Exclude disabled accounts

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Exclude disabled accounts

Evgeniy Korneechev
Hello!
We have userdb=passwd.
userdb {
  driver = passwd #server was entered domain Active Directory
  override_fields = home=/var/vmail/glu_vrem/%u
}

If I disable in AD user's account, he can not sign in.
But he can and will receive letters, which of course is not correct.

How can I exclude disabled accounts from 'userdb'?



dovecot -n:
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.4.39-std-def-alt0.M80P.1 x86_64 ALT 8.1 Server
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login cram-md5
auth_socket_path = /var/run/dovecot/auth-userdb
auth_username_chars =
auth_verbose = yes
auth_verbose_passwords = plain
base_dir = /var/run/dovecot/
debug_log_path = /var/log/dovecot
disable_plaintext_auth = no
first_valid_gid = 502
first_valid_uid = 502
last_valid_gid = 268999999
last_valid_uid = 268999999
log_path = /var/log/dovecot
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_access_groups = vmail
mail_debug = yes
mail_gid = 502
mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
mail_plugins = " quota autocreate"
mail_privileged_group = vmail
mail_uid = 502
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify
mbox_write_locks = fcntl
namespace {
  list = children
  location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
  prefix = shared/%%u/
  separator = /
  subscriptions = yes
  type = shared
}
namespace inbox {
  inbox = yes
  location =
  prefix =
  separator = /
  type = private
}
passdb {
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  quota_rule = *:storage=5G
  recipient_delimiter = +
  sieve = /etc/dovecot/sieves/default.sieve
  sieve_default = /etc/dovecot/sieves/default.sieve
  sieve_dir = ~/sieve
  sieve_extensions = +notify +imapflags
  sieve_max_redirects = 8
}
protocols = imap pop3 lmtp sieve
service auth-worker {
  user = root
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0666
    user = vmail
  }
}
service dict {
  unix_listener dict {
    group = vmail
    mode = 0600
    user = vmail
  }
}
service imap-login {
  inet_listener imap {
    port = 143
  }
}
service imap {
  process_limit = 1024
  vsz_limit = 256 M
}
service lmtp {
  unix_listener lmtp {
    mode = 0666
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  vsz_limit = 64 M
}
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
}
service pop3 {
  process_limit = 1024
}
ssl_ca = </usr/share/ca-certificates/ca-bundle.crt
ssl_cert = </etc/dovecot/server.crt
ssl_key =  # hidden, use -P to show it
userdb {
  driver = passwd
  override_fields = home=/var/vmail/glu_vrem/%u
}
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
protocol lmtp {
  mail_plugins = " quota autocreate sieve"
}
protocol lda {
  mail_plugins = " quota autocreate  sieve quota"
  plugin {
    quota = dict:user::file:/var/vmail/glu_vrem/%n/.quotausage
  }
}
protocol imap {
  mail_plugins = " quota autocreate autocreate imap_quota"
  plugin {
    autocreate = INBOX
    autocreate2 = Sent
    autocreate3 = Trash
    autocreate4 = Drafts
    autocreate5 = Junk
    autosubscribe = INBOX
    autosubscribe2 = Sent
    autosubscribe3 = Trash
    autosubscribe4 = Drafts
    autosubscribe5 = Junk
    quota = dict:user::file:/var/vmail/glu_vrem/%n/.quotausage
  }
}
protocol sieve {
  mail_max_userip_connections = 10
  managesieve_implementation_string = Dovecot Pigeonhole
  managesieve_logout_format = bytes=%i/%o
  managesieve_max_compile_errors = 5
  managesieve_max_line_length = 65536
}
protocol pop3 {
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  pop3_uidl_format = %08Xu%08Xv
}

--
WBR, Korneechev Evgeniy
BaseALT/ALTLinux Team
Reply | Threaded
Open this post in threaded view
|

Re: Exclude disabled accounts

Steffen Kaiser-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 23 Nov 2017, Evgeniy Korneechev wrote:

> We have userdb=passwd.
> userdb {
>  driver = passwd #server was entered domain Active Directory
>  override_fields = home=/var/vmail/glu_vrem/%u
> }
>
> If I disable in AD user's account, he can not sign in.
> But he can and will receive letters, which of course is not correct.
>
> How can I exclude disabled accounts from 'userdb'?

Dovecot uses your system's getpwnam(), so if

getent passwd username

returns something, Dovecot uses it. There is no notion about "disabled"
status in passwd databases.

- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBWhaz5cQnQQNheMxiAQJomQgAldUZ2F22x5aoMOkJyyRBi2H7ChRrvTWS
THDuYr9SfMoCSaeebrdvDeS7Cqs03/a3G9ffCXsvk15g8rWkEC98vtpUc6NObpLy
JhiXU6qL2O+j5jVdR1bCVTqt3IgmC+wQb+2z7C16+PPJMB0uBK3S0e8PBjrqbESI
ni/UFXwCUEybNrUiToqCuCvTSujFlnk83oeQhzN/NN1JZefPOixovn+vci1O9zba
NVMDrjbC0vb/e+EQkJQmQGjGmhwPsMb1Z0waTQPq5fjV3DgUy1XaPOoP3gMexKpx
dB3SPZ2WK3rNc1uR6CyrZrdjObLC6XKjN6xZg070dFX2kRcpJMyZOw==
=Dp0N
-----END PGP SIGNATURE-----