I solved my problem doing this:
/etc/dovecot/dovecot.conf
...
mail_uid = 89
mail_gid = 89
userdb {
driver = prefetch;
}
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf
}
/etc/dovecot/dovecot-ldap.conf
pass_filter = (&(objectClass=mailAccount)(uid=%n)(accountStatus=TRUE))
pass_attrs = mail=userdb_user,\
userPassword=password,\
mailQuota=userdb_quota_rule=*:bytes=%$,\
homeDirectory=userdb_home,\
mailMessageStore=userdb_mail
Setting mail_uid and mail_gid to numeric values of postfix user i
achieved my goal.
On Apr 11, Igor Zinovik wrote:
> I'm trying to cope with following problem I have single computer which
> will be going to be final destination for several virtual domains.
> Domains are stored in LDAP catalog. Dovecot will be working together
> with Postfix MTA running on same computer.
>
> I'm a bit confused how to achieve following thing: I want Postfix to use
> Dovecot LMTP server for mail delivery. All my mail is located under
> /var/vmail partition. I designed my own ldap schema and according to
> dovecot documentation that user should always has home and mail directory
> i added separate attributes for user home and mail. My typical user
> that is stored in LDAP has homeDirectory (which stores value like
> /var/vmail/domain.com/j/joe) and mailMessageStore (which stores value
> like /var/vmail/domain.com/j/joe/Maildir). All data under /var/vmail is
> owned by Postfix MTA user (which is called `postfix', uid=89). After
> reading dovecot documentation I understand that my setup needs to
> combine static userdb with LDAP passdb. But i also want dovecot to be
> able to deliver mail for local system users (that are stored in
> /etc/passwd). For system users i want to store their mail in
> $HOME/Mail. So i set mail_location = ~/Mail (which turns into
> /home/user/Mail), but for virtual (which are stored in LDAP) users i
> want to set mail (or maybe i should write here userdb_mail) to LDAP
> value mailMessageStore. Seems to me that LMTP server needs separate
> userdb query to fetch mail_location from LDAP.
>
> Setting mail_location = /var/vmail/%d/%n1/%u solves my problem, but I
> want dovecot to dynamically fetch maildir location from LDAP. Maybe in
> near future I would also store mail somewhere else not only under
> /var/vmail. And dovecot will fetch this information from LDAP.
>
> Here is excerpt from dovecot log when user tries to login:
> Apr 11 13:32:29 auth: Debug: Loading modules from directory:
> /usr/lib64/dovecot/auth
> Apr 11 13:32:29 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libauthdb_ldap.so
> Apr 11 13:32:29 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_mysql.so
> Apr 11 13:32:29 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_pgsql.so
> Apr 11 13:32:29 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libdriver_sqlite.so
> Apr 11 13:32:29 auth: Debug: Module loaded:
> /usr/lib64/dovecot/auth/libmech_gssapi.so
> Apr 11 13:32:29 auth: Debug: auth client connected (pid=14748)
> Apr 11 13:32:29 auth: Debug: client in: AUTH 1 PLAIN service=imap
> lip=172.20.21.26 rip=172.20.20.216 lport=143 rport=1227
> resp=<hidden>
> Apr 11 13:32:29 auth: Debug: ldap(j...@domain.com,172.20.20.216): pass
> search: base=pdomain=domain.com,ou=mail,dc=org,dc=ru scope=onelevel
> filter=(&(objectClass=mailAccount)(uid=joe)(accountStatus=TRUE))
> fields=mail,userPassword,mailQuota,homeDirectory,mailMessageStore
> Apr 11 13:32:29 auth: Debug: ldap(j...@domain.com,172.20.20.216): result:
> mail(user)=j...@domain.com mailQuota(userdb_quota_rule=*:bytes=%$)=1073741824
> mailMessageStore(userdb_mail)=/var/vmail/domain.com/p/joe/Maildir
