Hello,
I am using Dovecot with an LDAP-backend for authentication.
According to the documentation at https://wiki.dovecot.org/Authentication/RestrictAccess with LDAP and "pass_filter" it is possible to filter allowed services for the user with:
pass_filter = (&(objectClass=posixAccount)(uid=%u)(service=%s))
Thats pretty cool. Now, in the LDAP-settings I created corresponding fields (service) and added the allowed services to tthese fields (imap, pop3, etc.). After that change, certain services were not available to that user anymore. So it seems that more services are there and after explicitly setting the services which are allowed, the other, not mentioned services stop to work.
Now two questions:
Is there any documented, full-featured list of the services that can be added?
Is it possible to "flip" that setting so its not allowing certain services but denying the ones that are added to the "service"-fields?
Cheers