On Wed, Apr 16, 2008 at 11:00 AM, kemas henry <[EMAIL PROTECTED]> wrote: > Martin Schuster (IFKL IT OS DSM CD) wrote: > > kemas henry wrote: > >> with Courier pop3 and imap with ldap > >> backend, everything runs ok. > >> but now I like to separate several user so they can only use imap not pop3 > >> > >> > > I did something like this with the mysql auth-backend. > > There you can define your own SQL-query-string, so you'll > > put sth. like > > ... AND allowedservices LIKE '%$(service)%' > > there, then set the "allowedservices" column in your database to > > imap:smtp > > > > > > yes, something like that. I search the mail archive and found similar > topic on 2008-02-15. > The "options" field can hold something like "disableimap=1" or > "disablepop3=1". > but the talk is short and I just can't figure out how he did it ;-(
It is very very simple.... 1) Configure your LDAP records to hold the data, eg, field "di" to hold the disableimap value, field "dp" to hold the disable pop value, and maybe "dw" to hold the disablewebmail value. 2) Set those fields to 0 if you don't want the particular service disabled for that user, and set it to 1 if you want that particular service disabled for that user. 3) Configure authlib to retrieve that info from LDAP, which means, editing authldaprc file on your system, and putting in an entry for LDAP_AUXOPTIONS which tells authlib which field in your LDAP records it should use to initialise the value of disableimap disablepop3 and disablewebmail when performing auth requests. Using the above naming scheme, it would be setup as below: LDAP_AUXOPTIONS disableimap=di,disablepop3=dp,disablewebmail=dw 4) Test your configuration by doing authtest <username> and you should see the values of those fields returned in the authresult. 5) Try it out on a user and see if it works. I've never mixed postfix as the MTA, but I'm assuming that won't be an issue and that the pop3, webmail daemons will use the authlib provided info to determine the privs. di, dp, and dw are terrible LDAP field names, and were used to provide clarity in the authldaprc config line, I'd suggest actually using disableimap, disablepop3 and disablewebmail for the hung over mornings that you must make changes. HTH, Harry. ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
