no this is not the intented behaviour for thsi attribute. In general every user can use pop3 but only a few can use imap so what I want is: - permit pop3 by default - check if the attribute is 0 or 1 - depending on the result a user can login with imap protocol regards Markus Am 08.09.2017 um 17:59 schrieb Ralph Seichter:> On 08.09.2017 17:11, Markus Rosjat wrote: > >> I have a LDAP dir with an attribute set to 0 or 1 and in my old setup >> (a courier server) I used this attribute to map it to an authoption >> called disableimap. This prevent users to access the mailbox with imap >> protocol. >> >> So the question is what should I set in dovecot to get the same >> behaviour? > > You can configure 'pass_filter' to discount entries with your disable- > flag. Affected users won't be able to authenticate with Dovecot, which > I assume is what you are trying to achieve. > > -Ralph >-- Markus Rosjat fon: +49 351 8107223 mail: rosjat at ghweb.de G+H Webservice GbR Gorzolla, Herrmann K?nigsbr?cker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte pr?fen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 9 Sep 2017, Markus Rosjat wrote:> In general every user can use pop3 but only a few can use imap so what I want > is: > > - permit pop3 by default > - check if the attribute is 0 or 1 > - depending on the result a user can login with imap protocolWhat's the name of the attribute? Maybe you can use %s in the the pass_filter string. If the name does not contain "imap", you need to change the logic, e.g. invent a general LDAP attribute deniedService and set deniedServer=imap Or AllowedService=imap allowedService=pop3 Or DeniedIMAP=1> Am 08.09.2017 um 17:59 schrieb Ralph Seichter: >> On 08.09.2017 17:11, Markus Rosjat wrote: >> >>> I have a LDAP dir with an attribute set to 0 or 1 and in my old setup >>> (a courier server) I used this attribute to map it to an authoption >>> called disableimap. This prevent users to access the mailbox with imap >>> protocol. >>> >>> So the question is what should I set in dovecot to get the same >>> behaviour? >> >> You can configure 'pass_filter' to discount entries with your disable- >> flag. Affected users won't be able to authenticate with Dovecot, which >> I assume is what you are trying to achieve. >> >> -Ralph >> > >- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWbkpYHz1H7kL/d9rAQJ8kwgAo2PMSAmZ4fwld7Qw9Cw+2Htq42CbaRPK 8qtJTy61lF++VSGrsfy3ed4DGuaDrWM1IFo3/BifJusdjAgCxQqKQFV6J29HvyNa SCeF5BHTvgC4owMXt5HGrdIIU872oKI8vHCkmO3i8dwuWZTg5t+QO/iKLI3yGUa7 6D1pEqydGOU1KXYO/KxjHmYWvZ7Iv8Mt3eJ6yucC1xtxPVGRD+6gOZn12p3d/srb ZGYqXyaQ0UQXV+8skQTMCrr+YbNxjN6aSxZOIcDxLjCVeJrnBCe5KJaLp+MU35Z8 yiWmF+dVByX3RxzmPiuRLEoMpiTEOfr2jzSwzzdiTVt5ViGekIwZ6g==rlq8 -----END PGP SIGNATURE-----
Hi steffen, my arg is telexNumber and I basically use it the wrong way here but I have to migrate some stuff and before I start to invent things I like to try to set it up like before. In courier you could define that a given arg from LDAP sets the option disableimap to 1 or 0 so I was looking for a way to do that in dovecot. Am 13.09.2017 um 14:49 schrieb Steffen Kaiser:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sat, 9 Sep 2017, Markus Rosjat wrote: > >> In general every user can use pop3 but only a few can use imap so what >> I want is: >> >> - permit pop3 by default >> - check if the attribute is 0 or 1 >> - depending on the result a user can login with imap protocol > > What's the name of the attribute? Maybe you can use %s in the the > pass_filter string. If the name does not contain "imap", you need to > change the logic, e.g. invent a general LDAP attribute deniedService > and set deniedServer=imap > > Or AllowedService=imap allowedService=pop3 > Or DeniedIMAP=1 > >> Am 08.09.2017 um 17:59 schrieb Ralph Seichter: >>> On 08.09.2017 17:11, Markus Rosjat wrote: >>> >>>> I have a LDAP dir with an attribute set to 0 or 1 and in my old setup >>>> (a courier server) I used this attribute to map it to an authoption >>>> called disableimap. This prevent users to access the mailbox with imap >>>> protocol. >>>> >>>> So the question is what should I set in dovecot to get the same >>>> behaviour? >>> >>> You can configure 'pass_filter' to discount entries with your disable- >>> flag. Affected users won't be able to authenticate with Dovecot, which >>> I assume is what you are trying to achieve. >>> >>> -Ralph >>> >> >> > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBWbkpYHz1H7kL/d9rAQJ8kwgAo2PMSAmZ4fwld7Qw9Cw+2Htq42CbaRPK > 8qtJTy61lF++VSGrsfy3ed4DGuaDrWM1IFo3/BifJusdjAgCxQqKQFV6J29HvyNa > SCeF5BHTvgC4owMXt5HGrdIIU872oKI8vHCkmO3i8dwuWZTg5t+QO/iKLI3yGUa7 > 6D1pEqydGOU1KXYO/KxjHmYWvZ7Iv8Mt3eJ6yucC1xtxPVGRD+6gOZn12p3d/srb > ZGYqXyaQ0UQXV+8skQTMCrr+YbNxjN6aSxZOIcDxLjCVeJrnBCe5KJaLp+MU35Z8 > yiWmF+dVByX3RxzmPiuRLEoMpiTEOfr2jzSwzzdiTVt5ViGekIwZ6g=> =rlq8 > -----END PGP SIGNATURE------- Markus Rosjat fon: +49 351 8107223 mail: rosjat at ghweb.de G+H Webservice GbR Gorzolla, Herrmann K?nigsbr?cker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte pr?fen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT