On 23/06/15 09:32, Steffen Kaiser wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 22 Jun 2015, lejeczek wrote:
On 22/06/15 09:43, Steffen Kaiser wrote:
On Mon, 22 Jun 2015, lejeczek wrote:
On 22/06/15 09:16, lejeczek wrote:
to=<me@my.domain>,orig_to=<root@localhost>,
relay=dovecot, delay=39296, delays=39294/2.2/0/0.27,
dsn=4.3.0, status=deferred (temporary failure)
and dovecot logs no error, despite having debug to yes
in couple of places,
it shows:
auth: Debug: master in: USER 1 me@my.domain
service=lda
auth-worker(25343): Debug: passwd(me@my.domain): lookup
auth-worker(25343): passwd(me@my.domain): unknown user
auth: Debug: ldap(me@my.domain): user search:
base=ou=People,dc=my,dc=domain scope=subtree
filter=(&(objectClass=person)(uid=me)) fields=
auth: Debug: ldap(me@my.domain): result:
objectClass=top,top,top,top,
... here goes the whole lot of ldap atrribs, and at
the end:
unused.
For passdb & userdb in the configs I only configure
ldap backed, nothing else. Ldap works, I can query it
without failling.
I believe it's very simple set up but I must be wrong
somewhere.
pass_filter = (&(objectClass=posixAccount)(uid=%n))
pass_attrs = uid=user=%n,userPassword=password
Use either uid=user oder =user=%n but not uid=user=%n. I
would use uid=user, so the user cannot specify the case
of the username.
user_attrs =
=home=/var/spool/mail/%d/%n,=mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n
user_filter = (&(objectClass=person)(uid=%n))
even stranger, if I use(along with ldap in configs):
Please post:
complete doveconf -n
and the complete LDAP config being referenced by the
config.
userdb {
driver = static
args = uid=vmail gid=mail home=/var/spool/mail/%d/%n
mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n
sieve_storage=/var/spool/mail/%d/%n/SIEVE
sieve=/var/spool/mail/%d/%n/dovecot.sieve
}
dovecot start to core dump:
auth: Fatal: master: service(auth): child 9188 killed
with signal 11 (core dumped)
auth_debug = yes
The first lines should be something like this:
# 2.2.18 (8906101589f9):
/usr/local/dovecot-2.2.18/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.8 (3df7e50f986d)
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.10
What version are you using?
auth_mechanisms = login
auth_verbose = yes
first_valid_uid = 999
mail_debug = yes
mail_location = maildir:/var/spool/mail/my.domain/%u/Maildir
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress
comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox
date ihave
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
Did you've removed or commented the line :
10-auth.conf:#!include auth-system.conf.ext
?
passdb {
args = /etc/dovecot/ldap-passdb-my.domain.conf
driver = ldap
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_storage = SIEVE
}
protocols = imap sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = mail
mode = 0660
user = vmail
}
unix_listener auth-userdb {
group = mail
mode = 0660
user = vmail
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
}
}
ssl = required
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/ldap-userdb-my.domain.conf
driver = ldap
}
protocol lmtp {
mail_plugins = " sieve"
}
protocol lda {
mail_plugins = " sieve"
}
#ldap-passdb
hosts = localhost
uris = ldap://localhost:389/
ldap_version = 3
base = ou=People,dc=my,dc=domain
dn = cn=Manager,dc=my,dc=domain
dnpass = my.pass
auth_bind = no
pass_attrs = uid=%n,userPassword=password
uid=%n makes no sense. Please use just:
pass_attrs = userPassword=password
pass_filter = (&(objectClass=posixAccount)(uid=%n))
#ldap-userdb
hosts = localhost
uris = ldap://localhost:389/
ldap_version = 3
base = ou=People,dc=my,dc=domain
dn = cn=Manager,dc=my,dc=domain
dnpass = my.pass
auth_bind = no
user_attrs =
=home=/var/spool/mail/%d/%n,=mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n
user_filter = (&(objectClass=person)(uid=%n))
default_pass_scheme = SSHA
It cannot be postfix if it relays and dovecots gets these
relays. Can it be?
