Hi Tobi,
you need to process lt.attrs in a loop. It's not a real Lua table, it's a user data pretending to be a table, so # doesn't work.
For example:
for k, v in pairs(lt.attrs) do
if ((k == "accountStatus") and (v == "blocked"))
then
return -1, "accountStatus blocked", "accountStatus blocked", {}
end
end
For examples of almost anything you can do in wforce.conf, including the above, please read the wforce.conf man page. It's really very thorough.
Neil
On 22 May 2019 13:53 Tobi < tobiswo...@gmail.com> wrote:
Hi Neil
thanks for the hint with the dovecot config, adding this and I can see that
... attrs={local_ip="XX.XX.XX.XX"} ...is now logged by wforce daemon. Then I tried to access that value fromwforce with the following testcode
if (#lt.attrs > 0)thenreturn 7, "ip_local", "ip_local", { test=test }endbut even if attrs are set (according to wforce logs), the code abovedoes not go into if condition. What is the proper way to access the attrs?
Thanks for your help and have a good one
--
tobiAm 22.05.19 um 11:53 schrieb Neil Cook:From dovecot, you can add any additional attributes you like using the auth_policy_request_attributes configuration setting, e.g.
By default in 2.3.1 this looks like:
login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
But you can add additional parameters:
login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s attrs/local_ip=%{lip}
The above will add the local dovecot IP address to the attrs, which can then be accessed from wforce policy,
Neil
On 22 May 2019, at 07:56, Tobi via dovecot < dovecot@dovecot.org> wrote:>> Hi>>>> I wonder if the information about the origin of report or allow can be>> accessed somehow. lt.remote gives the IP of the client trying to login>> but is there anything in lt which gives the ip of the system that>> connects to wforced?>>>> Thanks and have a good one>>>> -->>>> tobi
Neil Cook
-------------------------------------------------------------------------------------Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court Nuremberg HRB 24738Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael Knapstein, Stephan MartinChairman of the Board: Richard Seibt
European Office:Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718Managing Director: Frank Hoberg
US Office:Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA-------------------------------------------------------------------------------------
--
kind regards,
Neil Cook
Chief Security Architect
Phone: +44 774 7012545
Email: neil.c...@open-xchange.com
-------------------------------------------------------------------------------------
Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court Nuremberg HRB 24738
Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael Knapstein, Stephan Martin
Chairman of the Board: Richard Seibt
European Office:
Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718
Managing Director: Frank Hoberg
US Office:
Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA
-------------------------------------------------------------------------------------