[hcoop/debian/courier-authlib.git] / authpgsqlrc

##VERSION: $Id: c6a82fc8c0bd0e858ca7c133640ed14769e3e04c-20160501082012$
#
# Copyright 2000-2004 Double Precision, Inc.  See COPYING for
# distribution information.
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# authpgsqlrc created from authpgsqlrc.dist by sysconftool
#
# DO NOT INSTALL THIS FILE with world read permissions.  This file
# might contain the PostgreSQL admin password!
#
# Each line in this file must follow the following format:
#
# field[spaces|tabs]value
#
# That is, the name of the field, followed by spaces or tabs, followed by
# field value.  Trailing spaces are prohibited.


##NAME: LOCATION:1
#
# The server hostname, port, userid, and password used to log in.
#
# See Postgresql's documenation for PQconnectdb(), for other options that
# you can use here.

PGSQL_CONNECTION        \
          host=pgsql.example.com \
	  port=5400              \
	  user=admin             \
	  password=admin

##NAME: PGSQL_DATABASE:0
#
# The name of the PostgreSQL database we will open:

PGSQL_DATABASE		template1

##NAME: PGSQL_CHARACTER_SET:0
#
# Optionally install a character set mapping. Restart authdaemond, send a test
# query using authtest and check for error messages in syslog/maillog.
#
# PGSQL_CHARACTER_SET	UTF8

##NAME: PGSQL_USER_TABLE:0
#
# The name of the table containing your user data.  See README.authmysqlrc
# for the required fields in this table (both MySQL and Postgress use the
# same suggested layout.

PGSQL_USER_TABLE	passwd

##NAME: PGSQL_CRYPT_PWFIELD:0
#
# Either PGSQL_CRYPT_PWFIELD or PGSQL_CLEAR_PWFIELD must be defined.  Both
# are OK too. crypted passwords go into PGSQL_CRYPT_PWFIELD, cleartext
# passwords go into PGSQL_CLEAR_PWFIELD.  Cleartext passwords allow
# CRAM-MD5 authentication to be implemented.

PGSQL_CRYPT_PWFIELD	crypt

##NAME: PGSQL_CLEAR_PWFIELD:0
#
#
# PGSQL_CLEAR_PWFIELD	clear

##NAME: PGSQL_DEFAULT_DOMAIN:0
#
# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
# we will look up 'user@DEFAULT_DOMAIN' instead.
#
#
# DEFAULT_DOMAIN		example.com

##NAME: PGSQL_UID_FIELD:0
#
# Other fields in the mysql table:
#
# PGSQL_UID_FIELD - contains the numerical userid of the account
#
PGSQL_UID_FIELD		uid

##NAME: PGSQL_GID_FIELD:0
#
# Numerical groupid of the account

PGSQL_GID_FIELD		gid

##NAME: PGSQL_LOGIN_FIELD:0
#
# The login id, default is id.  Basically the query is:
#
#  SELECT PGSQL_UID_FIELD, PGSQL_GID_FIELD, ... WHERE id='loginid'
#

PGSQL_LOGIN_FIELD	id

##NAME: PGSQL_HOME_FIELD:0
#

PGSQL_HOME_FIELD	home

##NAME: PGSQL_NAME_FIELD:0
#
# The user's name (optional)

PGSQL_NAME_FIELD	name

##NAME: PGSQL_MAILDIR_FIELD:0
#
# This is an optional field, and can be used to specify an arbitrary
# location of the maildir for the account, which normally defaults to
# $HOME/Maildir (where $HOME is read from PGSQL_HOME_FIELD).
#
# You still need to provide a PGSQL_HOME_FIELD, even if you uncomment this
# out.
#
# PGSQL_MAILDIR_FIELD	maildir

##NAME: PGSQL_DEFAULTDELIVERY:0
#
# Courier mail server only: optional field specifies custom mail delivery
# instructions for this account (if defined) -- essentially overrides
# DEFAULTDELIVERY from ${sysconfdir}/courierd
#
# PGSQL_DEFAULTDELIVERY defaultDelivery

##NAME: PGSQL_QUOTA_FIELD:0
#
# Define PGSQL_QUOTA_FIELD to be the name of the field that can optionally
# specify a maildir quota.  See README.maildirquota for more information
#
# PGSQL_QUOTA_FIELD	quota

##NAME: PGSQL_AUXOPTIONS:0
#
# Auxiliary options.  The PGSQL_AUXOPTIONS field should be a char field that
# contains a single string consisting of comma-separated "ATTRIBUTE=NAME"
# pairs.  These names are additional attributes that define various per-account
# "options", as given in  INSTALL's description of the "Account OPTIONS"
# setting.
#
# PGSQL_AUXOPTIONS_FIELD	auxoptions
#
# You might want to try something like this, if you'd like to use a bunch
# of individual fields, instead of a single text blob:
#
# PGSQL_AUXOPTIONS_FIELD	'disableimap=' || disableimap || ',disablepop3=' || disablepop3 || ',disablewebmail=' || disablewebmail || ',sharedgroup=' || sharedgroup
#
# This will let you define fields called "disableimap", etc, with the end result
# being something that the OPTIONS parser understands.

