Dear Steffen, Finally managed to test your suggestions ...
Am 2014-07-31 09:11, schrieb Steffen Kaiser: > On Thu, 31 Jul 2014, Steffen Kaiser wrote: >> How about adding another userdb { driver = passwd-file args = >> /.../%s/file >> } as the first one, which disables the access to the one user's mail >> storage currently migrated. %s would be lmtp, imap, pop3 and doveadm, >> IMHO. Make sure, doveadm sees no user in this userdb, but the others do, >> e.g. symlink the appropriate files and keep /.../doveadm/file >> zero-length, in order to fall back to LDAP always. I tried that now and did not get any useful results; meaning that I did not manage to block a user from using any of the services. While imap acknowledges finding the user in said file, lmtp doesn't even bother to look there. Both services however continue to work. I tried various return values for the userdb lookup but lmtp just seems to ignore everything. imap can be disabled easily by means of a passdb that has deny = yes set. This is really starting to drive me mad ... >> a) >> Besides the %s-way, there must be a way to have doveadm override the >> settings in: > >> userdb { >> driver = passwd-file >> args = /.../file >> } > >> in the line of: >> doveadm -o userdb[*]/args=/dev/null .... Quite frankly I don't fully understand what you mean by this. > Maybe, you need not no other userdb, but you can make use of %s in your > LDAP userdb - filter, e.g. > > user_filter = (&(objectClass=posixAccount)(uid=%u)(!(deniedService=%Ls))) Didn't try that one since I figure if passwd-file does not work why should LDAP work? Thanks for your suggestions anyway :) Cheers, -- j.hofmüller We are all idiots with deadlines. - Mike West
signature.asc
Description: OpenPGP digital signature