[Dovecot] IMAP Proxying and SSL Certificates on OpenBSD

2013-08-15 Thread dago 

Hi list,
 
I am currently trying to configure dovecot to act as a imap proxy in front of a 
Groupwise server. Because of a policy no services of the gw server may be 
directly served to the web. So currently this is only a security measure. 
Dovecot was previously used for providing sasl-auth capabilities to postfix. 
IMAP proxy features should be added now. Authentication backend is LDAP. OS is 
OpenBSD 5.2. Dovecot version is 2.1.8. 
 
Currently I am fighting with the following error in the logs:
 

dovecot: master: Dovecot v2.1.8 starting up
dovecot: auth: Warning: userdb passwd: Move templates args to override_fields 
setting
dovecot: auth: Error: passwd(username,78.104.X.X,): 
getpwnam() failed: Operation not permitted
dovecot: imap-login: Login: user=, method=PLAIN, rip=78.104.X.X, 
lip=5.9.X.X, mpid=1765, session=
dovecot: imap(username): Error: user username: Initialization failed: 
Initializing mail storage from mail_location setting failed: imapc: missing 
imapc_password
dovecot: imap(username): Error: Invalid user settings. Refer to server log for 
more information.
 
I hope to also see therein the cause for not providing STARTTLS:
 

# openssl s_client -connect mail.example.com:143 -starttls imap
CONNECTED(0003)
didn't found STARTTLS in server response, try anyway...
15096:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
protocol:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s23_clnt.c:607:
 
As postfix is already using the certificates, they should be okay ….
 

# dovecot -n
# 2.1.8: /etc/dovecot/dovecot.conf
# OS: OpenBSD 5.2 i386  
disable_plaintext_auth = no
imapc_host = 10.0.0.2
mail_gid = vmail
mail_home = /home/vmail/%u
mail_location = imapc:~/imapc
mail_uid = vmail
passdb {
  args = scheme=plain-md5 username_format=%n /etc/dovecot/passwd
  driver = passwd-file
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf
  default_fields = userdb_imapc_user=%u userdb_imapc_password=%w
  driver = ldap
}
protocols = imap
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = _postfix
    mode = 0660
    user = _postfix
  }
  user = root
}
service imap-login {
  chroot = login
}
service pop3-login {
  chroot = login
}
ssl = no
ssl_ca =

Re: [Dovecot] IMAP Proxying and SSL Certificates on OpenBSD

2013-08-15 Thread dago 
Thank you..
 
Sorry, seem to have missed that ... It's working now. Still any ideas on the 
SSL thing? 
 
STARTLS is not available and dovecot is not listening on 993. There is no info 
in the logs, even with verbose_ssl ... Certificates are working in postfix ...
 
Thanks in advance!
 
Best regards
 

Gesendet: Donnerstag, 15. August 2013 um 22:05 Uhr
Von: "Timo Sirainen" 
An: "Dovecot Mailing List" 
Betreff: Re: [Dovecot] IMAP Proxying and SSL Certificates on OpenBSD
On 15.8.2013, at 20.23, d...@quantentunnel.de wrote:

> dovecot: imap(username): Error: user username: Initialization failed: 
> Initializing mail storage from mail_location setting failed: imapc: missing 
> imapc_password
..
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf
> default_fields = userdb_imapc_user=%u userdb_imapc_password=%w
> driver = ldap
> }

Here you are setting the userdb_* fields, which work only with userdb prefetch.

> userdb {
> args = username_format=%n /etc/dovecot/passwd
> driver = passwd
> }
> userdb {
> args = /etc/dovecot/dovecot-ldap.conf
> driver = ldap
> }

But you're not using userdb prefetch.
 
 
 

[Dovecot] Authentification Dovecot + Samba4

2013-12-06 Thread dago 

Hello list,

I am struggling with setting up dovecot 2.1.7 with samba 4.1.2 on debian 
wheezy. Dovecot should authenticate via LDAP, but I cannot get it to work 
reliably. Sometimes auth works, sometimes not. Referals are already activated 
in ldap.conf … LDAP-authentication works fine with other clients (Apache 
Directory Studio, …) 
Has somebody got a similar setup running? I would love some hints on how to 
debug this issue …

Thank you!