##NAME: PGSQL_WHERE_CLAUSE:0
#
# This is optional, PGSQL_WHERE_CLAUSE can be basically set to an arbitrary
# fixed string that is appended to the WHERE clause of our query
#
# PGSQL_WHERE_CLAUSE	server='mailhost.example.com'

##NAME: PGSQL_SELECT_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, PGSQL_SELECT_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do a SELECT operation on database, which should return fields
# in order specified bellow:
#
# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options
#
# Enabling this option causes ignorance of any other field-related
# options, excluding default domain.
#
# There are two variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. These variables are:
#	 	$(local_part), $(domain), and $(service)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
#
# $(service) will expand out to the service being authenticated: imap, imaps,
# pop3 or pop3s.  Courier mail server only: service will also expand out to
# "courier", when searching for local mail account's location.  In this case,
# if the "maildir" field is not empty it will be used in place of
# DEFAULTDELIVERY.  Courier mail server will also use esmtp when doing
# authenticated ESMTP.
#
# This example is a little bit modified adaptation of vmail-sql
# database scheme:
#
# PGSQL_SELECT_CLAUSE	SELECT popbox.local_part,			\
#			'{MD5}' || popbox.password_hash,		\
#			popbox.clearpw,					\
#			domain.uid,					\
#			domain.gid,					\
#			domain.path || '/' || popbox.mbox_name),	\
#			'',						\
#			domain.quota,					\
#			'',						\
#			FROM popbox, domain				\
#			WHERE popbox.local_part = '$(local_part)'	\
#			AND popbox.domain_name = '$(domain)'		\
#			AND popbox.domain_name = domain.domain_name


##NAME: PGSQL_ENUMERATE_CLAUSE:1
#
# {EXPERIMENTAL}
# Optional custom SQL query used to enumerate accounts for authenumerate,
# in order to compile a list of accounts for shared folders.  The query
# should return the following fields: name, uid, gid, homedir, maildir, options
#
# Example:
# PGSQL_ENUMERATE_CLAUSE	SELECT popbox.local_part || '@' || popbox.domain_name,	\
#			domain.uid,					\
#			domain.gid,					\
#			domain.path || '/' || popbox.mbox_name,		\
#			'',						\
#			'sharedgroup=' || sharedgroup			\
#			FROM popbox, domain				\
#			WHERE popbox.local_part = '$(local_part)'	\
#			AND popbox.domain_name = '$(domain)'		\
#			AND popbox.domain_name = domain.domain_name


##NAME: PGSQL_CHPASS_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, PGSQL_CHPASS_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do an UPDATE operation on database. In other words, it is
# used, when changing password.
#
# There are four variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. There variables are:
# 	$(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
# $(newpass) contains plain password
# $(newpass_crypt) contains its crypted form
#
# PGSQL_CHPASS_CLAUSE	UPDATE	popbox					\
#			SET	clearpw='$(newpass)',			\
#				password_hash='$(newpass_crypt)'	\
#			WHERE	local_part='$(local_part)'		\
#			AND	domain_name='$(domain)'
#


