Re: a temporary failure

Tue, 23 Jun 2015 01:32:24 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 22 Jun 2015, lejeczek wrote:

On 22/06/15 09:43, Steffen Kaiser wrote:

On Mon, 22 Jun 2015, lejeczek wrote:

On 22/06/15 09:16, lejeczek wrote:



to=<[email protected]>,orig_to=<root@localhost>, relay=dovecot, delay=39296, 
delays=39294/2.2/0/0.27, dsn=4.3.0, status=deferred (temporary failure)



and dovecot logs no error, despite having debug to yes in couple of 
places,

it shows:

auth: Debug: master in: USER    1    [email protected] service=lda
auth-worker(25343): Debug: passwd([email protected]): lookup
auth-worker(25343): passwd([email protected]): unknown user

auth: Debug: ldap([email protected]): user search: 
base=ou=People,dc=my,dc=domain scope=subtree 
filter=(&(objectClass=person)(uid=me)) fields=

auth: Debug: ldap([email protected]): result: objectClass=top,top,top,top,

... here  goes the whole lot of ldap atrribs, and at the end:

unused.


For passdb & userdb in the configs I only configure ldap backed, nothing 
else. Ldap works, I can query it without failling.

I believe it's very simple set up but I must be wrong somewhere.

pass_filter = (&(objectClass=posixAccount)(uid=%n))
pass_attrs = uid=user=%n,userPassword=password



Use either uid=user oder =user=%n but not uid=user=%n. I would use 
uid=user, so the user cannot specify the case of the username.



user_attrs = 
=home=/var/spool/mail/%d/%n,=mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n

user_filter = (&(objectClass=person)(uid=%n))


even stranger, if I use(along with ldap in configs):


Please post:

complete doveconf -n
and the complete LDAP config being referenced by the config.


userdb {
 driver = static

 args = uid=vmail gid=mail home=/var/spool/mail/%d/%n 
mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n 
sieve_storage=/var/spool/mail/%d/%n/SIEVE 
sieve=/var/spool/mail/%d/%n/dovecot.sieve

}

dovecot start to core dump:


auth: Fatal: master: service(auth): child 9188 killed with signal 11 (core 
dumped)


auth_debug = yes


The first lines should be something like this:


# 2.2.18 (8906101589f9): 
/usr/local/dovecot-2.2.18/etc/dovecot/dovecot.conf

# Pigeonhole version 0.4.8 (3df7e50f986d)
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.10

What version are you using?


auth_mechanisms = login
auth_verbose = yes
first_valid_uid = 999
mail_debug = yes
mail_location = maildir:/var/spool/mail/my.domain/%u/Maildir
mail_uid = vmail
managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
copy include variables body enotify environment mailbox date ihave

mbox_write_locks = fcntl
namespace inbox {
 inbox = yes
 location =
 mailbox Drafts {
   special_use = \Drafts
 }
 mailbox Junk {
   special_use = \Junk
 }
 mailbox Sent {
   special_use = \Sent
 }
 mailbox "Sent Messages" {
   special_use = \Sent
 }
 mailbox Trash {
   special_use = \Trash
 }
 prefix =
}
passdb {
 driver = pam
}


Did you've removed or commented the line :

10-auth.conf:#!include auth-system.conf.ext

?


passdb {
 args = /etc/dovecot/ldap-passdb-my.domain.conf
 driver = ldap
}
plugin {
 sieve = ~/.dovecot.sieve
 sieve_dir = ~/sieve
 sieve_storage = SIEVE
}
protocols = imap sieve
service auth {
 unix_listener /var/spool/postfix/private/auth {
   group = mail
   mode = 0660
   user = vmail
 }
 unix_listener auth-userdb {
   group = mail
   mode = 0660
   user = vmail
 }
}
service imap-login {
 inet_listener imap {
   port = 143
 }
 inet_listener imaps {
   port = 993
 }
}
ssl = required
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
 driver = passwd
}
userdb {
 args = /etc/dovecot/ldap-userdb-my.domain.conf
 driver = ldap
}
protocol lmtp {
 mail_plugins = " sieve"
}
protocol lda {
 mail_plugins = " sieve"
}

#ldap-passdb
hosts = localhost
uris = ldap://localhost:389/
ldap_version = 3
base = ou=People,dc=my,dc=domain
dn = cn=Manager,dc=my,dc=domain
dnpass = my.pass
auth_bind = no
pass_attrs = uid=%n,userPassword=password


uid=%n makes no sense. Please use just:

pass_attrs = userPassword=password


pass_filter = (&(objectClass=posixAccount)(uid=%n))


#ldap-userdb
hosts = localhost
uris = ldap://localhost:389/
ldap_version = 3
base = ou=People,dc=my,dc=domain
dn = cn=Manager,dc=my,dc=domain
dnpass = my.pass
auth_bind = no

user_attrs = 
=home=/var/spool/mail/%d/%n,=mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n

user_filter = (&(objectClass=person)(uid=%n))
default_pass_scheme = SSHA

It cannot be postfix if it relays and dovecots gets these relays. Can it be?



I have tried your config with above mentioned version, with LDAP as only 
passdb and userdb and these LDAP-settings:


hosts = localhost
auth_bind = yes
base = <baseDN>
deref = searching
user_attrs = 
=home=/var/spool/mail/%d/%n,=mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n
user_filter = (&(objectClass=fhMailAlias)(uid=%n))
pass_attrs = userPassword=password
pass_filter = (&(objectClass=fhMailAlias)(uid=%Ln)(!(deniedService=%Ls)))
iterate_filter = (objectClass=fhMailAlias)

Note the pass_attrs. Then I submitted a new message with:

socat stdin UNIX:/var/run/dovecot2.2/lmtp
LHLO loc
mail from:<[email protected]>
rcpt to:<[email protected]>
data
Subject: 1

1
.


successfully. Maildir was created and message spooled to 
/var/spool/mail/example.com/other/Maildir. Then I logged in via IMAP 
successfully as well.



I also tried the other order: reload Dovecot to flush any caches, log in 
via IMAP and submit via LMTP.


You should however note the following:


Both filters treat users "[email protected]" and "[email protected]" 
as the same user, because they match the same LDAP item (uid=%n), however 
the directories of the users _should_ differ, but they won't as long as 
the user's information is cached in the auth cache.


That means:

doveadm auch cache flush
doveadm user [email protected]
doveadm user [email protected]

returns the date for [email protected] in both cases and

doveadm auch cache flush
doveadm user [email protected]
doveadm user [email protected]

returns the data for [email protected] in both cases.


- -- 
Steffen Kaiser

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVYkZtnz1H7kL/d9rAQIZEQf6AsT93VQg1bvF+kla4q9m/0cFlZpAEzDl
t4V1XwiYUENBCCvXuxKpY1QvKCKVwryS+GUbPh0eP0t+Rjl6bOT1wP4qwkOlRIkN
V6kmx6sBabdObTUgI1kl07ss2vt0MVzjFh5WDRPz6Z/UzKRIGkuphzksVle14GDG
UefgtdOYhR+Mfn0nRil2FOSFbWnMgR/9rkKEBr7Ou4vxgU7BF1nfOUA/bmc/tEF+
oMuNkq8xdsKmuN5AhbIghUr3o4DARW0KnLCo4uUJTx7BRreO651Cw4K3fwKlRyAu
Pvt4NqxAkJ2Iyu0lFc60xkN0RX+vndfqGOwfIwRYhiBIbX03Cvesaw==
=Hn9X
-----END PGP SIGNATURE-----






















					Reply via email to