disable imap for ldap user
hi there,
I have a LDAP dir with an attribute set to 0 or 1 and in my old setup (a courier server) I used this attribute to map it to an authoption called disableimap. This prevent users to access the mailbox with imap protocol.
So the question is what should I set in dovecot to get the same behaviour? I looked at the docs but the part with the pass_ilter and service doesn't really fit.
Some advice would be appreciated
regards
-- Markus Rosjat fon: +49 351 8107223 mail: rosjat@ghweb.de
G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden
http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227
Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
On 08.09.2017 17:11, Markus Rosjat wrote:
I have a LDAP dir with an attribute set to 0 or 1 and in my old setup (a courier server) I used this attribute to map it to an authoption called disableimap. This prevent users to access the mailbox with imap protocol.
So the question is what should I set in dovecot to get the same behaviour?
You can configure 'pass_filter' to discount entries with your disable- flag. Affected users won't be able to authenticate with Dovecot, which I assume is what you are trying to achieve.
-Ralph
no this is not the intented behaviour for thsi attribute.
In general every user can use pop3 but only a few can use imap so what I want is:
- permit pop3 by default
- check if the attribute is 0 or 1
- depending on the result a user can login with imap protocol
regards
Markus
Am 08.09.2017 um 17:59 schrieb Ralph Seichter:
On 08.09.2017 17:11, Markus Rosjat wrote:
I have a LDAP dir with an attribute set to 0 or 1 and in my old setup (a courier server) I used this attribute to map it to an authoption called disableimap. This prevent users to access the mailbox with imap protocol.
So the question is what should I set in dovecot to get the same behaviour?
You can configure 'pass_filter' to discount entries with your disable- flag. Affected users won't be able to authenticate with Dovecot, which I assume is what you are trying to achieve.
-Ralph
-- Markus Rosjat fon: +49 351 8107223 mail: rosjat@ghweb.de
G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden
http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227
Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 9 Sep 2017, Markus Rosjat wrote:
In general every user can use pop3 but only a few can use imap so what I want is:
- permit pop3 by default
- check if the attribute is 0 or 1
- depending on the result a user can login with imap protocol
What's the name of the attribute? Maybe you can use %s in the the pass_filter string. If the name does not contain "imap", you need to change the logic, e.g. invent a general LDAP attribute deniedService and set deniedServer=imap
Or AllowedService=imap allowedService=pop3 Or DeniedIMAP=1
Am 08.09.2017 um 17:59 schrieb Ralph Seichter:
On 08.09.2017 17:11, Markus Rosjat wrote:
I have a LDAP dir with an attribute set to 0 or 1 and in my old setup (a courier server) I used this attribute to map it to an authoption called disableimap. This prevent users to access the mailbox with imap protocol.
So the question is what should I set in dovecot to get the same behaviour?
You can configure 'pass_filter' to discount entries with your disable- flag. Affected users won't be able to authenticate with Dovecot, which I assume is what you are trying to achieve.
-Ralph
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWbkpYHz1H7kL/d9rAQJ8kwgAo2PMSAmZ4fwld7Qw9Cw+2Htq42CbaRPK 8qtJTy61lF++VSGrsfy3ed4DGuaDrWM1IFo3/BifJusdjAgCxQqKQFV6J29HvyNa SCeF5BHTvgC4owMXt5HGrdIIU872oKI8vHCkmO3i8dwuWZTg5t+QO/iKLI3yGUa7 6D1pEqydGOU1KXYO/KxjHmYWvZ7Iv8Mt3eJ6yucC1xtxPVGRD+6gOZn12p3d/srb ZGYqXyaQ0UQXV+8skQTMCrr+YbNxjN6aSxZOIcDxLjCVeJrnBCe5KJaLp+MU35Z8 yiWmF+dVByX3RxzmPiuRLEoMpiTEOfr2jzSwzzdiTVt5ViGekIwZ6g== =rlq8 -----END PGP SIGNATURE-----
Hi steffen,
my arg is telexNumber and I basically use it the wrong way here but I have to migrate some stuff and before I start to invent things I like to try to set it up like before. In courier you could define that a given arg from LDAP sets the option disableimap to 1 or 0 so I was looking for a way to do that in dovecot.
Am 13.09.2017 um 14:49 schrieb Steffen Kaiser:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 9 Sep 2017, Markus Rosjat wrote:
In general every user can use pop3 but only a few can use imap so what I want is:
- permit pop3 by default
- check if the attribute is 0 or 1
- depending on the result a user can login with imap protocol
What's the name of the attribute? Maybe you can use %s in the the pass_filter string. If the name does not contain "imap", you need to change the logic, e.g. invent a general LDAP attribute deniedService and set deniedServer=imap
Or AllowedService=imap allowedService=pop3 Or DeniedIMAP=1
Am 08.09.2017 um 17:59 schrieb Ralph Seichter:
On 08.09.2017 17:11, Markus Rosjat wrote:
I have a LDAP dir with an attribute set to 0 or 1 and in my old setup (a courier server) I used this attribute to map it to an authoption called disableimap. This prevent users to access the mailbox with imap protocol.
So the question is what should I set in dovecot to get the same behaviour?
You can configure 'pass_filter' to discount entries with your disable- flag. Affected users won't be able to authenticate with Dovecot, which I assume is what you are trying to achieve.
-Ralph
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWbkpYHz1H7kL/d9rAQJ8kwgAo2PMSAmZ4fwld7Qw9Cw+2Htq42CbaRPK 8qtJTy61lF++VSGrsfy3ed4DGuaDrWM1IFo3/BifJusdjAgCxQqKQFV6J29HvyNa SCeF5BHTvgC4owMXt5HGrdIIU872oKI8vHCkmO3i8dwuWZTg5t+QO/iKLI3yGUa7 6D1pEqydGOU1KXYO/KxjHmYWvZ7Iv8Mt3eJ6yucC1xtxPVGRD+6gOZn12p3d/srb ZGYqXyaQ0UQXV+8skQTMCrr+YbNxjN6aSxZOIcDxLjCVeJrnBCe5KJaLp+MU35Z8 yiWmF+dVByX3RxzmPiuRLEoMpiTEOfr2jzSwzzdiTVt5ViGekIwZ6g== =rlq8 -----END PGP SIGNATURE-----
-- Markus Rosjat fon: +49 351 8107223 mail: rosjat@ghweb.de
G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden
http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227
Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
participants (3)
-
Markus Rosjat
-
Ralph Seichter
-
Steffen Kaiser