Re: Username aliases

Thu, 27 Sep 2018 14:09:14 -0700 

On Wed, Sep 26, 2018 at 09:34:07AM +0300, Aki Tuomi 
<aki.tu...@open-xchange.com> wrote:
> # before current passbd
> passdb {
>   driver = passwd-file
>   args = username_format=%Lu /etc/dovecot/aliases
> }
> 
> # into /etc/dovecot/aliases
> alias@user:::::::user=real_username noauthenticate
> 
> This hopefully works.

This seems to work fine and I had the idea of doing something similar
for the userdb, but there it appears that the user name change doesn't
happen.

> auth_debug=yes
> userdb {
>   driver = passwd-file
>   args = username_format=%Lu /etc/dovecot/aliases
>   result_success = continue-ok
> }
> userdb {
>   driver = passwd-file
>   args = username_format=%u /etc/passwd
> }

When I perform a lookup with `doveadm user 't...@xinu.at'` I get many
empty fields since the alias file doesn't have them set. I expected that
they would be fetched from the next userdb (/etc/passwd), but that
doesn't seem to happen. I get this in the log:

> dovecot[10118]: auth: Debug: master in: USER     1       t...@xinu.at    
> service=doveadm debug
> dovecot[10118]: auth: Debug: passwd-file(t...@xinu.at): lookup: 
> user=t...@xinu.at file=/etc/dovecot/aliases
> dovecot[10118]: auth: Debug: passwd-file(t...@xinu.at): lookup: 
> user=t...@xinu.at file=/etc/passwd
> dovecot[10118]: auth: passwd-file(t...@xinu.at): unknown user
> dovecot[10118]: auth: Debug: userdb out: USER    1       t...@xinu.at

So it looks like the user name change doesn't get applied with userdb,
while it works as expected with passdb. Is this expected or is this a
bug?


Just for comparison, the passdb config is this:
> passdb {
>   driver = passwd-file
>   args = username_format=%Lu /etc/dovecot/aliases
> }
> passdb {
>   driver = pam
> }

And when logging in with `doveadm auth test t...@xinu.at` the log looks like 
this:

> dovecot[10118]: auth: Debug: auth client connected (pid=0)
> dovecot[10118]: auth: Debug: client in: AUTH     1       PLAIN   
> service=doveadm debug   resp=<hidden>
> dovecot[10118]: auth: Debug: passwd-file(t...@xinu.at): lookup: 
> user=t...@xinu.at file=/etc/dovecot/aliases
> dovecot[10118]: auth: Debug: passwd-file(t...@xinu.at): username changed 
> t...@xinu.at -> flo
> dovecot[10118]: auth: Debug: passwd-file(flo): Allowing any password
> dovecot[10118]: auth: Debug: passwd-file(flo): Not performing authentication 
> (noauthenticate set)
> dovecot[10118]: auth-worker(10356): Debug: pam(flo): lookup service=dovecot
> dovecot[10118]: auth-worker(10356): Debug: pam(flo): #1/1 style=1 
> msg=Password:
> dovecot[10118]: auth: Debug: client passdb out: OK       1       user=flo     
>            original_user=t...@xinu.at

Florian



Full config:

# 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.2 (7704de5e)
# OS: Linux 4.18.5-arch1-1-ARCH x86_64 Arch Linux 
# Hostname: calima
auth_debug = yes
mail_location = mdbox:~/.mdbox
mail_plugins = zlib
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext
mmap_disable = yes
namespace {
  hidden = no
  inbox = yes
  location = 
  prefix = INBOX.
  separator = .
  type = private
}
passdb {
  args = username_format=%Lu /etc/dovecot/aliases
  driver = passwd-file
}
passdb {
  driver = pam
}
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
  quota = count:User quota
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 Mailbox is full
  quota_status_success = DUNNO
  quota_vsizes = yes
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/.sieve
  sieve_global_dir = /etc/dovecot/sieve/global/
  sieve_global_path = /etc/dovecot/sieve/default.sieve
}
protocols = imap lmtp
service auth {
  user = root
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service quota-status {
  client_limit = 1
  executable = quota-status -p postfix
  unix_listener /var/spool/postfix/private/quota-status {
    group = postfix
    mode = 0660
    user = postfix
  }
}
ssl_cert = </etc/letsencrypt/live/calima.server-speed.net/fullchain.pem
ssl_cipher_list = 
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_dh =  # hidden, use -P to show it
ssl_key =  # hidden, use -P to show it
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
  args = username_format=%Lu /etc/dovecot/aliases
  driver = passwd-file
  result_success = continue-ok
}
userdb {
  args = username_format=%u /etc/passwd
  driver = passwd-file
}
protocol lmtp {
  mail_plugins = zlib sieve
  postmaster_address = postmas...@server-speed.net
}
protocol imap {
  imap_client_workarounds = tb-extra-mailbox-sep
}

Attachment: signature.asc
Description: PGP signature

Reply via email to