Timo Sirainen schreef:
On Fri, 2007-11-23 at 16:12 +0100, Marc Cuypers wrote:
Some of the mail users may only login from the LAN, while others can
login from the LAN and the internet.
I've read about allow_nets but i can't find very much info when dovecot
is used with ldap. Can someone give me a direction (url, configuration
file, ...).
You'll have to store the allow_nets field to LDAP using some name and
tell Dovecot to use it in pass_attrs. On LDAP side you probably need
some special schema (don't ask me about that) or you need to use some
other existing field for that purpose.
pass_attrs anyway goes something like:
pass_attrs = uid=user,userPassword=password,someField=allow_nets
I already added the field allownets to the ldap database.
Then i compiled dovecot 1.0.7 on a test machine and set dovecot up to
use ldap.
# dovecot --version
1.0.7
The LAN is using the addresses in the range 10.0.0.0/24. The test
machine (server) is 10.0.0.224 and the client is 10.0.0.110
Even when allow_nets contains 127.0.0.1/8, 192.168.1.0/24, i get access.
With this setting I thought i only could login from 127.0.0.1 and from
the network 192.168.1.0/24.
Hereunder the logs and de configuration files.
<dovecot.log>
dovecot: 2007-11-27 09:04:14 Info: auth(default): client in: AUTH
1 PLAIN service=IMAP secured lip=10.0.0.224 rip=10.0.0.110
dovecot: 2007-11-27 09:04:14 Info: auth(default): client out: CONT 1
dovecot: 2007-11-27 09:04:14 Info: auth(default): client in: CONT<hidden>
dovecot: 2007-11-27 09:04:14 Info: auth(default): ldap(marc,10.0.0.110):
bind: dn=uid=marc,ou=accounts,ou=people,dc=mgvd,dc=be
dovecot: 2007-11-27 09:04:14 Info: auth(default): client out: OK
1 user=marc
dovecot: 2007-11-27 09:04:14 Info: auth(default): master in: REQUEST
3 14412 1
dovecot: 2007-11-27 09:04:14 Info: auth(default): ldap(marc,10.0.0.110):
user search: base=ou=accounts,ou=people,dc=mgvd,dc=be scope=subtree
filter=(&(objectClass=postfixmail)(uid=marc)) fields=allownets
dovecot: 2007-11-27 09:04:15 Info: auth(default): master out: USER
3 marc allow_nets=127.0.0.1/8, 192.168.1.1 uid=5001
gid=5002
dovecot: 2007-11-27 09:04:15 Info: imap-login: Login: user=<marc>,
method=PLAIN, rip=10.0.0.110, lip=10.0.0.224, TLS
dovecot: 2007-11-27 09:04:15 Info: auth(default): new auth connection:
pid=14463
</dovecot.log>
Configuration files used
<dovecot.conf>
protocols = imaps
log_path = /var/log/dovecot.log
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/home/mail/%u/Maildir
mail_extra_groups = mail
protocol imap {
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}
auth_debug = yes
auth default {
mechanisms = plain login
passdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
}
userdb ldap {
args = /etc/dovecot/dovecot-ldap.conf
}
user = root
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
dict {
}
plugin {
}
</dovecot.conf>
<dovecot-ldap.conf>
hosts = 127.0.0.1
dn=cn=manager,dc=mgvd,dc=be
dnpass = <password>
auth_bind = no
auth_bind_userdn = uid=%u,ou=accounts,ou=people,dc=mgvd,dc=be
base = ou=accounts,ou=people,dc=mgvd,dc=be
scope = subtree
user_attrs = allownets=allow_nets
user_filter = (&(objectClass=postfixmail)(uid=%u))
pass_attrs = uid=user,userPassword=password,allownets=allow_nets
pass_filter = (&(objectClass=postfixmail)(uid=%u))
user_global_uid = 5001
user_global_gid = 5002
</dovecot-ldap.conf>
--
Marc
