Re: [courier-users] how to block user from pop3 or imap

Harry Duncan wrote:
> On Wed, Apr 16, 2008 at 11:00 AM, kemas henry
> <kemas.henry@ramayana.co.id> wrote:
>
>> Martin Schuster (IFKL IT OS DSM CD) wrote:
>>
>>> kemas henry wrote:
>>>
>>>> with Courier pop3 and imap with ldap
>>>> backend, everything runs ok.
>>>> but now I like to separate several user so they can only use imap not pop3
>>>>
>>>>
>>>>
>>> I did something like this with the mysql auth-backend.
>>> There you can define your own SQL-query-string, so you'll
>>> put sth. like
>>> ... AND allowedservices LIKE '%$(service)%'
>>> there, then set the "allowedservices" column in your database to
>>> imap:smtp
>>>
>>>
>>>
>> yes, something like that. I search the mail archive and found similar
>> topic on 2008-02-15.
>> The "options" field can hold something like "disableimap=1" or
>> "disablepop3=1".
>> but the talk is short and I just can't figure out how he did it ;-(
>>
>
> It is very very simple....
>
>

thank you..
after you show me, yes it is very simple, foolish me.

> 1) Configure your LDAP records to hold the data, eg, field "di" to
> hold the disableimap value, field "dp" to hold the disable pop value,
> and maybe "dw" to hold the disablewebmail value.
>
>

I set this to disableimap=disableimap

> 2) Set those fields to 0 if you don't want the particular service
> disabled for that user, and set it to 1 if you want that particular
> service disabled for that user.
>
>

I add in authdaemonrc so DEFAULTOPTIONS="disablepop3=1,disableimap=1"

> 3) Configure authlib to retrieve that info from LDAP, which means,
> editing authldaprc file on your system, and putting in an entry for
> LDAP_AUXOPTIONS which tells authlib which field in your LDAP records
> it should use to initialise the value of disableimap disablepop3 and
> disablewebmail when performing auth requests. Using the above naming
> scheme, it would be setup as below:
>
> LDAP_AUXOPTIONS disableimap=di,disablepop3=dp,disablewebmail=dw
>
> 4) Test your configuration by doing authtest <username> and you should
> see the values of those fields returned in the authresult.
>
> 5) Try it out on a user and see if it works. I've never mixed postfix
> as the MTA, but I'm assuming that won't be an issue and that the
> pop3, webmail daemons will use the authlib provided info to determine
> the privs.
>
>

it works like charm...
I test it and I assume it wont be an issue with postfix because postfix
use sasl for authentification and postfix internal to query ldap info

> di, dp, and dw are terrible LDAP field names, and were used to provide
> clarity in the authldaprc config line, I'd suggest actually using
> disableimap, disablepop3 and disablewebmail for the hung over mornings
> that you must make changes.
>
>

I've use athldap.schema from courier and now get the benefit of it

> HTH,
>
> Harry.
>
>

thank you and the list again
kemas

--
================================================== ============================
That's life.
What's life?
A magazine.
How much does it cost?
Two-fifty.
I only have a dollar.
That's life.
================================================== ============================


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users