From 393c1f4ff1dd7f6a963472e09e53fd46c3a431e2 Mon Sep 17 00:00:00 2001
From: William Hirigoyen <whirigoyen+git@evolix.fr>
Date: Mon, 29 Jan 2024 12:04:38 +0100
Subject: [PATCH] add missing LDAP conf iterate_filter to exclude disabled
 accounts in users list

---
 CHANGELOG.md           | 1 +
 dovecot/tasks/main.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4a7d57a3..d332ec7d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -92,6 +92,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * webapps/nextcloud: fix misplaced gid attribute
 * webapps/nextcloud: fix missing gid
 * minifirewall: ports 25, 53, 443, 993, 995 not opened publicly by default anymore, ports 20, 21, 110, 143 not opened semi-publicly by default anymore.
+* dovecot: add missing LDAP conf iterate_filter to exclude disabled accounts in users list (caused « User no longer exists » errors in commands listing users like « doveadm user -u '*' » or « doveadm expunge -u "*" mailbox INBOX savedbefore 7d »).
 
 ### Removed
 
diff --git a/dovecot/tasks/main.yml b/dovecot/tasks/main.yml
index edb39164..6c4e7608 100644
--- a/dovecot/tasks/main.yml
+++ b/dovecot/tasks/main.yml
@@ -37,6 +37,7 @@
     - { key: 'user_attrs', value: 'homeDirectory=home' }
     - { key: 'user_filter', value: '(&(isActive=TRUE)(uid=%u))' }
     - { key: 'pass_attrs', value: 'uid=user,userPassword=password' }
+    - { key: 'iterate_filter', value: '(&(isActive=TRUE))' }
   when: ldap_suffix is defined
   notify: reload dovecot
   tags: