[hcoop/debian/courier-authlib.git] / authpgsqlrc

##VERSION: $Id: authpgsqlrc,v 1.13 2008/12/18 12:08:25 mrsam Exp $
#
# Copyright 2000-2004 Double Precision, Inc.  See COPYING for
# distribution information.
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# authpgsqlrc created from authpgsqlrc.dist by sysconftool
#
# DO NOT INSTALL THIS FILE with world read permissions.  This file
# might contain the PostgreSQL admin password!
#
# Each line in this file must follow the following format:
#
# field[spaces|tabs]value
#
# That is, the name of the field, followed by spaces or tabs, followed by
# field value.  Trailing spaces are prohibited.


##NAME: LOCATION:0
#
# The server hostname, port, userid, and password used to log in.
#
# To connect to a filesystem socket, delete PGSQL_HOST, and set PGSQL_PORT to
# the socket's last component.  So, if your pg socket is /tmp/.s.PGSQL.5400
# set PGSQL_PORT to 5400.

PGSQL_HOST		pgsql.example.com
PGSQL_PORT		5400
PGSQL_USERNAME		admin
PGSQL_PASSWORD		admin


##NAME: PGSQL_OPT:0
#
# PGSQL_OPT specifies the connection debug options to PQsetdbLogin().
# Don't bother with this setting unless you know what you're doing
#
# PGSQL_OPT		

##NAME: PGSQL_DATABASE:0
#
# The name of the PostgreSQL database we will open:

PGSQL_DATABASE		template1

##NAME: PGSQL_CHARACTER_SET:0
#
# Optionally install a character set mapping. Restart authdaemond, send a test
# query using authtest and check for error messages in syslog/maillog.
#
# PGSQL_CHARACTER_SET	UTF8

##NAME: PGSQL_USER_TABLE:0
#
# The name of the table containing your user data.  See README.authmysqlrc
# for the required fields in this table (both MySQL and Postgress use the
# same suggested layout.

PGSQL_USER_TABLE	passwd

##NAME: PGSQL_CRYPT_PWFIELD:0
#
# Either PGSQL_CRYPT_PWFIELD or PGSQL_CLEAR_PWFIELD must be defined.  Both
# are OK too. crypted passwords go into PGSQL_CRYPT_PWFIELD, cleartext
# passwords go into PGSQL_CLEAR_PWFIELD.  Cleartext passwords allow
# CRAM-MD5 authentication to be implemented.

PGSQL_CRYPT_PWFIELD	crypt

##NAME: PGSQL_CLEAR_PWFIELD:0
#
#
# PGSQL_CLEAR_PWFIELD	clear

##NAME: PGSQL_DEFAULT_DOMAIN:0
#
# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
# we will look up 'user@DEFAULT_DOMAIN' instead.
#
#
# DEFAULT_DOMAIN		example.com

##NAME: PGSQL_UID_FIELD:0
#
# Other fields in the mysql table:
#
# PGSQL_UID_FIELD - contains the numerical userid of the account
#
PGSQL_UID_FIELD		uid

##NAME: PGSQL_GID_FIELD:0
#
# Numerical groupid of the account

PGSQL_GID_FIELD		gid

##NAME: PGSQL_LOGIN_FIELD:0
#
# The login id, default is id.  Basically the query is:
#
#  SELECT PGSQL_UID_FIELD, PGSQL_GID_FIELD, ... WHERE id='loginid'
#

PGSQL_LOGIN_FIELD	id

##NAME: PGSQL_HOME_FIELD:0
#

PGSQL_HOME_FIELD	home

##NAME: PGSQL_NAME_FIELD:0
#
# The user's name (optional)

PGSQL_NAME_FIELD	name

##NAME: PGSQL_MAILDIR_FIELD:0
#
# This is an optional field, and can be used to specify an arbitrary
# location of the maildir for the account, which normally defaults to
# $HOME/Maildir (where $HOME is read from PGSQL_HOME_FIELD).
#
# You still need to provide a PGSQL_HOME_FIELD, even if you uncomment this
# out.
#
# PGSQL_MAILDIR_FIELD	maildir

