Sorry, my fault, I missed some comma on user and pass attrs.
On 8/10/21 1:31 PM, Lucas Castro wrote:
Hello,
I'm trying to map authenticated kerberos users to mail_location,
The problem when I set mail_home =
/var/mail/virtual/domain1.zw.loca/%n works fine.
But if mail_home is set as /var/mail/virtual/%d/%n
I get
Apr 12 19:53:18 postfix10 dovecot: imap-login: Login: user=<user0>,
method=GSSAPI, rip=172.16.0.44, lip=10.16.0.220, mpid=2428,
session=<iPA4Yc6/lJCsEAAs>
Apr 12 19:53:18 postfix10 dovecot: imap(us...@domain1.zw.local
=login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Added userdb
setting: plugin/=yes
Apr 12 19:53:18 postfix10 dovecot: imap(us...@domain1.zw.local
=login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Effective uid=5000,
gid=5000, home=/var/mail/virtual/domain1.zw.local =login_user=user0/user0
Right here, I can't figure out why login_user=user0/user0
Apr 12 19:53:18 postfix10 dovecot: imap(us...@domain1.zw.local
=login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Namespace inbox:
type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes,
subscriptions=yes location=maildir:~/mail
Now login_user=user0
Apr 12 19:53:18 postfix10 dovecot: imap(us...@domain1.zw.local
=login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: maildir++:
root=/var/mail/virtual/domain1.zw.local =login_user=user0/user0/mail,
index=, indexpvt=, control=, inbox=/var/mail/virtual/domain1.zw.local
=login_user=user0/user0/mail, alt=
then login_user=user0/user0/mail
Apr 12 19:53:18 postfix10 dovecot: imap(us...@domain1.zw.local
=login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Mailbox INBOX:
Mailbox opened because: SELECT
doveconf -n
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 5.10.0-7-amd64 x86_64 Debian 10.6
# Hostname: postfix10.zw.local
auth_debug = yes
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/imap.keytab
auth_mechanisms = gssapi
auth_verbose = yes
disable_plaintext_auth = no
import_environment = TZ KRB5CCNAME=/etc/dovecot/imap.ticket
KRB5_KTNAME=/etc/dovecot/imap.keytab
mail_debug = yes
mail_gid = 5000
mail_home = /var/mail/virtual/%d/%n
mail_location = maildir:~/mail
mail_privileged_group = mail
mail_uid = 5000
namespace inbox {
disabled = no
inbox = yes
list = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocols = " imap lmtp pop3"
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = no
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
userdb {
driver = prefetch
}
protocol lmtp {
postmaster_address = postmaster@zw.local
}
egrep -v "^$|^#" /etc/dovecot/dovecot-ldap.conf.ext
uris = ldap://ldap10.zw.local
auth_bind = yes
sasl_bind = yes
sasl_mech = gssapi
sasl_realm = zw.local
debug_level = -1
ldap_version = 3
base = dc=zw,dc=local
user_attrs = \
=user=%{ldap:mail} \
=login_user=%{ldap:uid}
user_filter = (uid=%n)
pass_attrs = \
=user=%{ldap:uid},\
=k5principals=%{ldap:krbPrincipalName}
pass_filter = (&(objectClass=krbPrincipalAux)(uid=%n))
--
Lucas Castro
