Hi I wonder if the information about the origin of report or allow can be accessed somehow. lt.remote gives the IP of the client trying to login but is there anything in lt which gives the ip of the system that connects to wforced? Thanks and have a good one -- tobi
Neil Cook
2019-May-22 09:53 UTC
weakforced: Possible to access the ip address of report/allow?
From dovecot, you can add any additional attributes you like using the auth_policy_request_attributes configuration setting, e.g. By default in 2.3.1 this looks like: login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s But you can add additional parameters: login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s attrs/local_ip=%{lip} The above will add the local dovecot IP address to the attrs, which can then be accessed from wforce policy, Neil> On 22 May 2019, at 07:56, Tobi via dovecot <dovecot at dovecot.org> wrote: > > Hi > > I wonder if the information about the origin of report or allow can be > accessed somehow. lt.remote gives the IP of the client trying to login > but is there anything in lt which gives the ip of the system that > connects to wforced? > > Thanks and have a good one > > -- > > tobiNeil Cook neil.cook at open-xchange.com ------------------------------------------------------------------------------------- Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court Nuremberg HRB 24738 Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael Knapstein, Stephan Martin Chairman of the Board: Richard Seibt European Office: Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718 Managing Director: Frank Hoberg US Office: Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA ------------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190522/084d9896/attachment.html>
Hi Neil thanks for the hint with the dovecot config, adding this and I can see that> ... attrs={local_ip="XX.XX.XX.XX"} ...is now logged by wforce daemon. Then I tried to access that value from wforce with the following testcode> if (#lt.attrs > 0) > then > return 7, "ip_local", "ip_local", { test=test } > endbut even if attrs are set (according to wforce logs), the code above does not go into if condition. What is the proper way to access the attrs? Thanks for your help and have a good one -- tobi Am 22.05.19 um 11:53 schrieb Neil Cook:> From dovecot, you can add any additional attributes you like using the auth_policy_request_attributes configuration setting, e.g. > > By default in 2.3.1 this looks like: > > login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s > > But you can add additional parameters: > > login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s attrs/local_ip=%{lip} > > The above will add the local dovecot IP address to the attrs, which can then be accessed from wforce policy, > > Neil > >> On 22 May 2019, at 07:56, Tobi via dovecot <dovecot at dovecot.org> wrote: >> >> Hi >> >> I wonder if the information about the origin of report or allow can be >> accessed somehow. lt.remote gives the IP of the client trying to login >> but is there anything in lt which gives the ip of the system that >> connects to wforced? >> >> Thanks and have a good one >> >> -- >> >> tobi > > > Neil Cook > neil.cook at open-xchange.com > > ------------------------------------------------------------------------------------- > Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court Nuremberg HRB 24738 > Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael Knapstein, Stephan Martin > Chairman of the Board: Richard Seibt > > European Office: > Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718 > Managing Director: Frank Hoberg > > US Office: > Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA > ------------------------------------------------------------------------------------- > >