##NAME: PGSQL_DEFAULTDELIVERY:0
#
# Courier mail server only: optional field specifies custom mail delivery
# instructions for this account (if defined) -- essentially overrides
# DEFAULTDELIVERY from ${sysconfdir}/courierd
#
# PGSQL_DEFAULTDELIVERY defaultDelivery

##NAME: PGSQL_QUOTA_FIELD:0
#
# Define PGSQL_QUOTA_FIELD to be the name of the field that can optionally
# specify a maildir quota.  See README.maildirquota for more information 
#
# PGSQL_QUOTA_FIELD	quota

##NAME: PGSQL_AUXOPTIONS:0
#
# Auxiliary options.  The PGSQL_AUXOPTIONS field should be a char field that
# contains a single string consisting of comma-separated "ATTRIBUTE=NAME"
# pairs.  These names are additional attributes that define various per-account
# "options", as given in  INSTALL's description of the "Account OPTIONS"
# setting.
#
# PGSQL_AUXOPTIONS_FIELD	auxoptions
#
# You might want to try something like this, if you'd like to use a bunch
# of individual fields, instead of a single text blob:
#
# PGSQL_AUXOPTIONS_FIELD	'disableimap=' || disableimap || ',disablepop3=' || disablepop3 || ',disablewebmail=' || disablewebmail || ',sharedgroup=' || sharedgroup
#
# This will let you define fields called "disableimap", etc, with the end result
# being something that the OPTIONS parser understands.

##NAME: PGSQL_WHERE_CLAUSE:0
#
# This is optional, PGSQL_WHERE_CLAUSE can be basically set to an arbitrary
# fixed string that is appended to the WHERE clause of our query
#
# PGSQL_WHERE_CLAUSE	server='mailhost.example.com'

##NAME: PGSQL_SELECT_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, PGSQL_SELECT_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do a SELECT operation on database, which should return fields
# in order specified bellow:
#
# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options
#
# Enabling this option causes ignorance of any other field-related
# options, excluding default domain.
#
# There are two variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. These variables are:
#	 	$(local_part), $(domain), and $(service)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
#
# $(service) will expand out to the service being authenticated: imap, imaps,
# pop3 or pop3s.  Courier mail server only: service will also expand out to
# "courier", when searching for local mail account's location.  In this case,
# if the "maildir" field is not empty it will be used in place of
# DEFAULTDELIVERY.  Courier mail server will also use esmtp when doing
# authenticated ESMTP.
#
# This example is a little bit modified adaptation of vmail-sql
# database scheme:
#
# PGSQL_SELECT_CLAUSE	SELECT popbox.local_part,			\
#			'{MD5}' || popbox.password_hash,		\
#			popbox.clearpw,					\
#			domain.uid,					\
#			domain.gid,					\
#			domain.path || '/' || popbox.mbox_name),	\
#			'',						\
#			domain.quota,					\
#			'',						\
#			FROM popbox, domain				\
#			WHERE popbox.local_part = '$(local_part)'	\
#			AND popbox.domain_name = '$(domain)'		\
#			AND popbox.domain_name = domain.domain_name


##NAME: PGSQL_ENUMERATE_CLAUSE:1
#
# {EXPERIMENTAL}
# Optional custom SQL query used to enumerate accounts for authenumerate,
# in order to compile a list of accounts for shared folders.  The query
# should return the following fields: name, uid, gid, homedir, maildir, options
#
# Example:
# PGSQL_ENUMERATE_CLAUSE	SELECT popbox.local_part || '@' || popbox.domain_name,	\
#			domain.uid,					\
#			domain.gid,					\
#			domain.path || '/' || popbox.mbox_name,		\
#			'',						\
#			'sharedgroup=' || sharedgroup			\
#			FROM popbox, domain				\
#			WHERE popbox.local_part = '$(local_part)'	\
#			AND popbox.domain_name = '$(domain)'		\
#			AND popbox.domain_name = domain.domain_name


