how to make user iteration work (ldap)

Tue, 04 Jul 2017 05:42:12 -0700 

Hi,

User iteration doesn't work, we're getting:

auth: Error: Trying to iterate users, but userdbs don't support it



The way I understand it, I need to set iterate_attrs and iterate_filter 
for iteration to work. I have set it, and yet it does't work with the 
above failure.


Our config is against ldap (active directory) and generdoveadm user -u "*"

oalally works fine. Can anyone here take a quick look, and tell me how 
to make

> doveadm user -u "*"
work?

Below are the required configs. Any tips would be appreciated...!

MJ


root@dovetest:/etc/dovecot# doveconf -n
# 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.7 xfs
auth_debug = yes
auth_debug_passwords = yes
auth_failure_delay = 400 secs
auth_master_user_separator = *
auth_mechanisms = plain login
auth_username_format = %Ln
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot/dovecot.debug
deliver_log_format = %f | %s | msgid=%m: %$
disable_plaintext_auth = no
info_log_path = /var/log/dovecot/dovecot.info
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
log_path = /var/log/dovecot/dovecot.err
login_greeting = Dovecot ready.
mail_gid = vmail
mail_location = maildir:/var/vmail/%Ln/Maildir:LAYOUT=fs:DIRNAME=mAildir
mail_plugins = acl lazy_expunge zlib quota mail_log notify
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
namespace {
  list = children
  location = 
maildir:/var/vmail/%%u/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%u/shared/%%u
  prefix = shared/%%n/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes

  location = 
  mailbox "Deleted items" {

    special_use = \Trash
  }
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent items" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  mailbox inbox {
    auto = subscribe
  }

  prefix = 
  separator = /

  type = private
}
passdb {
  args = /etc/dovecot/master-users
  driver = passwd-file
  master = yes
}
passdb {
  args = failure_show_msg=yes dovecot
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
  skip = authenticated
}
plugin {
  acl = vfile
  acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename 
append
  mail_log_fields = uid box msgid from subject
  quota = maildir
  quota_rule = ?:storage=5G
  quota_rule2 = Trash:storage=+100M
  quota_warning = storage=97%% quota-warning 97 %u
  quota_warning2 = storage=95%% quota-warning 95 %u
  quota_warning3 = storage=90%% quota-warning 90 %u
  quota_warning4 = storage=85%% quota-warning 85 %u
  quota_warning5 = storage=80%% quota-warning 80 %u
  quota_warning6 = -storage=100%% quota-warning below %u
  sieve = ~/.dovecot.sieve
  sieve_default = /var/lib/dovecot/default.sieve
  sieve_dir = ~/sieve
}
protocols = imap lmtp sieve
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0666
    user = vmail
  }
}
service imap-login {
  process_limit = 500
  process_min_avail = 2
}
service quota-warning {
  executable = script /usr/local/bin/quota-warning.sh
  unix_listener quota-warning {
    user = vmail
  }
  user = dovecot
}
ssl_ca = </etc/ssl/comodo/chain.crt
ssl_cert = </etc/ssl/comodo/server.crt
ssl_key =  # hidden, use -P to show it
ssl_protocols = !SSLv2 !SSLv3
userdb {
  args = uid=vmail gid=vmail home=/var/vmail/%n allow_all_users=yes
  driver = static
}
verbose_proctitle = yes
protocol lda {
  mail_plugins = acl lazy_expunge zlib quota mail_log notify sieve quota
}
protocol imap {
  imap_max_line_length = 2 M
  mail_max_userip_connections = 30
  mail_plugins = acl lazy_expunge zlib quota mail_log notify imap_quota imap_acl
}


and dovecot-ldap.conf.ext:

hosts = 127.0.0.1:391
dn = cn=search,cn=users,dc=company,dc=com
dnpass = secret
tls = no
debug_level = 0
auth_bind = yes
base = CN=Users, DC=samba, DC=cmpany, DC=com
scope = subtree
user_attrs = 
=home=/var/vmail/%n/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%n/shared/%n,=mail=maildir:/var/vmail/%n/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%n/shared/%n
user_filter = 
(&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514)))
pass_filter = 
(&(objectclass=person)(sAMAccountName=%n)(!(userAccountControl=514)))
iterate_attrs = sAMAccountName=user
iterate_filter = (objectClass=person)














    











					Reply via email to