config: dict.md - Update to config-rewrite

mbettini-ox · mbettini-ox · commit 4268c0f1a371 · 2024-12-12T11:10:45.000Z
diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
@@ -53,6 +53,7 @@ backported
 badpassword
 bantime
 barfoo
+Basedn
 bayes
 bcc
 benumber
@@ -270,12 +271,10 @@ hdr
 hendrik
 hexblob
 hexlify
-hexuc
 hhmm
 highestmodseq
 HIGHESTPVTMODSEQ
 Hopmann
-hostaddr
 hostdomain
 hostip
 howto
@@ -358,6 +357,7 @@ lda
 ldapi
 ldapmodify
 ldaps
+ldaptest
 LDFLAGS
 ldif
 leastconn
@@ -532,7 +532,6 @@ NOCHILDREN
 nodelay
 nodeps
 NOINFERIORS
-noiv
 nolock
 nologin
 nonindexable
@@ -580,8 +579,8 @@ opie
 opsec
 optboolean
 optname
-orcpt
 OR'ing
+orcpt
 ORing
 OSFILE
 otherinstance
@@ -642,7 +641,6 @@ qmail
 qmgr
 QQACg
 qresync
-qwerty
 rampup
 randkey
 randomfail
@@ -666,7 +664,6 @@ resolv
 restorecon
 resyncing
 rfcs
-RHu
 Roskakori
 roundcube
 roundrobin
@@ -731,7 +728,6 @@ socketpath
 solib
 solrcloud
 solrconfig
-somedict
 sourceforge
 sourceuser
 sourceware
@@ -799,6 +795,7 @@ tempdisabled
 tempfail
 tempfailing
 terabyte
+testadmin
 testdomain
 testmbox
 testpass
@@ -913,11 +910,9 @@ wikis
 winbind
 wso
 xapian
-XBAR
 xchange
 xclient
 Xes
-XFOO
 xfs
 xoauth
 XRCPTFORWARD
diff --git a/docs/core/config/dict.md b/docs/core/config/dict.md
@@ -81,51 +81,60 @@ See [[link,auth_ldap]].
 
 ::: code-group
 ```[dovecot.conf]
-dict_legacy {
-  somedict = ldap:/path/to/dovecot-ldap-dict.conf.ext
+dict_server {
+  dict ldap {
+    driver = ldap
+    ldap_uris = ldap://{{LDAPHOST}}
+    ldap_auth_dn = uid=testadmin,cn=users,dc=dovecot,dc=net
+    ldap_auth_dn_password = testadmin
+    ldap_timeout_secs = 5
+    ldap_base = dc=dovecot,dc=net
+    ldap_starttls = no
+    ssl_client_require_valid_cert = no
+
+    dict_map priv/test/home {
+      ldap_filter = (&(homeDirectory=*)(uid=%{user}))
+      value = %{ldap:homeDirectory}
+    }
+  }
 }
 ```
 :::
 
-#### LDAP Parameters
-
-| Parameter | Required | Description |
-| --------- | -------- | ----------- |
-| `uri` | **YES**  | LDAP connection URI as expected by OpenLDAP. |
-| `bind_dn` | NO | DN or upn to use for binding. (default: none) |
-| `debug` | NO | Enable debug. `0` = off (default), `1` = on. |
-| `password` | NO | Password to use, only SIMPLE auth is supported at the moment. (default: none) |
-| `timeout` | NO | How long to wait for reply, in seconds. (default:30 seconds) |
-| `max_idle_time` | NO | Disconnect from LDAP server after connection has been idle for this many seconds. (default: never) |
-| `tls` | NO | Use TLS?<br/>`yes`: Require either ldaps or successful start TLS<br/> `try`: Send start TLS if necessary (default)<br/> `no`:  Do not send start TLS. |
+#### LDAP Settings
+
+| Parameter | Mandatory | Description |
+| --------- | --------- | ----------- |
+| `ldap_uris` | **YES**  | LDAP connection URI as expected by OpenLDAP. |
+| `ldap_auth_dn` | NO | DN or upn to use for binding. |
+| `ldap_auth_dn_password`  | NO | Password to use, only SIMPLE auth is supported at the moment. |
+| `ldap_timeout` | NO | How long to wait for reply, in seconds. (default:30 seconds) |
+| `ldap_max_idle_time` | NO | Disconnect from LDAP server after connection has been idle for this many seconds. |
+| `ldap_debug_level` | NO | Enable debug. `0` = off, `1` = on. |
+| `ldap_starttls` | NO | Causes starttls on a cleartext ldap channel |
+| `ldap_base` | NO | Basedn for the search |
+| `ldap_scope` | NO | Scope of the search |
+| `ldap_filter` | YES | The ldap filter to use |
+| `dict_map_value` |  YES | The value to be returned. |
+| `dict_map_pattern` | NO | The pattern for the attribute. Defaults to the filter name. |
 
 #### Examples
 
 To map a key to a search:
-
 ```
-map {
-  pattern = priv/test/mail
-  filter = (mail=*)  # the () is required
-  base_dn = ou=container,dc=domain
-  username_attribute = uid # default is cn
-  value_attribute = mail
+dict_map priv/test/mail {
+  ldap_filter = (&(uid=%{user})(mail=*))
+  ldap_base = ou=container,dc=domain
+  value = %{ldap:mail}
 }
 ```
 
 To do a more complex search:
-
 ```
-map {
-  pattern = priv/test/mail/$location
-  filter = (&(mail=*)(location=%{location}) # the () is required
-  base_dn = ou=container,dc=domain
-  username_attribute = uid # default is cn
-  value_attribute = mail
-
-  fields {
-    location=$location
-  }
+dict_map priv/test/mail/$location {
+  ldap_filter = (&(uid=%{user})(mail=*)(uid=%{pattern:location}))
+  ldap_base = ou=container,dc=domain
+  value = %{ldap:mail}
 }
 ```
 