##NAME: MARKER:0
#
# Do not remove this section from this configuration file. This section
# must be present at the end of this file.
Commit	Line	Data
0e333c05	1	##VERSION: $Id: c6a82fc8c0bd0e858ca7c133640ed14769e3e04c-20160501082012$
d9898ee8	2	#
	3	# Copyright 2000-2004 Double Precision, Inc. See COPYING for
	4	# distribution information.
	5	#
	6	# Do not alter lines that begin with ##, they are used when upgrading
	7	# this configuration.
	8	#
	9	# authpgsqlrc created from authpgsqlrc.dist by sysconftool
	10	#
	11	# DO NOT INSTALL THIS FILE with world read permissions. This file
	12	# might contain the PostgreSQL admin password!
	13	#
	14	# Each line in this file must follow the following format:
	15	#
	16	# field[spaces\|tabs]value
	17	#
	18	# That is, the name of the field, followed by spaces or tabs, followed by
	19	# field value. Trailing spaces are prohibited.
	20
	21
0e333c05	22	##NAME: LOCATION:1
d9898ee8	23	#
	24	# The server hostname, port, userid, and password used to log in.
	25	#
0e333c05 CE	26	# See Postgresql's documenation for PQconnectdb(), for other options that
0e333c05 CE	27	# you can use here.
d9898ee8	28
0e333c05 CE	29	PGSQL_CONNECTION \
	30	host=pgsql.example.com \
	31	port=5400 \
	32	user=admin \
	33	password=admin
d9898ee8	34
	35	##NAME: PGSQL_DATABASE:0
	36	#
	37	# The name of the PostgreSQL database we will open:
	38
	39	PGSQL_DATABASE template1
	40
8d138742 CE	41	##NAME: PGSQL_CHARACTER_SET:0
	42	#
	43	# Optionally install a character set mapping. Restart authdaemond, send a test
	44	# query using authtest and check for error messages in syslog/maillog.
	45	#
	46	# PGSQL_CHARACTER_SET UTF8
	47
d9898ee8	48	##NAME: PGSQL_USER_TABLE:0
	49	#
	50	# The name of the table containing your user data. See README.authmysqlrc
	51	# for the required fields in this table (both MySQL and Postgress use the
	52	# same suggested layout.
	53
	54	PGSQL_USER_TABLE passwd
	55
	56	##NAME: PGSQL_CRYPT_PWFIELD:0
	57	#
	58	# Either PGSQL_CRYPT_PWFIELD or PGSQL_CLEAR_PWFIELD must be defined. Both
	59	# are OK too. crypted passwords go into PGSQL_CRYPT_PWFIELD, cleartext
	60	# passwords go into PGSQL_CLEAR_PWFIELD. Cleartext passwords allow
	61	# CRAM-MD5 authentication to be implemented.
	62
	63	PGSQL_CRYPT_PWFIELD crypt
	64
	65	##NAME: PGSQL_CLEAR_PWFIELD:0
	66	#
	67	#
	68	# PGSQL_CLEAR_PWFIELD clear
	69
	70	##NAME: PGSQL_DEFAULT_DOMAIN:0
	71	#
	72	# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
	73	# we will look up 'user@DEFAULT_DOMAIN' instead.
	74	#
	75	#
	76	# DEFAULT_DOMAIN example.com
	77
	78	##NAME: PGSQL_UID_FIELD:0
	79	#
	80	# Other fields in the mysql table:
	81	#
	82	# PGSQL_UID_FIELD - contains the numerical userid of the account
	83	#
	84	PGSQL_UID_FIELD uid
	85
	86	##NAME: PGSQL_GID_FIELD:0
	87	#
	88	# Numerical groupid of the account
	89
	90	PGSQL_GID_FIELD gid
	91
	92	##NAME: PGSQL_LOGIN_FIELD:0
	93	#
	94	# The login id, default is id. Basically the query is:
	95	#
	96	# SELECT PGSQL_UID_FIELD, PGSQL_GID_FIELD, ... WHERE id='loginid'
	97	#
	98
	99	PGSQL_LOGIN_FIELD id
	100
	101	##NAME: PGSQL_HOME_FIELD:0
	102	#
	103
	104	PGSQL_HOME_FIELD home
	105
	106	##NAME: PGSQL_NAME_FIELD:0
	107	#
	108	# The user's name (optional)
	109
	110	PGSQL_NAME_FIELD name
	111
112	##NAME: PGSQL_MAILDIR_FIELD:0
113	#
114	# This is an optional field, and can be used to specify an arbitrary
115	# location of the maildir for the account, which normally defaults to
116	# $HOME/Maildir (where $HOME is read from PGSQL_HOME_FIELD).
117	#
118	# You still need to provide a PGSQL_HOME_FIELD, even if you uncomment this
119	# out.
120	#
121	# PGSQL_MAILDIR_FIELD maildir
122
123	##NAME: PGSQL_DEFAULTDELIVERY:0
124	#
125	# Courier mail server only: optional field specifies custom mail delivery
126	# instructions for this account (if defined) -- essentially overrides
127	# DEFAULTDELIVERY from ${sysconfdir}/courierd
128	#
129	# PGSQL_DEFAULTDELIVERY defaultDelivery
130
131	##NAME: PGSQL_QUOTA_FIELD:0
132	#
133	# Define PGSQL_QUOTA_FIELD to be the name of the field that can optionally
0e333c05	134	# specify a maildir quota. See README.maildirquota for more information
d9898ee8	135	#
	136	# PGSQL_QUOTA_FIELD quota
	137
	138	##NAME: PGSQL_AUXOPTIONS:0
	139	#
	140	# Auxiliary options. The PGSQL_AUXOPTIONS field should be a char field that
	141	# contains a single string consisting of comma-separated "ATTRIBUTE=NAME"
	142	# pairs. These names are additional attributes that define various per-account
	143	# "options", as given in INSTALL's description of the "Account OPTIONS"
	144	# setting.
	145	#
	146	# PGSQL_AUXOPTIONS_FIELD auxoptions
