Signatur Averlon info In addition to my info before, here is my ldap file.
hosts = localhost
dn = cn=aadmin,dc=averlon,dc=loc
#dnpass =
sasl_bind = no
auth_bind = no
ldap_version = 3
base = ou=user,dc=averlon,dc=loc
scope = onelevel
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid,
=mail=/home/vmail/%n/Maildir/
user_filter = (&(objectClass=posixAccount)(uid=%u))
pass_attrs = uid=user,userPassword=password
pass_filter = (&(objectClass=posixAccount)(uid=%u))
default_pass_scheme = MD5-CRYPT
Regards
Karl-Heinz Fischbach
Am 08.01.2013 17:36, schrieb Averlon:
> Hi,
> I know that the ldap query does not return the result I expected.
>
> Question is why.
> Question is why does doevcot look at ldap with the recipients e-Mail
> address. What does dovecot look for?
> Yes, I know, it is a password request. But why look for a password for
> the recipients e-Mail address user?
>
> Since I have static userdb the mailbox to deliver to is defined.
> I agree, since the delivery mailbox has "%n" as part of the path, the
> "uid" must get looked up somewhere, probably via ldap. But how to
> configure this.
>
> +++
> # 2.0.19: /etc/dovecot/dovecot.conf
> # OS: Linux 3.2.0-35-generic x86_64 Ubuntu 12.04.1 LTS
> auth_debug = yes
> auth_mechanisms = plain login cram-md5
> auth_username_format = %Lu
> hostname = mail.av.loc
> mail_gid = vmail
> mail_location = maildir:~/Maildir
> mail_privileged_group = vmail
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date ihave
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> }
> protocols = imap pop3 sieve
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
> }
> unix_listener auth-userdb {
> group = vmail
> mode = 0660
> user = vmail
> }
> }
> ssl_cert = </etc/ssl/certs/dovecot.pem
> ssl_cipher_list =
> ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
> ssl_key = </etc/ssl/private/dovecot.pem
> syslog_facility = avdove
> userdb {
> args = uid=vmail gid=vmail home=/home/vmail/%n
> driver = static
> }
> protocol lda {
> mail_plugins = " sieve"
> sendmail_path = /usr/sbin/sendmail
> }
> +++
>
> I have switched off
> "smtpd_tls_loglevel = 2"
>
> Be ensured I have looked at the ldap page - but I am currently lost
> where to configure what.
> Signatur Averlon info
>
>
>
> Mit freundlichen Grüßen / Kind Regards
>
> Karl-Heinz Fischbach
>
>
> Skype: khfischbach
> jabber: aver...@jabber.org
> Blog: averlon.posterous.com
>
> Signatur:
> Diese e-mail ist unter Umständen signiert. Die Signatur entspricht dem
> Deutschen Signaturgesetz und entsprechenden europäischen Regelungen.
> Important Note:
> This e-mail may contain trade secrets or privileged, undisclosed or
> otherwise confidential information. If you have received this e-mail in
> error, you are hereby notified that any review, copying or distribution
> of it is strictly prohibited. Please inform us immediately and destroy
> the original transmittal.
>
> Signatur Averlon info
>
>
>
> Am 08.01.2013 01:11, schrieb /dev/rob0:
>> On Mon, Jan 07, 2013 at 08:00:37PM +0100, Averlon wrote:
>>> can anyone tell me where these "unknown users" come from.
>>> Jan 7 19:43:11 f42252se postfix/pipe[14632]: 9A86C30007C:
>>> to=<redm...@averlon.loc>, relay=spamassassin, delay=2.2,
>>> delays=0.05/0/0/2.1, dsn=2.0.0, status=sent (delivered via
>>> spamassassin service)
>>> Jan 7 19:43:11 f42252se postfix/qmgr[14561]: 9A86C30007C: removed
>> The original message is successfully delivered to your content
>> filter.
>>
>>> Jan 7 19:43:11 f42252se dovecot: auth: Debug: master in:
>>> USER#0111#011redm...@averlon.loc#011service=lda
>>> Jan 7 19:43:11 f42252se dovecot: auth: Debug:
>>> ldap(redm...@averlon.loc): pass search:
>>> base=ou=user,dc=averlon,dc=loc scope=onelevel
>>> filter=(&(objectClass=posixAccount)(uid=redm...@averlon.loc))
>>> fields=uid,userPassword
>> Here's one of your LDAP queries.
>>
>>> Jan 7 19:43:11 f42252se dovecot: auth: ldap(redm...@averlon.loc):
>>> *unknown user*
>>> Jan 7 19:43:11 f42252se dovecot: auth: Debug: master out: NOTFOUND#0111
>>> Jan 7 19:43:11 f42252se postfix/pipe[14637]: BE0AC30007F:
>>> to=<redm...@averlon.loc>, relay=dovecot, delay=0.02, delays=0/0/0/0.01,
>>> dsn=5.1.1, status=bounced (user unknown)
>> The content filter reinjects via sendmail(1), and the pipe(8) to the
>> Dovecot LDA fails. Your LDAP query is not returning what you expect,
>> or you're not querying for the right thing.
>>
>>> Jan 7 19:43:11 f42252se postfix/cleanup[14631]: C279030007E:
>>> message-id=<20130107184311.c2790300...@mail.av.loc>
>>> Jan 7 19:43:11 f42252se postfix/qmgr[14561]: C279030007E: from=<>,
>>> size=3182, nrcpt=1 (queue active)
>>> Jan 7 19:43:11 f42252se postfix/bounce[14639]: BE0AC30007F: sender
>>> non-delivery notification: C279030007E
>>> Jan 7 19:43:11 f42252se postfix/qmgr[14561]: BE0AC30007F: removed
>>> Jan 7 19:43:11 f42252se dovecot: auth: Debug: master in:
>>> USER#0111#011avad...@av.loc#011service=lda
>>> Jan 7 19:43:11 f42252se dovecot: auth: Debug: ldap(avad...@av.loc):
>>> pass search: base=ou=user,dc=averlon,dc=loc scope=onelevel
>>> filter=(&(objectClass=posixAccount)(uid=avad...@av.loc))
>>> fields=uid,userPassword
>> There's another one of your queries, looking up the sender address
>> for delivery of the bounce.
>>
>>> Jan 7 19:43:11 f42252se dovecot: auth: ldap(avad...@av.loc): *unknown user*
>>> Jan 7 19:43:11 f42252se dovecot: auth: Debug: master out: NOTFOUND#0111
>>> Jan 7 19:43:11 f42252se postfix/pipe[14637]: C279030007E:
>>> to=<avad...@av.loc>, relay=dovecot, delay=0.01, delays=0/0/0/0.01,
>>> dsn=5.1.1, status=bounced (user unknown)
>>> Jan 7 19:43:11 f42252se postfix/qmgr[14561]: C279030007E: removed
>> Same thing happens to the bounce. Being undeliverable, your mail is
>> gone.
>>
>>> +++
>>> Tell me what you need as additional info.
>> Turn off verbose logging in Postfix, as Charles pointed out. I guess
>> it's only the TLS logging that you have made verbose.
>>
>> Review the Dovecot wiki / wiki2 (you didn't say what version you are
>> using?) page on LDAP.
>
smime.p7s
Description: S/MIME Kryptografische Unterschrift