##NAME: PGSQL_CHPASS_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, PGSQL_CHPASS_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do an UPDATE operation on database. In other words, it is
# used, when changing password.
#
# There are four variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. There variables are:
# 	$(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
# $(newpass) contains plain password
# $(newpass_crypt) contains its crypted form
#
# PGSQL_CHPASS_CLAUSE	UPDATE	popbox					\
#			SET	clearpw='$(newpass)',			\
#				password_hash='$(newpass_crypt)'	\
#			WHERE	local_part='$(local_part)'		\
#			AND	domain_name='$(domain)'
#
Commit	Line	Data
8d138742	1	##VERSION: $Id: authpgsqlrc,v 1.13 2008/12/18 12:08:25 mrsam Exp $
d9898ee8	2	#
	3	# Copyright 2000-2004 Double Precision, Inc. See COPYING for
	4	# distribution information.
	5	#
	6	# Do not alter lines that begin with ##, they are used when upgrading
	7	# this configuration.
	8	#
	9	# authpgsqlrc created from authpgsqlrc.dist by sysconftool
	10	#
	11	# DO NOT INSTALL THIS FILE with world read permissions. This file
	12	# might contain the PostgreSQL admin password!
	13	#
	14	# Each line in this file must follow the following format:
	15	#
	16	# field[spaces\|tabs]value
	17	#
	18	# That is, the name of the field, followed by spaces or tabs, followed by
	19	# field value. Trailing spaces are prohibited.
	20
	21
	22	##NAME: LOCATION:0
	23	#
	24	# The server hostname, port, userid, and password used to log in.
	25	#
	26	# To connect to a filesystem socket, delete PGSQL_HOST, and set PGSQL_PORT to
	27	# the socket's last component. So, if your pg socket is /tmp/.s.PGSQL.5400
	28	# set PGSQL_PORT to 5400.
	29
	30	PGSQL_HOST pgsql.example.com
	31	PGSQL_PORT 5400
	32	PGSQL_USERNAME admin
	33	PGSQL_PASSWORD admin
	34
	35
	36	##NAME: PGSQL_OPT:0
	37	#
	38	# PGSQL_OPT specifies the connection debug options to PQsetdbLogin().
	39	# Don't bother with this setting unless you know what you're doing
	40	#
	41	# PGSQL_OPT
	42
	43	##NAME: PGSQL_DATABASE:0
	44	#
	45	# The name of the PostgreSQL database we will open:
	46
	47	PGSQL_DATABASE template1
	48
8d138742 CE	49	##NAME: PGSQL_CHARACTER_SET:0
	50	#
	51	# Optionally install a character set mapping. Restart authdaemond, send a test
	52	# query using authtest and check for error messages in syslog/maillog.
	53	#
	54	# PGSQL_CHARACTER_SET UTF8
	55
d9898ee8	56	##NAME: PGSQL_USER_TABLE:0
	57	#
	58	# The name of the table containing your user data. See README.authmysqlrc
	59	# for the required fields in this table (both MySQL and Postgress use the
	60	# same suggested layout.
	61
	62	PGSQL_USER_TABLE passwd
	63
	64	##NAME: PGSQL_CRYPT_PWFIELD:0
	65	#
	66	# Either PGSQL_CRYPT_PWFIELD or PGSQL_CLEAR_PWFIELD must be defined. Both
	67	# are OK too. crypted passwords go into PGSQL_CRYPT_PWFIELD, cleartext
	68	# passwords go into PGSQL_CLEAR_PWFIELD. Cleartext passwords allow
	69	# CRAM-MD5 authentication to be implemented.
	70
	71	PGSQL_CRYPT_PWFIELD crypt
	72
	73	##NAME: PGSQL_CLEAR_PWFIELD:0
	74	#
	75	#
	76	# PGSQL_CLEAR_PWFIELD clear
	77
	78	##NAME: PGSQL_DEFAULT_DOMAIN:0
	79	#
	80	# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
	81	# we will look up 'user@DEFAULT_DOMAIN' instead.
