Timo Sirainen schreef:
On Fri, 2007-11-23 at 16:12 +0100, Marc Cuypers wrote:
Some of the mail users may only login from the LAN, while others can login from the LAN and the internet.
I've read about allow_nets but i can't find very much info when dovecot is used with ldap. Can someone give me a direction (url, configuration file, ...).
You'll have to store the allow_nets field to LDAP using some name and tell Dovecot to use it in pass_attrs. On LDAP side you probably need some special schema (don't ask me about that) or you need to use some other existing field for that purpose.
pass_attrs anyway goes something like:
pass_attrs = uid=user,userPassword=password,someField=allow_nets
I already added the field allownets to the ldap database. Then i compiled dovecot 1.0.7 on a test machine and set dovecot up to use ldap. # dovecot --version 1.0.7
The LAN is using the addresses in the range 10.0.0.0/24. The test machine (server) is 10.0.0.224 and the client is 10.0.0.110 Even when allow_nets contains 127.0.0.1/8, 192.168.1.0/24, i get access. With this setting I thought i only could login from 127.0.0.1 and from the network 192.168.1.0/24.
Hereunder the logs and de configuration files.
<dovecot.log> dovecot: 2007-11-27 09:04:14 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP secured lip=10.0.0.224 rip=10.0.0.110 dovecot: 2007-11-27 09:04:14 Info: auth(default): client out: CONT 1 dovecot: 2007-11-27 09:04:14 Info: auth(default): client in: CONT<hidden> dovecot: 2007-11-27 09:04:14 Info: auth(default): ldap(marc,10.0.0.110): bind: dn=uid=marc,ou=accounts,ou=people,dc=mgvd,dc=be dovecot: 2007-11-27 09:04:14 Info: auth(default): client out: OK 1 user=marc dovecot: 2007-11-27 09:04:14 Info: auth(default): master in: REQUEST 3 14412 1 dovecot: 2007-11-27 09:04:14 Info: auth(default): ldap(marc,10.0.0.110): user search: base=ou=accounts,ou=people,dc=mgvd,dc=be scope=subtree filter=(&(objectClass=postfixmail)(uid=marc)) fields=allownets dovecot: 2007-11-27 09:04:15 Info: auth(default): master out: USER 3 marc allow_nets=127.0.0.1/8, 192.168.1.1 uid=5001 gid=5002 dovecot: 2007-11-27 09:04:15 Info: imap-login: Login: user=<marc>, method=PLAIN, rip=10.0.0.110, lip=10.0.0.224, TLS dovecot: 2007-11-27 09:04:15 Info: auth(default): new auth connection: pid=14463 </dovecot.log>
Configuration files used
<dovecot.conf> protocols = imaps log_path = /var/log/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/home/mail/%u/Maildir mail_extra_groups = mail protocol imap { }
protocol pop3 { pop3_uidl_format = %08Xu%08Xv } auth_debug = yes auth default { mechanisms = plain login passdb ldap { args = /etc/dovecot/dovecot-ldap.conf }
userdb ldap { args = /etc/dovecot/dovecot-ldap.conf } user = root socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } } dict { } plugin { } </dovecot.conf>
<dovecot-ldap.conf> hosts = 127.0.0.1 dn=cn=manager,dc=mgvd,dc=be dnpass = <password> auth_bind = no auth_bind_userdn = uid=%u,ou=accounts,ou=people,dc=mgvd,dc=be base = ou=accounts,ou=people,dc=mgvd,dc=be scope = subtree user_attrs = allownets=allow_nets user_filter = (&(objectClass=postfixmail)(uid=%u)) pass_attrs = uid=user,userPassword=password,allownets=allow_nets pass_filter = (&(objectClass=postfixmail)(uid=%u)) user_global_uid = 5001 user_global_gid = 5002 </dovecot-ldap.conf>
-- Marc