System command

auth.external module for authentication using external helper binary. It looks for binary named maddy-auth-helper in $PATH and libexecdir and uses it for authentication using username/password pair.

The protocol is very simple: Program is launched for each authentication. Username and password are written to stdin, adding \n to the end. If binary exits with 0 status code - authentication is considered successful. If the status code is 1 - authentication is failed. If the status code is 2 - another unrelated error has happened. Additional information should be written to stderr.

auth.external {
    helper /usr/bin/ldap-helper
    perdomain no

Configuration directives

helper file_path

Location of the helper binary.

perdomain boolean

Default: no

Don't remove domain part of username when authenticating and require it to be present. Can be used if you want user@domain1 and user@domain2 to be different accounts.

domains domains...

Default: not specified

Domains that should be allowed in username during authentication.

For example, if 'domains' is set to "domain1 domain2", then username, username@domain1 and username@domain2 will be accepted as valid login name in addition to just username.

If used without 'perdomain', domain part will be removed from login before check with underlying auth. mechanism. If 'perdomain' is set, then domains must be also set and domain part will not be removed before check.