Hi,

we are using dovecot --version: 2.3.9.3 (9f41b88fa) with LDAP integration

Just discovered the the config which was working for a while is not working now. (we are constantly upgrading dovecot). we have smtp/imap/pop3/sieveEnabled field in our LDAP directory to control which user is able to use witch services. The pass filter was used for control the usage for years now with %LsEnabled filter (see below at config dump) We just discovered that this filter is not working anymore! We not even see any pass_filter queries in LDAP. We see user_filter queries but no pass_filter queries. Did we miss something in the changelog?

*LDAP configuration:* grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext uris = ldap://ldap.services/ dn = cn=administrator,dc=top dnpass = ************ debug_level = 1 auth_bind = yes auth_bind_userdn = mail=%u,ou=service_mail,dc=top ldap_version = 3 base = ou=service_mail,dc=top deref = never scope = subtree user_attrs = mailQuota=quota_rule=*:bytes=%$,mailLocation=mail user_filter = (&(objectClass=customMail)(!(mailEnabled=FALSE))(mail=%u)) pass_attrs = =user=%{ldap:mail} pass_filter = (&(objectClass=customMail)(!(mailEnabled=FALSE))(mail=%u)(%LsEnabled=TRUE)) iterate_attrs = mail=user iterate_filter = (objectClass=demonMail) default_pass_scheme = SSHA

*Dovecot main config:* dovecot -n # 2.3.9.3 (9f41b88fa): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.9 (db4e9a2f) # OS: Linux 4.19.87-1.ph3-esx x86_64 xfs # Hostname: 26feef366ef9 auth_cache_negative_ttl = 1 mins auth_cache_size = 10 M auth_cache_ttl = 1 mins auth_debug = yes auth_master_user_separator = * auth_mechanisms = login plain auth_verbose = yes default_vsz_limit = 512 M disable_plaintext_auth = no doveadm_api_key = # hidden, use -P to show it first_valid_gid = 901 first_valid_uid = 901 hostname = mail.****.** imap_client_workarounds = tb-extra-mailbox-sep imapc_features = rfc822.size fetch-headers imapc_host = x.x.x.x imapc_master_user = masteruser imapc_password = # hidden, use -P to show it imapc_user = %u last_valid_gid = 901 last_valid_uid = 901 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_gid = 901 mail_home = /vmail/%d/%n/ mail_location = maildir:/vmail/%d/%n/ mail_plugins = " quota zlib trash fts fts_solr" mail_prefetch_count = 20 mail_privileged_group = mail mail_uid = 901 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes } passdb { args = /etc/dovecot/dovecot-ldap-userdb.conf.ext driver = ldap } plugin { fts = solr fts_autoindex = yes fts_solr = url=http://hostname:8983/solr/dovecot/ quota = dict:user::file:/vmail/%d/%n/dovecot.quota quota_exceeded_message = The quota of the recipient is full, please try it again later sieve = /vmail/%d/%n/dovecot.sieve sieve_dir = /vmail/.sieve/%u sieve_max_redirects = 20 trash = /etc/dovecot/dovecot-trash.conf.ext zlib_save = gz zlib_save_level = 6 } pop3_client_workarounds = outlook-no-nuls postmaster_address = postmaster@hostname.com protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service doveadm { inet_listener http { port = 8099 } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 4 service_count = 0 vsz_limit = 2 G } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service stats { unix_listener stats-reader { group = mail mode = 0666 user = } unix_listener stats-writer { group = mail mode = 0666 user = } } ssl_ca =

Regards Balazs