> homeDirectory(userdb_home)=/var/vmail/domain.com/p/joe
> userPassword(password)=<hidden>
> Apr 11 13:32:29 auth: Debug: client out: OK 1 user=j...@domain.com
> Apr 11 13:32:29 auth: Debug: master in: REQUEST 2814377985 14748 1
> 5e00190b4fbfd1a4b8a50e13fa6562b1
> Apr 11 13:32:29 auth: Debug: master out: USER 2814377985
> j...@domain.com uid=89 gid=89
> Apr 11 13:32:29 imap-login: Info: Login: user=<j...@domain.com>,
> method=PLAIN, rip=172.20.20.216, lip=172.20.21.26, mpid=14750
> Apr 11 13:32:29 imap: Debug: Loading modules from directory:
> /usr/lib64/dovecot
> Apr 11 13:32:29 imap: Debug: Module loaded:
> /usr/lib64/dovecot/lib10_quota_plugin.so
> Apr 11 13:32:29 imap: Debug: Module loaded:
> /usr/lib64/dovecot/lib11_imap_quota_plugin.so
> Apr 11 13:32:29 imap: Debug: Module loaded:
> /usr/lib64/dovecot/lib11_trash_plugin.so
> Apr 11 13:32:29 imap: Debug: Module loaded:
> /usr/lib64/dovecot/lib20_autocreate_plugin.so
> Apr 11 13:32:29 imap: Debug: Module loaded:
> /usr/lib64/dovecot/lib20_expire_plugin.so
> Apr 11 13:32:29 imap(j...@domain.com): Debug: Effective uid=89, gid=89, home=
> Apr 11 13:32:29 imap(j...@domain.com): Debug: Quota root: name=User quota
> backend=maildir args=
> Apr 11 13:32:29 imap(j...@domain.com): Debug: Quota rule: root=User quota
> mailbox=* bytes=1073741824 messages=0
> Apr 11 13:32:29 imap(j...@domain.com): Debug: Quota warning: bytes=1020054732
> (95%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 95
> j...@domain.com domain.com
> Apr 11 13:32:29 imap(j...@domain.com): Debug: Quota warning: bytes=966367641
> (90%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 90
> j...@domain.com domain.com
> Apr 11 13:32:29 imap(j...@domain.com): Debug: Quota warning: bytes=858993459
> (80%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 80
> j...@domain.com domain.com
> Apr 11 13:32:29 imap(j...@domain.com): Error: user j...@domain.com:
> Initialization failed: Initializing mail storage from mail_location setting
> failed: Home directory not set for user. Can't expand ~/ for mail root dir
> in: ~/Mail
> Apr 11 13:32:29 imap(j...@domain.com): Error: Invalid user settings. Refer to
> server log for more information.
>
> Here is my ldap query:
> pass_filter = (&(objectClass=mailAccount)(uid=%n)(accountStatus=TRUE))
>
> # ldap_attr = dovecot_variable
> pass_attrs = mail=user, userPassword=password,
> mailQuota=userdb_quota_rule=*:bytes=%$,\
> homeDirectory=userdb_home, mailMessageStore=userdb_mail
>
> What is the best way to do in my situation? Should i just add two
> attributes to each LDAP user like mailuid and mailgid and set both these
> variables to `postfix'. Or maybe i should just forget about mail for
> local system users and just user `prefetch' userdb. I'm just mazed
> about dovecot userdb and passdb queries. It so powerful but also so
> hard to understand.
>
> I would appreciate any help, since I peck dovecot authentication and
> userdb-passdb queries like woodpecker starting from last week.
>
> Do I understand right that dovecot during userdb fetches Unix UID which
> will be used to access data on disk? I just want postfix (uid=89) to
> allow to do this.
>
> Here is `dovecot -n' output:
> # 2.0.11: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.18-238.1.1.1.el5 x86_64 CentOS release 5.5 (Final)
> auth_debug = yes
> auth_failure_delay = 3 secs
> auth_mechanisms = plain login
> auth_verbose = yes
> base_dir = /var/run/dovecot/
> disable_plaintext_auth = no
> first_valid_gid = 89
> first_valid_uid = 89
> last_valid_gid = 89
> last_valid_uid = 89
> listen = *
> log_path = /var/log/dovecot
> login_greeting = Dovecot ready to serve.
