[Dovecot] allow_nets + default + ldap
Andreas Schulze
sca at andreasschulze.de
Wed May 21 10:18:41 UTC 2014
Timo,
thanks for having a look at my message...
> This looks scary, wouldn't it work without it? : request->failed = FALSE;
I simply copied the logic from existing code in the same function.
> Also, don't these work already?
> any = 0.0.0.0/0
> none = 0.0.0.0/32
>
> Or I'm not sure if the 0.0.0.0/0 matches IPv6, maybe that's a problem..
Right, thats one problem as I remember. This is in my ldap.conf:
pass_filter = (uid=%Lu)
pass_attrs = =user=%{ldap:uid}, \
=allow_nets=%{ldap:allownets:ALL}, \
=userdb_uid=%{ldap:uidNumber:1000}, \
=userdb_gid=%{ldap:gidNumber:1000}, \
=userdb_home=%{ldap:homeDirectory:/mail/%Ln}
I have to declare a default value for "allow_nets" for accounts
without specifies LDAP attribute "allownets".
0.0.0.0/0 will work, but the comma fail. Also only an IPv6 is impossible ":"
For this reasons I came up with my patch solution. The other
possibility is to explicit allaw all requests
if the variable networks in
src/auth/auth-request.c/auth_request_validate_networks is empty.
> Also I don't really like to use uppercase values, strcasecmp() would
> be better I think.
there is no strong need for uppercase.
As I said, the solution may be not optimal.
Andreas
More information about the dovecot
mailing list