Regards




dovecot-ldap.conf
hosts = 192.168.188.156:389
dn = CN=Administrator,CN=Users,DC=DOMAIN,DC=LOCAL
dnpass = Test123
auth_bind = yes
ldap_version = 3
base = DC=DOMAIN,DC=LOCAL
tls = no
debug_level = -1
ldap_version = 3
scope = subtree
user_attrs = uidNumber=uid,gidNumber=gid
user_filter = (&(&(objectClass=Person)(sAMAccountName=%u)))
pass_attrs = sAMAccountName=user,userPassword=password
pass_filter = (&(&(objectClass=Person)(sAMAccountName=%u)))



logs:
srv1 dovecot: auth: Debug: auth client connected (pid=0)
srv1 dovecot: auth: Debug: client in: 
AUTH#0111#011PLAIN#011service=doveadm#011resp=
srv1 dovecot: auth: Debug: ldap(john): bind search: base=DC=DOMAIN,DC=LOCAL 
filter=(&(&(objectClass=Person)(sAMAccountName=john)))
srv1 dovecot: auth: Error: ldap_search
srv1 dovecot: auth: Error: put_filter: 
"(&(&(objectClass=Person)(sAMAccountName=john)))"
srv1 dovecot: auth: Error: put_filter: AND
srv1 dovecot: auth: Error: put_filter_list 
"(&(objectClass=Person)(sAMAccountName=john))"
srv1 dovecot: auth: Error: put_filter: 
"(&(objectClass=Person)(sAMAccountName=john))"
srv1 dovecot: auth: Error: put_filter: AND
srv1 dovecot: auth: Error: put_filter_list 
"(objectClass=Person)(sAMAccountName=john)"
srv1 dovecot: auth: Error: put_filter: "(objectClass=Person)"
srv1 dovecot: auth: Error: put_filter: simple
srv1 dovecot: auth: Error: put_simple_filter: "objectClass=Person"
srv1 dovecot: auth: Error: put_filter: "(sAMAccountName=john)"
srv1 dovecot: auth: Error: put_filter: simple
srv1 dovecot: auth: Error: put_simple_filter: "sAMAccountName=john"
srv1 dovecot: auth: Error: ldap_build_search_req ATTRS: sAMAccountName
srv1 dovecot: auth: Error: ldap_send_initial_request
srv1 dovecot: auth: Error: ldap_send_server_request
srv1 dovecot: auth: Error: ldap_result ld 0x7fef48794580 msgid -1
srv1 dovecot: auth: Error: wait4msg ld 0x7fef48794580 msgid -1 (timeout 0 usec)
srv1 dovecot: auth: Error: wait4msg continue ld 0x7fef48794580 msgid -1 all 0
srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Connections:
srv1 dovecot: auth: Error: * host: DOMAIN.local  port: 0
srv1 dovecot: auth: Error:   refcnt: 1  status: Connected
srv1 dovecot: auth: Error:   last used: Fri Dec  6 19:08:49 2013
srv1 dovecot: auth: Error: 
srv1 dovecot: auth: Error: 
srv1 dovecot: auth: Error: * host: 192.168.188.156  port: 389  (default)
srv1 dovecot: auth: Error:   refcnt: 2  status: Connected
srv1 dovecot: auth: Error:   last used: Fri 2013
srv1 dovecot: auth: Error: 
srv1 dovecot: auth: Error: 
srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Outstanding Requests:
srv1 dovecot: auth: Error:  * msgid 37,  origid 37, status InProgress
srv1 dovecot: auth: Error:    outstanding referrals 0, parent count 0
srv1 dovecot: auth: Error:  * msgid 35,  origid 33, status InProgress
srv1 dovecot: auth: Error:    outstanding referrals 0, parent count 1
srv1 dovecot: auth: Error:  * msgid 33,  origid 33, status RequestCompleted
srv1 dovecot: auth: Error:    outstanding referrals 1, parent count 1
srv1 dovecot: auth: Error:   ld 0x7fef48794580 request count 3 (abandoned 0)
srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Response Queue:
srv1 dovecot: auth: Error:    Empty
srv1 dovecot: auth: Error:   ld 0x7fef48794580 response count 0
srv1 dovecot: auth: Error: ldap_chkResponseList ld 0x7fef48794580 msgid -1 all 0
srv1 dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fef48794580 NULL
srv1 dovecot: auth: Error: ldap_int_select
srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 msgid -1 all 0
srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 msgid 35 message type 
search-result
srv1 dovecot: auth: Error: ldap_chase_referrals
srv1 dovecot: auth: Error: read1msg:  V2 referral chased, mark request 
completed, id = 35
srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 0 new referrals
srv1 dovecot: auth: Error: read1msg:  mark request completed, ld 0x7fef48794580 
msgid 35
srv1 dovecot: auth: Error: merged parent (id 33) error info:  result errno 1, 
error <2020: Operation unavailable without authentication>, matched <>
srv1 dovecot: auth: Error: request done: ld 0x7fef48794580 msgid 33
srv1 dovecot: auth: Error: res_errno: 1, res_error: <2020: Operation 
unavailable without authentication>, res_matched: <>
srv1 dovecot: auth: Error: ldap_free_request (origid 33, msgid 33)
srv1 dovecot: auth: Error: ldap_free_request (origid 33, msgid 35)
srv1 dovecot: auth: Error: ldap_free_connection 0 1
srv1 dovecot: auth: Error: ldap_send_unbind
srv1 dovecot: auth: Error: ldap_free_connection: actually fre