[Dovecot] Problem with Prefetch User Database

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 21 Mar 2013, megodin at inboxalias.com wrote:

>        > Dovecot only sees the PAM-authentication part)
>>
>>
>> PAM does not return userdb-relevant information. You cannot use
>> userdb
>> prefetch.
>>
>> You could switch to first ask a ldap passdb and then, for users that
>> have
>> another password in LDAP, pam.
>
> I use PAM because of the easyness of blocking specific validated users - you can just add/remove them in a plain text file. Easy administration will be necessary because of the planned huge amount of users on the system (28.000), and sometimes blocking a user is highly time-dependent (e.g. if one answers to a phising mail and sending out his credentials which are then abused for sending spam).
>
> I would go over LDAP if there is an equivalent easy way to solve this over LDAP (easy blocking out users by e.g editing a plain text file) - is there any?

Ah:

http://wiki2.dovecot.org/Authentication/RestrictAccess?highlight=(deny)

check out section about passwd-file

Other alternative:
Add into your passdb LDAP filter:

(&(..)(!(dovecotUserDenied=*)))

Then add the attribute dovecotUserDenied with any content to deny that 
user.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUUwzOl3r2wJMiz2NAQJdeggAhxDhio9AUqDomoyjnRg6F2akRq26tFvL
4bG2O4qASIWEyAv232vU5zUX7/EmKWoGbBw6T/Ep3NVrzLNCPzxXi6aMjcd18ZsH
z65bk/cgrwFzMjWXacQ+L//clmXSb7buZp6DiMTMfVWMWv5TkJa0u6fio9PQlTGT
Fmi4RBnCozwK8SaiEZmXW6fd+Tdjy60NUk80huIngwviwaAnC3EFrv2IO6nCFbOJ
PmFbxRDMD0j9+5Vbudea2ZmzYSpLOPzk1kCVFNrGVzAT2dtrishmnc2kv90FkbDt
jJN/MUyCIL//zELDY3N73vjaDzpb+RQrp3eUfovS6xApbaGN1rtWqA==
=2a5e
-----END PGP SIGNATURE-----