Hi,
I am trying to implement a dict lookup for disabled accounts, where both the passdb lookup and the disabled lookup is done in the same passdb. I was hoping that this configuration would work:
passdb { name = redis driver = dict args = /etc/dovecot/dovecot-redis.conf.ext }
uri = redis:host=127.0.0.1
key disabled { key = users/%u/disabled/%s format = value default_value = }
key user { key = users/%u format = json }
passdb_objects = user
passdb_fields { fail = %{dict:disabled} }
Unfortunately, this will always set the fail passdb_field regardless of whether the disabled key returns its empty default_value. Removing the default_value setting will cause the passdb lookup to fail if key lookup fails, as mentioned in the documentation.
Is there a way to have the dict driver handle redis nil values similarly to how the sql driver handles NULL values?
A working alternative I found is to set an invalid password if the disabled key is set:
passdb_fields { password = %{if;%{dict:disabled};eq;;%{dict:user.password};} }
However, this feels hacky. It also makes the auth-worker to log the following error (despite it being functional):
dovecot: auth-worker(16229): Error: redis(test,127.0.0.1,<Kd3zJDOdfs1/AAAB>): Multiple password values not supported
Any other suggestions, or should I simply fall back to using a separate passdb with deny=yes?
Best regards, Eirik