On 10/15/2010 06:22 AM, Timo Sirainen wrote: > On Fri, 2010-10-15 at 06:14 -0600, Trever L. Adams wrote: > >> Is there some global option like mail_location for homedirectory? That >> is one I am not finding one with google or with grep in the configuration. > That's exactly what the mail_home is. I don't know why it wouldn't work > for you. My apologies, I misread it as mail_location. I have fixed this. Thank you. mail_home = /home/vmail/%d/%n mail_location = maildir:~/Maildir >> >> I have done this as well. The problem with removing all of this is I use >> Dovecot's deliver (LDA). It needs a way of finding which users do and do >> not exist. Is there a better way to do this? > Assuming you're not using auth_bind=yes with ldap, LDA can check the > user's existence by doing a passdb lookup instead. Fantastic. I am not. Postfix, is validating user existence. I read somewhere I can turn off Dovecot LDA validation, but now I am unable to find the page. >> The only problem that is there is this: I need doveadm expunge -A. This >> is where I am having the problem. I guess this doesn't use the user_ >> stuff. It uses the iterate_attrs right? > Right. > >>> Oct 15 05:48:06 TeaSet dovecot: master: Error: service(auth-worker): child >>> 16375 killed with signal 11 (core dumps disabled) > Can you get a gdb backtrace? First enable core dumps with "ulimit -c > unlimited" and once you have core file see > http://dovecot.org/bugreport.html I am not sure this is necessary. The problem seems to be in this dovecot: auth: Debug: ldap(?): result: sAMAccountName(?unknown?)=
I get that for all fields in the AD. It looks like I am going to have to do a bind of some kind. I am having a heck of a time doing this. As I said, I am learning ldap as I am doing this. Samba4 (it seems) and Windows AD servers themselves do SASL authentication, but I am having a hard time getting this to work. If you wouldn't mind helping there: dn = CN=SMTP-SERVICE-PRINCIPAL-USER,CN=Users,DC=example,DC=org dnpass = correct password sasl_bind = yes sasl_mech = gssapi sasl_realm = EXAMPLE.ORG So, the user is the same as is in the AD for the service principal smtp/host. So, it already has a ticket. The rest of the ldap file is pretty much the same as before (with the modifications we have been talking about). With that I get: auth: Error: LDAP: binding failed (dn CN=SMTP-SERVICE-PRINCIPAL-USER,CN=Users,DC=example,DC=org): Local error, SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Cannot determine realm for numeric host address) I am thinking I should add gss-spnego to the mech, but haven't done so. > Also: > >> iterate_attrs = uid=samaccountname > this should be: > > iterate_attrs = samaccountname=user Yes, that is working MUCH better. Still the problem with empty fields mentioned above is the killer. Thank you, Trever
signature.asc
Description: OpenPGP digital signature