	82	#
	83	#
	84	# DEFAULT_DOMAIN example.com
	85
	86	##NAME: PGSQL_UID_FIELD:0
	87	#
	88	# Other fields in the mysql table:
	89	#
	90	# PGSQL_UID_FIELD - contains the numerical userid of the account
	91	#
	92	PGSQL_UID_FIELD uid
	93
	94	##NAME: PGSQL_GID_FIELD:0
	95	#
	96	# Numerical groupid of the account
	97
	98	PGSQL_GID_FIELD gid
	99
	100	##NAME: PGSQL_LOGIN_FIELD:0
	101	#
	102	# The login id, default is id. Basically the query is:
	103	#
	104	# SELECT PGSQL_UID_FIELD, PGSQL_GID_FIELD, ... WHERE id='loginid'
	105	#
	106
	107	PGSQL_LOGIN_FIELD id
	108
	109	##NAME: PGSQL_HOME_FIELD:0
	110	#
	111
	112	PGSQL_HOME_FIELD home
	113
	114	##NAME: PGSQL_NAME_FIELD:0
	115	#
	116	# The user's name (optional)
	117
	118	PGSQL_NAME_FIELD name
	119
120	##NAME: PGSQL_MAILDIR_FIELD:0
121	#
122	# This is an optional field, and can be used to specify an arbitrary
123	# location of the maildir for the account, which normally defaults to
124	# $HOME/Maildir (where $HOME is read from PGSQL_HOME_FIELD).
125	#
126	# You still need to provide a PGSQL_HOME_FIELD, even if you uncomment this
127	# out.
128	#
129	# PGSQL_MAILDIR_FIELD maildir
130
131	##NAME: PGSQL_DEFAULTDELIVERY:0
132	#
133	# Courier mail server only: optional field specifies custom mail delivery
134	# instructions for this account (if defined) -- essentially overrides
135	# DEFAULTDELIVERY from ${sysconfdir}/courierd
136	#
137	# PGSQL_DEFAULTDELIVERY defaultDelivery
138
139	##NAME: PGSQL_QUOTA_FIELD:0
140	#
141	# Define PGSQL_QUOTA_FIELD to be the name of the field that can optionally
142	# specify a maildir quota. See README.maildirquota for more information
143	#
144	# PGSQL_QUOTA_FIELD quota
145
146	##NAME: PGSQL_AUXOPTIONS:0
147	#
148	# Auxiliary options. The PGSQL_AUXOPTIONS field should be a char field that
149	# contains a single string consisting of comma-separated "ATTRIBUTE=NAME"
150	# pairs. These names are additional attributes that define various per-account
151	# "options", as given in INSTALL's description of the "Account OPTIONS"
152	# setting.
153	#
154	# PGSQL_AUXOPTIONS_FIELD auxoptions
155	#
156	# You might want to try something like this, if you'd like to use a bunch
157	# of individual fields, instead of a single text blob:
158	#
159	# PGSQL_AUXOPTIONS_FIELD 'disableimap=' \|\| disableimap \|\| ',disablepop3=' \|\| disablepop3 \|\| ',disablewebmail=' \|\| disablewebmail \|\| ',sharedgroup=' \|\| sharedgroup
160	#
161	# This will let you define fields called "disableimap", etc, with the end result
162	# being something that the OPTIONS parser understands.
163
164	##NAME: PGSQL_WHERE_CLAUSE:0
165	#
166	# This is optional, PGSQL_WHERE_CLAUSE can be basically set to an arbitrary
167	# fixed string that is appended to the WHERE clause of our query
168	#
169	# PGSQL_WHERE_CLAUSE server='mailhost.example.com'
170
171	##NAME: PGSQL_SELECT_CLAUSE:0
172	#
173	# (EXPERIMENTAL)
174	# This is optional, PGSQL_SELECT_CLAUSE can be set when you have a database,
175	# which is structuraly different from proposed. The fixed string will
176	# be used to do a SELECT operation on database, which should return fields
177	# in order specified bellow:
178	#
179	# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options
