Re: [Dovecot] Problem with Prefetch User Database
> Dovecot only sees the PAM-authentication part)
PAM does not return userdb-relevant information. You cannot use userdb prefetch.
You could switch to first ask a ldap passdb and then, for users that have another password in LDAP, pam.
I use PAM because of the easyness of blocking specific validated users - you can just add/remove them in a plain text file. Easy administration will be necessary because of the planned huge amount of users on the system (28.000), and sometimes blocking a user is highly time-dependent (e.g. if one answers to a phising mail and sending out his credentials which are then abused for sending spam).
I would go over LDAP if there is an equivalent easy way to solve this over LDAP (easy blocking out users by e.g editing a plain text file) - is there any?
Thanks, Megodin
Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/produkte/basic/index.html
Send and receive anonymous emails to your inbox with InboxAlias. http://www.inboxalias.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 21 Mar 2013, megodin@inboxalias.com wrote:
> Dovecot only sees the PAM-authentication part)
PAM does not return userdb-relevant information. You cannot use userdb prefetch.
You could switch to first ask a ldap passdb and then, for users that have another password in LDAP, pam.
I use PAM because of the easyness of blocking specific validated users - you can just add/remove them in a plain text file. Easy administration will be necessary because of the planned huge amount of users on the system (28.000), and sometimes blocking a user is highly time-dependent (e.g. if one answers to a phising mail and sending out his credentials which are then abused for sending spam).
I would go over LDAP if there is an equivalent easy way to solve this over LDAP (easy blocking out users by e.g editing a plain text file) - is there any?
Ah:
http://wiki2.dovecot.org/Authentication/RestrictAccess?highlight=(deny)
check out section about passwd-file
Other alternative: Add into your passdb LDAP filter:
(&(..)(!(dovecotUserDenied=*)))
Then add the attribute dovecotUserDenied with any content to deny that user.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUUwzOl3r2wJMiz2NAQJdeggAhxDhio9AUqDomoyjnRg6F2akRq26tFvL 4bG2O4qASIWEyAv232vU5zUX7/EmKWoGbBw6T/Ep3NVrzLNCPzxXi6aMjcd18ZsH z65bk/cgrwFzMjWXacQ+L//clmXSb7buZp6DiMTMfVWMWv5TkJa0u6fio9PQlTGT Fmi4RBnCozwK8SaiEZmXW6fd+Tdjy60NUk80huIngwviwaAnC3EFrv2IO6nCFbOJ PmFbxRDMD0j9+5Vbudea2ZmzYSpLOPzk1kCVFNrGVzAT2dtrishmnc2kv90FkbDt jJN/MUyCIL//zELDY3N73vjaDzpb+RQrp3eUfovS6xApbaGN1rtWqA== =2a5e -----END PGP SIGNATURE-----
participants (2)
-
megodin@inboxalias.com
-
Steffen Kaiser