-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 6 Jun 2017, Sandbox wrote:

Its weird, when i sat up (&(uid=%n)(mail=*@%{domain1.com})) as user_filter:
                                            ^^^^^^^^^^
https://wiki2.dovecot.org/Variables?highlight=%28domain%29

The variable is named domain.

auth: Debug: auth client connected (pid=14697)
auth: Debug: client in: AUTH    1       PLAIN   service=imap    secured
session=3Ej8PkdRAgDAqAG3        lip=192.168.34.10       rip=192.168.34.18
   lport=143       rport=59394
auth: Debug: client passdb out: CONT    1
auth: Debug: client in: CONT<hidden>
auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): pass search:
base=ou=People,dc=domain1,dc=com scope=subtree filter=(uid=testuser1)
fields=uid,userPassword
auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): result: uid=
testuser1 userPassword=<hidden>; uid,userPassword unused
auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): result: uid=
testuser1 userPassword=<hidden>
auth: Debug: client passdb out: OK      1       user=testuser1 %n=testuser1
auth: Debug: master in: REQUEST 3018063873      14697   1
3f04b57a81e1750e279d4dfec2e35414        session_pid=14699
request_auth_token
auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): user search:
base=ou=People,dc=domain1,dc=com scope=subtree filter=(&(uid=testuser
1)(mail=*@domain1.com})) fields=uid
          ^^^^^^^^^^^^^^^


auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): no fields
returned by the server
auth: Info: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): unknown user
auth: Debug: master userdb out: NOTFOUND        3018063873
imap-login: Info: Internal login failure (pid=14697 id=1) (internal
failure, 1 successful auths): user=<testuser1>, method=PLAIN,
rip=192.168.34.18, lip=192.168.34.10, mpid=14699, TLS,
session=<3Ej8PkdRAgDAqAG3>

As I understand the filter should give back this result: "testuser1" when
the mail record is *@domain1.com.

and when i sat up the "old" method (uid=%n)

auth: Debug: auth client connected (pid=14739)
auth: Debug: client in: AUTH    1       PLAIN   service=imap    secured
session=6v9kQkdREADAqAG3        lip=192.168.34.10       rip=192.168.34.18
   lport=143       rport=59408
auth: Debug: client passdb out: CONT    1
auth: Debug: client in: CONT<hidden>
auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): pass search:
base=ou=People,dc=domain1,dc=com scope=subtree filter=(uid=testuser1)
fields=uid,userPassword
auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result:
uid=testuser1 userPassword=<hidden>; uid,userPassword unused
auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result:
uid=testuser1 userPassword=<hidden>
auth: Debug: client passdb out: OK      1       user=testuser1 %n=testuser1
auth: Debug: master in: REQUEST 2349465601      14739   1
30535968cbadc3948ed4578ae769de33        session_pid=14741
request_auth_token
auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): user search:
base=ou=People,dc=domain1,dc=com scope=subtree filter=(uid=testuser1)
fields=uid
auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result:
uid=testuser1; uid unused
auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result:
uid=testuser1
auth: Debug: master userdb out: USER    2349465601      testuser1
  auth_token=5f171ed4c66480dcc89a21709b062753c151aede
imap-login: Info: Login: user=<testuser1>, method=PLAIN, rip=192.168.34.18,
lip=192.168.34.10, mpid=14741, TLS, session=<6v9kQkdREADAqAG3>

btw, its Dovecot 2.2.18 (Ubuntu 16.04 LTS)

Robert


2017-06-03 18:18 GMT+02:00 Sami Ketola <sami.ket...@dovecot.fi>:


On 2 Jun 2017, at 11.40, Aki Tuomi <aki.tu...@dovecot.fi> wrote:

Dovecot 2.2.29+ has feature called username_filter for passdb blocks,
which lets you specify usernames the passdb block is to be used. This could
simplify your config somewhat. See https://wiki.dovecot.org/
PasswordDatabase


Small mistake. That feature is in 2.2.30+

Sami




- -- Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBWTarLHz1H7kL/d9rAQIIWAgAoWPAG/Q86Yt0CH1Zn1KdlXsTpk5NHc02
4snBpPo5nptJ9ZqUsuvQaGVu7iYqOZV4fJjONJAaPOrOkhxvGSa0twOlgF/+uNxs
FJt5xn13OjuTKKOX24GTXxStVqQp0uOysGMlV3aFJudOCFig584IBtZa4Xdmky8Q
GV2LHspK0go04YSZ7O8kSIJHcjEHsgOiO2OPl6jJo5rR7StVvzXIHOqeOLVeMWdS
VDYDKxBcKf83HUgRJE0FU1zfR3UTrV/nwSTi232xgQ5XXhjY1fHZGirceaEleZkH
T7Y6rzblph29eu4+xGcxEtJe0MQ5H03qP2lahGFj8IMzo9F5y1eB0w==
=hDv0
-----END PGP SIGNATURE-----

Reply via email to