180	#
181	# Enabling this option causes ignorance of any other field-related
182	# options, excluding default domain.
183	#
184	# There are two variables, which you can use. Substitution will be made
185	# for them, so you can put entered username (local part) and domain name
186	# in the right place of your query. These variables are:
187	# $(local_part), $(domain), and $(service)
188	#
189	# If a $(domain) is empty (not given by the remote user) the default domain
190	# name is used in its place.
191	#
192	# $(service) will expand out to the service being authenticated: imap, imaps,
193	# pop3 or pop3s. Courier mail server only: service will also expand out to
194	# "courier", when searching for local mail account's location. In this case,
195	# if the "maildir" field is not empty it will be used in place of
196	# DEFAULTDELIVERY. Courier mail server will also use esmtp when doing
197	# authenticated ESMTP.
198	#
199	# This example is a little bit modified adaptation of vmail-sql
200	# database scheme:
201	#
202	# PGSQL_SELECT_CLAUSE SELECT popbox.local_part, \
203	# '{MD5}' \|\| popbox.password_hash, \
204	# popbox.clearpw, \
205	# domain.uid, \
206	# domain.gid, \
207	# domain.path \|\| '/' \|\| popbox.mbox_name), \
208	# '', \
209	# domain.quota, \
210	# '', \
211	# FROM popbox, domain \
212	# WHERE popbox.local_part = '$(local_part)' \
213	# AND popbox.domain_name = '$(domain)' \
214	# AND popbox.domain_name = domain.domain_name
215
216
217	##NAME: PGSQL_ENUMERATE_CLAUSE:1
218	#
219	# {EXPERIMENTAL}
220	# Optional custom SQL query used to enumerate accounts for authenumerate,
221	# in order to compile a list of accounts for shared folders. The query
222	# should return the following fields: name, uid, gid, homedir, maildir, options
223	#
224	# Example:
225	# PGSQL_ENUMERATE_CLAUSE SELECT popbox.local_part \|\| '@' \|\| popbox.domain_name, \
226	# domain.uid, \
227	# domain.gid, \
228	# domain.path \|\| '/' \|\| popbox.mbox_name, \
229	# '', \
230	# 'sharedgroup=' \|\| sharedgroup \
231	# FROM popbox, domain \
232	# WHERE popbox.local_part = '$(local_part)' \
233	# AND popbox.domain_name = '$(domain)' \
234	# AND popbox.domain_name = domain.domain_name
235
236
237	##NAME: PGSQL_CHPASS_CLAUSE:0
238	#
239	# (EXPERIMENTAL)
240	# This is optional, PGSQL_CHPASS_CLAUSE can be set when you have a database,
241	# which is structuraly different from proposed. The fixed string will
242	# be used to do an UPDATE operation on database. In other words, it is
243	# used, when changing password.
244	#
245	# There are four variables, which you can use. Substitution will be made
246	# for them, so you can put entered username (local part) and domain name
247	# in the right place of your query. There variables are:
248	# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
249	#
250	# If a $(domain) is empty (not given by the remote user) the default domain
251	# name is used in its place.
252	# $(newpass) contains plain password
253	# $(newpass_crypt) contains its crypted form
254	#
255	# PGSQL_CHPASS_CLAUSE UPDATE popbox \
256	# SET clearpw='$(newpass)', \
257	# password_hash='$(newpass_crypt)' \
258	# WHERE local_part='$(local_part)' \
259	# AND domain_name='$(domain)'
260	#