	147	#
	148	# You might want to try something like this, if you'd like to use a bunch
	149	# of individual fields, instead of a single text blob:
	150	#
	151	# PGSQL_AUXOPTIONS_FIELD 'disableimap=' \|\| disableimap \|\| ',disablepop3=' \|\| disablepop3 \|\| ',disablewebmail=' \|\| disablewebmail \|\| ',sharedgroup=' \|\| sharedgroup
	152	#
	153	# This will let you define fields called "disableimap", etc, with the end result
	154	# being something that the OPTIONS parser understands.
	155
	156	##NAME: PGSQL_WHERE_CLAUSE:0
	157	#
	158	# This is optional, PGSQL_WHERE_CLAUSE can be basically set to an arbitrary
	159	# fixed string that is appended to the WHERE clause of our query
	160	#
	161	# PGSQL_WHERE_CLAUSE server='mailhost.example.com'
	162
	163	##NAME: PGSQL_SELECT_CLAUSE:0
	164	#
	165	# (EXPERIMENTAL)
	166	# This is optional, PGSQL_SELECT_CLAUSE can be set when you have a database,
	167	# which is structuraly different from proposed. The fixed string will
	168	# be used to do a SELECT operation on database, which should return fields
	169	# in order specified bellow:
	170	#
	171	# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options
	172	#
	173	# Enabling this option causes ignorance of any other field-related
	174	# options, excluding default domain.
	175	#
	176	# There are two variables, which you can use. Substitution will be made
	177	# for them, so you can put entered username (local part) and domain name
	178	# in the right place of your query. These variables are:
	179	# $(local_part), $(domain), and $(service)
	180	#
	181	# If a $(domain) is empty (not given by the remote user) the default domain
	182	# name is used in its place.
	183	#
	184	# $(service) will expand out to the service being authenticated: imap, imaps,
	185	# pop3 or pop3s. Courier mail server only: service will also expand out to
	186	# "courier", when searching for local mail account's location. In this case,
	187	# if the "maildir" field is not empty it will be used in place of
	188	# DEFAULTDELIVERY. Courier mail server will also use esmtp when doing
	189	# authenticated ESMTP.
	190	#
	191	# This example is a little bit modified adaptation of vmail-sql
	192	# database scheme:
	193	#
	194	# PGSQL_SELECT_CLAUSE SELECT popbox.local_part, \
	195	# '{MD5}' \|\| popbox.password_hash, \
	196	# popbox.clearpw, \
	197	# domain.uid, \
	198	# domain.gid, \
199	# domain.path \|\| '/' \|\| popbox.mbox_name), \
200	# '', \
201	# domain.quota, \
202	# '', \
203	# FROM popbox, domain \
204	# WHERE popbox.local_part = '$(local_part)' \
205	# AND popbox.domain_name = '$(domain)' \
206	# AND popbox.domain_name = domain.domain_name
207
208
209	##NAME: PGSQL_ENUMERATE_CLAUSE:1
210	#
211	# {EXPERIMENTAL}
212	# Optional custom SQL query used to enumerate accounts for authenumerate,
213	# in order to compile a list of accounts for shared folders. The query
214	# should return the following fields: name, uid, gid, homedir, maildir, options
215	#
216	# Example:
217	# PGSQL_ENUMERATE_CLAUSE SELECT popbox.local_part \|\| '@' \|\| popbox.domain_name, \
218	# domain.uid, \
219	# domain.gid, \
220	# domain.path \|\| '/' \|\| popbox.mbox_name, \
221	# '', \
222	# 'sharedgroup=' \|\| sharedgroup \
223	# FROM popbox, domain \
224	# WHERE popbox.local_part = '$(local_part)' \
225	# AND popbox.domain_name = '$(domain)' \
226	# AND popbox.domain_name = domain.domain_name
227
228
229	##NAME: PGSQL_CHPASS_CLAUSE:0
230	#
231	# (EXPERIMENTAL)
232	# This is optional, PGSQL_CHPASS_CLAUSE can be set when you have a database,
233	# which is structuraly different from proposed. The fixed string will
234	# be used to do an UPDATE operation on database. In other words, it is
235	# used, when changing password.
236	#
237	# There are four variables, which you can use. Substitution will be made
238	# for them, so you can put entered username (local part) and domain name
239	# in the right place of your query. There variables are:
240	# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
241	#
242	# If a $(domain) is empty (not given by the remote user) the default domain
243	# name is used in its place.
244	# $(newpass) contains plain password
245	# $(newpass_crypt) contains its crypted form
246	#
247	# PGSQL_CHPASS_CLAUSE UPDATE popbox \
248	# SET clearpw='$(newpass)', \
249	# password_hash='$(newpass_crypt)' \
250	# WHERE local_part='$(local_part)' \
251	# AND domain_name='$(domain)'
252	#
0e333c05 CE	253
	254
	255	##NAME: MARKER:0
	256	#
	257	# Do not remove this section from this configuration file. This section
	258	# must be present at the end of this file.