On 28.09.2018 00:08, Florian Pritz wrote: > On Wed, Sep 26, 2018 at 09:34:07AM +0300, Aki Tuomi > <[email protected]> wrote: >> # before current passbd >> passdb { >> driver = passwd-file >> args = username_format=%Lu /etc/dovecot/aliases >> } >> >> # into /etc/dovecot/aliases >> alias@user:::::::user=real_username noauthenticate >> >> This hopefully works. > This seems to work fine and I had the idea of doing something similar > for the userdb, but there it appears that the user name change doesn't > happen. > >> auth_debug=yes >> userdb { >> driver = passwd-file >> args = username_format=%Lu /etc/dovecot/aliases >> result_success = continue-ok >> } >> userdb { >> driver = passwd-file >> args = username_format=%u /etc/passwd >> } > When I perform a lookup with `doveadm user '[email protected]'` I get many > empty fields since the alias file doesn't have them set. I expected that > they would be fetched from the next userdb (/etc/passwd), but that > doesn't seem to happen. I get this in the log: > >> dovecot[10118]: auth: Debug: master in: USER 1 [email protected] >> service=doveadm debug >> dovecot[10118]: auth: Debug: passwd-file([email protected]): lookup: >> [email protected] file=/etc/dovecot/aliases >> dovecot[10118]: auth: Debug: passwd-file([email protected]): lookup: >> [email protected] file=/etc/passwd >> dovecot[10118]: auth: passwd-file([email protected]): unknown user >> dovecot[10118]: auth: Debug: userdb out: USER 1 [email protected] > So it looks like the user name change doesn't get applied with userdb, > while it works as expected with passdb. Is this expected or is this a > bug? > > > Just for comparison, the passdb config is this: >> passdb { >> driver = passwd-file >> args = username_format=%Lu /etc/dovecot/aliases >> } >> passdb { >> driver = pam >> } > And when logging in with `doveadm auth test [email protected]` the log looks like > this: > >> dovecot[10118]: auth: Debug: auth client connected (pid=0) >> dovecot[10118]: auth: Debug: client in: AUTH 1 PLAIN >> service=doveadm debug resp=<hidden> >> dovecot[10118]: auth: Debug: passwd-file([email protected]): lookup: >> [email protected] file=/etc/dovecot/aliases >> dovecot[10118]: auth: Debug: passwd-file([email protected]): username changed >> [email protected] -> flo >> dovecot[10118]: auth: Debug: passwd-file(flo): Allowing any password >> dovecot[10118]: auth: Debug: passwd-file(flo): Not performing authentication >> (noauthenticate set) >> dovecot[10118]: auth-worker(10356): Debug: pam(flo): lookup service=dovecot >> dovecot[10118]: auth-worker(10356): Debug: pam(flo): #1/1 style=1 >> msg=Password: >> dovecot[10118]: auth: Debug: client passdb out: OK 1 user=flo >> [email protected] > Florian > > > > Full config: > > # 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.2 (7704de5e) > # OS: Linux 4.18.5-arch1-1-ARCH x86_64 Arch Linux > # Hostname: calima > auth_debug = yes > mail_location = mdbox:~/.mdbox > mail_plugins = zlib > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character > vacation subaddress comparator-i;ascii-numeric relational regex imap4flags > copy include variables body enotify environment mailbox date index ihave > duplicate mime foreverypart extracttext > mmap_disable = yes > namespace { > hidden = no > inbox = yes > location = > prefix = INBOX. > separator = . > type = private > } > passdb { > args = username_format=%Lu /etc/dovecot/aliases > driver = passwd-file > } > passdb { > driver = pam > } > plugin { > mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename > mail_log_fields = uid box msgid size > quota = count:User quota > quota_status_nouser = DUNNO > quota_status_overquota = 552 5.2.2 Mailbox is full > quota_status_success = DUNNO > quota_vsizes = yes > sieve = ~/.dovecot.sieve > sieve_dir = ~/.sieve > sieve_global_dir = /etc/dovecot/sieve/global/ > sieve_global_path = /etc/dovecot/sieve/default.sieve > } > protocols = imap lmtp > service auth { > user = root > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > } > service quota-status { > client_limit = 1 > executable = quota-status -p postfix > unix_listener /var/spool/postfix/private/quota-status { > group = postfix > mode = 0660 > user = postfix > } > } > ssl_cert = </etc/letsencrypt/live/calima.server-speed.net/fullchain.pem > ssl_cipher_list = > EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA > ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > ssl_options = no_compression > ssl_prefer_server_ciphers = yes > userdb { > args = username_format=%Lu /etc/dovecot/aliases > driver = passwd-file > result_success = continue-ok > } > userdb { > args = username_format=%u /etc/passwd > driver = passwd-file > } > protocol lmtp { > mail_plugins = zlib sieve > postmaster_address = [email protected] > } > protocol imap { > imap_client_workarounds = tb-extra-mailbox-sep > } > > > > > >
Username change should've occured in userdb too, although with passwd_file you probably need to return it as userdb_user. Aki
signature.asc
Description: OpenPGP digital signature
