Hi,
I am trying to implement a dict lookup for disabled accounts, where both
the passdb lookup and the disabled lookup is done in the same passdb. I
was hoping that this configuration would work:
passdb {
name = redis
driver = dict
args = /etc/dovecot/dovecot-redis.conf.ext
}
---
uri = redis:host=127.0.0.1
key disabled {
key = users/%u/disabled/%s
format = value
default_value =
}
key user {
key = users/%u
format = json
}
passdb_objects = user
passdb_fields {
fail = %{dict:disabled}
}
Unfortunately, this will always set the fail passdb_field regardless of
whether the disabled key returns its empty default_value. Removing the
default_value setting will cause the passdb lookup to fail if key lookup
fails, as mentioned in the documentation.
Is there a way to have the dict driver handle redis nil values similarly
to how the sql driver handles NULL values?
A working alternative I found is to set an invalid password if the
disabled key is set:
passdb_fields {
password = %{if;%{dict:disabled};eq;;%{dict:user.password};}
}
However, this feels hacky. It also makes the auth-worker to log the
following error (despite it being functional):
dovecot: auth-worker(16229): Error:
redis(test,127.0.0.1,<Kd3zJDOdfs1/AAAB>): Multiple password values not
supported
Any other suggestions, or should I simply fall back to using a separate
passdb with deny=yes?
Best regards,
Eirik
