']['packages']['ldap']` | *calculated* | Dovecot LDAP package names array. +| `node['dovecot']['packages']['sqlite']` | *calculated* | Dovecot SQLite package names array. +| `node['dovecot']['packages']['mysql']` | *calculated* | Dovecot MySQL package names array. +| `node['dovecot']['packages']['pgsql']` | *calculated* | Dovecot PostgreSQL package names array. Recipes ======= diff --git a/TODO.md b/TODO.md index fecc883..87b0a47 100644 --- a/TODO.md +++ b/TODO.md @@ -3,7 +3,5 @@ TODO * [ ] Complete the **dovecot-dict-auth.conf.ext.erb** template. * [ ] Add unit tests for libraries. -* [ ] Use markdown tables in the README. -* [ ] Use single quotes in README examples. * [ ] Install from sources. * [ ] Integrate with `ssl_certificate` cookbook?