Hi at all,
in our test environment, I'm playing with dovecot 2.1.13 configured as
imap/pop/managesieve proxy. It is configured to authenticate users with
ldap and it works very well.
Now, I'd like to temporary disable some users's login, because we are
moving to another storage, and I wouldn't stop imap service at all.
I've found on Dovecot wiki that I could use 'nologin' extra field, but I
wasn't been able to get it work. My dovecot configuration is:
# 2.1.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.19.1.el6.x86_64 x86_64 ...
auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = plain
disable_plaintext_auth = no
listen = *
mail_debug = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox Sent Messages {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap pop3 sieve
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
ssl = no
ssl_cert = /etc/pki/dovecot/certs/dovecot.pem
ssl_key = /etc/pki/dovecot/private/dovecot.pem
userdb {
driver = prefetch
}
and my 'dovecot-ldap.conf.ext' is:
uris = ldap://ldap.example.it/
dn = cn=Reader,dc=example,dc=it
dnpass = password
base = ou=People,dc=example,dc=it
pass_attrs = uid=user,userPassword=password,\
=userdb_home=/var/spool/mail/%1u/%u,uidNumber=userdb_uid,gidNumber=userdb_gid,\
=proxy=y,=host=imap.example.it,\
=nologin=y
pass_filter = ((objectClass=qmailUser)(uid=%u)(accountStatus=active))
With this configuration, all users can login, and log said:
Jan 23 09:16:18 localhost dovecot: master: Dovecot v2.1.13 starting up
(core dumps disabled)
Jan 23 09:16:33 localhost dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Jan 23 09:16:33 localhost dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Jan 23 09:16:33 localhost dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Jan 23 09:16:33 localhost dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libauthdb_ldap.so
Jan 23 09:16:33 localhost dovecot: auth: Debug: auth client connected
(pid=3660)
Jan 23 09:16:33 localhost dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=imap#011session=PsbzT/DT+gCTeiwf#011lip=192.168.129.109#011rip=192.168.44.31#011lport=143#011rport=53754
Jan 23 09:16:33 localhost dovecot: auth: Debug: client passdb out:
CONT#0111#011
Jan 23 09:16:33 localhost dovecot: auth: Debug: client in:
CONT#0111#011AHByb3ZhZm0AY2hlcGFsbGU=
Jan 23 09:16:33 localhost dovecot: auth: Debug:
ldap(prova,147.122.44.31,PsbzT/DT+gCTeiwf): pass search:
base=ou=People,dc=example,dc=it scope=subtree
filter=((objectClass=qmailUser)(uid=prova)(accountStatus=active))
fields=uid,userPassword,uidNumber,gidNumber,uid,uid
Jan 23 09:16:33 localhost dovecot: auth: Debug:
ldap(prova,192.168.44.31,PsbzT/DT+gCTeiwf): result: uid=prova
uidNumber=2944 gidNumber=650 userPassword={MD5}BjbsTtSovVAs1csswBTI7Q==
Jan 23 09:16:33 localhost dovecot: auth: Debug: client passdb out:
OK#0111#011user=prova#011proxy#011host=imap.example.it#011nologin#011hostip=192.168.11.136#011pass=password
Jan 23 09:16:33 localhost dovecot: imap-login: proxy(prova): started
proxying to imap.example.it:143: user=prova, method=PLAIN,
rip=192.168.44.31, lip=192.168.129.109, session=PsbzT/DT+gCTeiwf
As you can see 'nologin' field is present in 'passdb' answer, but it
doesn't seem to work.
If instead I try to disable login with 'allow_nets' extra field, it
works as expected:
'dovecot-ldap.conf.ext':
...
pass_attrs = uid=user,userPassword=password,\
=userdb_home=/var/spool/mail/%1u/%u,uidNumber=userdb_uid,gidNumber=userdb_gid,\
=proxy=y,=host=imap.example.it,\
=allow_nets=127.0.0.0/8
dovecot log:
Jan 22 18:28:19 localhost dovecot: master: Dovecot v2.1.13 starting up
(core dumps disabled)
Jan 22 18:28:32 localhost dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Jan 22 18:28:32 localhost dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_mysql.so
Jan 22 18:28:32 localhost dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_pgsql.so
Jan 22 18:28:32 localhost dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Jan 22 18:28:32 localhost dovecot: auth: Debug: Loading modules from
directory: