From 609fd8093610923ce5c48eb742c47aa9b72770ea Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 12 Mar 2026 03:20:13 +0100 Subject: [PATCH] dovecot: make sure vid/gid are not overridable The only storage scheme we support is a single declarative user with fixed uid/gid. The default_fields are overridable if these fields leak in from LDAP, so promote them to override_fields instead. --- mail-server/dovecot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix index 307f0f4..148c97d 100644 --- a/mail-server/dovecot.nix +++ b/mail-server/dovecot.nix @@ -445,7 +445,7 @@ in userdb { driver = ldap args = ${ldapConfFile} - default_fields = \ + override_fields = \ uid=${toString cfg.vmailUID} \ gid=${toString cfg.vmailUID} }