I have tried your config with above mentioned version,
with LDAP as only passdb and userdb and these LDAP-settings:
hosts = localhost
auth_bind = yes
base = <baseDN>
deref = searching
user_attrs =
=home=/var/spool/mail/%d/%n,=mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n
user_filter = (&(objectClass=fhMailAlias)(uid=%n))
pass_attrs = userPassword=password
pass_filter =
(&(objectClass=fhMailAlias)(uid=%Ln)(!(deniedService=%Ls)))
iterate_filter = (objectClass=fhMailAlias)
Note the pass_attrs. Then I submitted a new message with:
socat stdin UNIX:/var/run/dovecot2.2/lmtp
LHLO loc
mail from:<m...@example.com>
rcpt to:<ot...@example.com>
data
Subject: 1
1
.
successfully. Maildir was created and message spooled to
/var/spool/mail/example.com/other/Maildir. Then I logged
in via IMAP successfully as well.
I also tried the other order: reload Dovecot to flush any
caches, log in via IMAP and submit via LMTP.
You should however note the following:
Both filters treat users "m...@example.com" and
"me@localhost.localdomain" as the same user, because they
match the same LDAP item (uid=%n), however the directories
of the users _should_ differ, but they won't as long as
the user's information is cached in the auth cache.
That means:
doveadm auch cache flush
doveadm user m...@example.net
doveadm user m...@example.com
returns the date for m...@example.net in both cases and
doveadm auch cache flush
doveadm user m...@example.com
doveadm user m...@example.net
returns the data for m...@example.com in both cases.
it's weird I know, I do:
# doveadm auth test -x service=smtp -x rip=172.25.12.214
me@my.domain
Password:
passdb: me@my.domain auth succeeded
extra fields:
user=me@my.domain
and in the logs:
auth-worker(32531): Debug: pam(me@my.domain,172.25.12.214):
lookup service=dovecot
auth-worker(32531): Debug: pam(me@my.domain,172.25.12.214):
#1/1 style=1 msg=Password:
pam_unix(dovecot:auth): check pass; user unknown
pam_unix(dovecot:auth): authentication failure; logname=
uid=0 euid=0 tty=dovecot ruser=me@my.domain rhost=172.25.12.214
auth-worker(32531): pam(me@my.domain,172.25.12.214): unknown
user
auth: Debug: ldap(me@my.domain,172.25.12.214): pass search:
base=ou=spotdepression.org,ou=mail,dc=virtual,dc=hosting
scope=subtree
filter=(&(objectclass=person)(|(uid=info)(mail=me@my.domain)))
fields=uid,userPassword
auth: Debug: ldap(me@my.domain,172.25.12.214): result:
uid=info userPassword=<hidden>; uid,userPassword unused
auth: Debug: ldap(me@my.domain,172.25.12.214): result:
uid=info userPassword=<hidden>
auth: Debug: client passdb out: OK 1 user=me@my.domain
so it seems fine, right?
only I do simple test on that dovecot locally
echo repli_test | mail -s "repl test" my@my.domain
to get:
auth-worker(365): Debug: passwd(me@my.domain): lookup
auth-worker(365): passwd(me@my.domain): unknown user
auth: Debug: password(me@my.domain): passdb doesn't support
credential lookups
auth: Debug: ldap(me@my.domain): pass search:
base=ou=spotdepression.org,ou=mail,dc=virtual,dc=hosting
scope=subtree
filter=(&(objectclass=person)(|(uid=info)(mail=me@my.domain)))
fields=uid,userPassword
auth: Debug: ldap(me@my.domain): result: uid=info
userPassword=<hidden>; uid,userPassword unused
auth: Debug: ldap(me@my.domain): result: uid=info
userPassword=<hidden>
auth: Fatal: master: service(auth): child 364 killed with
signal 11 (core dumped)
the same error with:
doveadm user me@my.domain
so it's must be userdb, right?
maybe it's postfix twisting something?
- -- Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEVAwUBVYkZtnz1H7kL/d9rAQIZEQf6AsT93VQg1bvF+kla4q9m/0cFlZpAEzDl
t4V1XwiYUENBCCvXuxKpY1QvKCKVwryS+GUbPh0eP0t+Rjl6bOT1wP4qwkOlRIkN
V6kmx6sBabdObTUgI1kl07ss2vt0MVzjFh5WDRPz6Z/UzKRIGkuphzksVle14GDG
UefgtdOYhR+Mfn0nRil2FOSFbWnMgR/9rkKEBr7Ou4vxgU7BF1nfOUA/bmc/tEF+
oMuNkq8xdsKmuN5AhbIghUr3o4DARW0KnLCo4uUJTx7BRreO651Cw4K3fwKlRyAu
Pvt4NqxAkJ2Iyu0lFc60xkN0RX+vndfqGOwfIwRYhiBIbX03Cvesaw==
=Hn9X
-----END PGP SIGNATURE-----
