Hi Tobi,

you need to process lt.attrs in a loop. It's not a real Lua table, it's a user data pretending to be a table, so # doesn't work.

For example:

for k, v in pairs(lt.attrs) do

if ((k == "accountStatus") and (v == "blocked"))

then

return -1, "accountStatus blocked", "accountStatus blocked", {}

end

For examples of almost anything you can do in wforce.conf, including the above, please read the wforce.conf man page. It's really very thorough.

Neil

On 22 May 2019 13:53 Tobi < tobisworld@gmail.com> wrote:

Hi Neil

thanks for the hint with the dovecot config, adding this and I can see that

... attrs={local_ip="XX.XX.XX.XX"} ...

is now logged by wforce daemon. Then I tried to access that value from

wforce with the following testcode

if (#lt.attrs > 0)

then

return 7, "ip_local", "ip_local", { test=test }

end

but even if attrs are set (according to wforce logs), the code above

does not go into if condition. What is the proper way to access the attrs?

Thanks for your help and have a good one

--

tobi

Am 22.05.19 um 11:53 schrieb Neil Cook:

From dovecot, you can add any additional attributes you like using the auth_policy_request_attributes configuration setting, e.g.

By default in 2.3.1 this looks like:

login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s

But you can add additional parameters:

login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s attrs/local_ip=%{lip}

The above will add the local dovecot IP address to the attrs, which can then be accessed from wforce policy,

Neil

On 22 May 2019, at 07:56, Tobi via dovecot < dovecot@dovecot.org> wrote:

>> Hi

>>

>> I wonder if the information about the origin of report or allow can be

>> accessed somehow. lt.remote gives the IP of the client trying to login

>> but is there anything in lt which gives the ip of the system that

>> connects to wforced?

>>

>> Thanks and have a good one

>>

>> --

>>

>> tobi

Neil Cook

neil.cook@open-xchange.com

-------------------------------------------------------------------------------------

Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court Nuremberg HRB 24738

Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael Knapstein, Stephan Martin

Chairman of the Board: Richard Seibt

European Office:

Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718

Managing Director: Frank Hoberg

US Office:

Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA

-------------------------------------------------------------------------------------

-- 

kind regards,
Neil Cook
Chief Security Architect

Phone: +44 774 7012545
Email: neil.cook@open-xchange.com
-------------------------------------------------------------------------------------
Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court Nuremberg HRB 24738
Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael Knapstein, Stephan Martin 
Chairman of the Board: Richard Seibt

European Office: 
Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718 
Managing Director: Frank Hoberg

US Office: 
Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA 
-------------------------------------------------------------------------------------