> mail_debug = yes
> mail_fsync = always
> mail_location = maildir:~/Mail
> mail_nfs_index = yes
> mail_nfs_storage = yes
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date imapflags
> mmap_disable = yes
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf
> driver = ldap
> }
> plugin/autocreate = &BBoEPgRABDcEOAQ9BDA-
> plugin/autocreate2 = &BCEEPwQwBDw-
> plugin/autosubscribe = &BBoEPgRABDcEOAQ9BDA-
> plugin/autosubscribe2 = &BCEEPwQwBDw-
> plugin/expire = &BBoEPgRABDcEOAQ9BDA- 7 &BCEEPwQwBDw- 30
> plugin/login_executable = /usr/libexec/dovecot/managesieve-login
> plugin/mail_executable = /usr/libexec/dovecot/managesieve
> plugin/quota = maildir:User quota
> plugin/quota_rule = *:storage=1GB
> plugin/quota_warning = storage=95%% /usr/libexec/dovecot/quota-warning.sh 95
> %u %d
> plugin/quota_warning2 = storage=90%% /usr/libexec/dovecot/quota-warning.sh 90
> %u %d
> plugin/quota_warning3 = storage=80%% /usr/libexec/dovecot/quota-warning.sh 80
> %u %d
> plugin/sieve_dir = /var/vmail/%d/%1n/%n/.dovecot.sieve
> plugin/sieve_extensions = +imapflags
> plugin/sieve_storage = /var/vmail/%d/%1n/%n/sieve
> protocols = pop3 imap lmtp sieve
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
> }
> }
> service imap-login {
> executable = /usr/libexec/dovecot/imap-login
> inet_listener imap {
> port = 143
> }
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> service_count = 1
> }
> service imap {
> executable = /usr/libexec/dovecot/imap
> }
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0666
> user = postfix
> }
> }
> service managesieve-login {
> executable = /usr/libexec/dovecot/managesieve-login
> inet_listener sieve {
> port = 4190
> }
> service_count = 1
> }
> service managesieve {
> executable = /usr/libexec/dovecot/managesieve
> }
> service pop3-login {
> executable = /usr/libexec/dovecot/pop3-login
> inet_listener pop3 {
> port = 110
> }
> inet_listener pop3s {
> port = 995
> ssl = yes
> }
> service_count = 1
> }
> service pop3 {
> executable = /usr/libexec/dovecot/pop3
> }
> service quota-warning {
> executable = script /usr/libexec/dovecot/quota-warning.sh
> user = dovecot
> }
> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
> ssl_key = </etc/pki/dovecot/private/dovecot.pem
> userdb {
> args = uid=postfix gid=postfix
> driver = static
> }
> protocol imap {
> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
> mail_plugin_dir = /usr/lib64/dovecot
> mail_plugins = autocreate expire quota imap_quota trash
> }
> protocol pop3 {
> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> pop3_lock_session = yes
> pop3_uidl_format = %08Xu%08Xv
> }
> protocol lmtp {
> info_log_path = /var/log/dovecot-lmtp-info.log
> log_path = /var/log/dovecot-lmtp.log
> mail_plugins = quota sieve
> }
>
> Here is my typical LDAP user:
> dn: uid=joe,pdomain=domain.com,ou=mail,dc=org,dc=ru
> objectClass: top
> objectClass: uidObject
> objectClass: mailAccount
> accountStatus: TRUE
> mail: j...@domain.com
> mailQuota: 1073741824
> mailMessageStore: /var/vmail/domain.com/j/joe/Maildir
> mailOwnerFirstName: Joe
> mailOwnerLastName: User
> registerPersonFirstName: Joe
> registerPersonLastName: User
> registerDate: 1301665769
> homeDirectory: /var/vmail/domain.com/j/joe
> uid: joe
> userPassword: {SSHA}FvxQwgDycssHhfoMTtkzogZ0Nh43PpHL
