dovecot - Nov 2010 - LDAP Filter

Dear All,
              All my users reside in ldap and i am using filter to
restrict access to imap and pop service which is working good but as
my webmail also uses the imap service, restricting imap will also
cause my users to login to webmail. I am looking for a way to bypass
the same for a particular ip or loop back ip.

Hoping to get answer ...


Thanks Regards

  Piyush Joshi

On Tue, 2010-11-23 at 19:17 +0530, Joy wrote:
> Dear All,
>               All my users reside in ldap and i am using filter to
> restrict access to imap and pop service which is working good but as
> my webmail also uses the imap service, restricting imap will also
> cause my users to login to webmail. I am looking for a way to bypass
> the same for a particular ip or loop back ip.
Maybe (|(webmail allowed filter)(%r=127.0.0.1))? I don't know if LDAP
filters allow that. %r anyway expands to remote IP and %l to local IP.

With v2.0 you could use a different passdb ldap based on local IP,
something like:

local 127.0.0.1 {
  passdb {
    driver = ldap
    args = /etc/dovecot/dovecot-ldap-webmail.conf
  }
}
local 10.1.2.3 {
  passdb {
    driver = ldap
    args = /etc/dovecot/dovecot-ldap.conf
  }
}