Dear Steffen,
Finally managed to test your suggestions ...
Am 2014-07-31 09:11, schrieb Steffen Kaiser:
On Thu, 31 Jul 2014, Steffen Kaiser wrote:
How about adding another userdb { driver = passwd-file args = /.../%s/file } as the first one, which disables the access to the one user's mail storage currently migrated. %s would be lmtp, imap, pop3 and doveadm, IMHO. Make sure, doveadm sees no user in this userdb, but the others do, e.g. symlink the appropriate files and keep /.../doveadm/file zero-length, in order to fall back to LDAP always.
I tried that now and did not get any useful results; meaning that I did not manage to block a user from using any of the services.
While imap acknowledges finding the user in said file, lmtp doesn't even bother to look there. Both services however continue to work. I tried various return values for the userdb lookup but lmtp just seems to ignore everything.
imap can be disabled easily by means of a passdb that has deny = yes set.
This is really starting to drive me mad ...
a) Besides the %s-way, there must be a way to have doveadm override the settings in:
userdb { driver = passwd-file args = /.../file }
in the line of: doveadm -o userdb[*]/args=/dev/null ....
Quite frankly I don't fully understand what you mean by this.
Maybe, you need not no other userdb, but you can make use of %s in your LDAP userdb - filter, e.g.
user_filter = (&(objectClass=posixAccount)(uid=%u)(!(deniedService=%Ls)))
Didn't try that one since I figure if passwd-file does not work why should LDAP work?
Thanks for your suggestions anyway :)
Cheers,
j.hofmüller
We are all idiots with deadlines. - Mike West