Ah. You probably need to change ldap userdb so that you add userdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf result_success = continue-ok }
so that the next one is processed. you can use 'doveadm user t...@onnet.ch' to verify that the attributes are read for this user, and with another username that they are not. Aki On 07.08.2018 12:23, Simeon Ott wrote: > … attached the dovecot -n, linked files, debug log lines during a > standard client login > > root@buserver:/etc/dovecot/conf.d# doveconf -n > # 2.2.13: /etc/dovecot/dovecot.conf > # OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11 > auth_debug = yes > auth_debug_passwords = yes > auth_mechanisms = plain login > auth_verbose = yes > auth_verbose_passwords = plain > debug_log_path = syslog > disable_plaintext_auth = no > info_log_path = syslog > lda_mailbox_autocreate = yes > lda_mailbox_autosubscribe = yes > login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c > mail_debug = yes > mail_gid = 5000 > mail_location = maildir:~/Maildir > mail_plugins = zlib quota acl > mail_uid = 5000 > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date ihave > namespace { > hidden = no > ignore_on_failure = no > inbox = no > list = children > location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:CONTROL=%h/shared/%%u > prefix = shared/%%u/ > separator = / > subscriptions = yes > type = shared > } > namespace inbox { > inbox = yes > location = > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Spam { > auto = subscribe > special_use = \Junk > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix = > separator = / > type = private > } > passdb { > args = /etc/dovecot/dovecot-ldap.conf > driver = ldap > } > plugin { > acl = vfile > acl_shared_dict = file:/var/spool/postfix/virtual/shared-mailboxes > quota = maildir:User quota > quota_exceeded_message = 4.2.2 Mailbox full > quota_rule = *:storage=1G > quota_rule2 = INBOX.Trash:storage=+100M > quota_rule3 = INBOX.Spam:ignore > quota_warning = storage=95%% quota-warning 95 %u > sieve = ~/.dovecot.sieve > sieve_before = /var/lib/dovecot/sieve/default.sieve > sieve_dir = ~/sieve > sieve_max_actions = 32 > sieve_max_redirects = 4 > sieve_max_script_size = 1M > sieve_quota_max_scripts = 0 > sieve_quota_max_storage = 0 > } > protocols = " imap lmtp sieve pop3" > service auth { > group = dovecot > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > unix_listener auth-master { > group = vmail > mode = 0666 > user = vmail > } > unix_listener auth-userdb { > group = vmail > mode = 0666 > user = vmail > } > user = dovecot > } > service lmtp { > unix_listener lmtp { > mode = 0666 > } > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > inet_listener sieve_deprecated { > port = 2000 > } > process_min_avail = 0 > service_count = 1 > vsz_limit = 64 M > } > ssl = no > userdb { > args = /etc/dovecot/dovecot-ldap.conf > driver = ldap > } > userdb { > args = username_format=%Lu /etc/dovecot/share.passwd > driver = passwd-file > } > protocol lmtp { > mail_plugins = zlib quota acl sieve > } > protocol lda { > auth_socket_path = /var/run/dovecot/auth-master > deliver_log_format = msgid=%m: %$ > mail_plugins = zlib quota acl sieve > postmaster_address = postmas...@onnet.ch <mailto:postmas...@onnet.ch> > } > protocol imap { > mail_plugins = zlib quota acl imap_quota imap_acl > } > protocol sieve { > info_log_path = /var/log/sieve.log > log_path = /var/log/sieve.log > mail_max_userip_connections = 10 > managesieve_implementation_string = Dovecot Pigeonhole > managesieve_logout_format = bytes=%i/%o > managesieve_max_compile_errors = 5 > managesieve_max_line_length = 65536 > } > > root@buserver:/etc/dovecot# cat dovecot-acl > root@buserver:/etc/dovecot# > > —> means empty file > > root@buserver:/etc/dovecot# cat share.passwd > t...@onnet.ch > <mailto:t...@onnet.ch>:::::::userdb_acl=vfile:/etc/dovecot/dovecot-acl > userdb_acl_globals_only=yes > > root@buserver:/etc/dovecot# sed -e '/^#/d' dovecot-ldap.conf > hosts = localhost > uris = ldap://localhost:389/ > debug_level = 10 > auth_bind = yes > ldap_version = 3 > base = ou=domains,dc=intra,dc=onnet,dc=ch > deref = never > scope = subtree > user_attrs = > homeDirectory=home=/var/spool/postfix/virtual/%$,uidNumber=uid,gidNumber=gid,quota=quota_rule=*:bytes=%$ > user_filter = (&(objectClass=CourierMailAccount)(mail=%u)) > pass_attrs = mail=user,userPassword=password > pass_filter = (&(objectClass=CourierMailAccount)(mail=%u)) > iterate_attrs = mail=user > iterate_filter = (objectClass=CourierMailAccount) > default_pass_scheme = CRYPT > > root@buserver:/etc/dovecot# cat /var/log/mail.log | grep "Aug 7 11:17:27" > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: acl vfile: file > /var/spool/postfix/virtual/onnet.ch/test//Maildir/.test > <http://onnet.ch/test//Maildir/.test> folder 1.sub folder 1 > 1/dovecot-acl not found > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: acl vfile: reading file > /var/spool/postfix/virtual/onnet.ch/test//Maildir/.super/dovecot-acl > <http://onnet.ch/test//Maildir/.super/dovecot-acl> > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: acl vfile: reading file > /var/spool/postfix/virtual/onnet.ch/test//Maildir/.super.hello > <http://onnet.ch/test//Maildir/.super.hello> du/dovecot-acl > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: acl vfile: file > /var/spool/postfix/virtual/onnet.ch/test//Maildir/.test > <http://onnet.ch/test//Maildir/.test> folder 1/dovecot-acl not found > Aug 7 11:17:27 buserver dovecot: auth: Debug: auth client connected > (pid=3203) > Aug 7 11:17:27 buserver dovecot: auth: Debug: client in: > AUTH#0111#011PLAIN#011service=imap#011session=lkbV3NRyyQDAqDgB#011lip=192.168.56.50#011rip=192.168.56.1#011lport=143#011rport=52169#011resp=dGVzdEBvbm5ldC5jaAB0ZXN0QG9ubmV0LmNoAG5vdmVsbDEyMzQ1Ng== > (previous base64 data may contain sensitive data) > Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(t...@onnet.ch > <mailto:t...@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): bind search: > base=ou=domains,dc=intra,dc=onnet,dc=ch > filter=(&(objectClass=CourierMailAccount)(mail=t...@onnet.ch > <mailto:mail=t...@onnet.ch>)) > Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(t...@onnet.ch > <mailto:t...@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result: > mail=t...@onnet.ch <mailto:mail=t...@onnet.ch>; mail unused > Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(t...@onnet.ch > <mailto:t...@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result: > mail=t...@onnet.ch <mailto:mail=t...@onnet.ch> > Aug 7 11:17:27 buserver dovecot: auth: Debug: client passdb out: > OK#0111#011user=t...@onnet.ch <mailto:OK#0111#011user=t...@onnet.ch> > Aug 7 11:17:27 buserver dovecot: auth: Debug: master in: > REQUEST#0113718250497#0113203#0111#011089fd1d9e1a2c66586786422f24c51cd#011session_pid=3206#011request_auth_token > Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(t...@onnet.ch > <mailto:t...@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): user search: > base=ou=domains,dc=intra,dc=onnet,dc=ch scope=subtree > filter=(&(objectClass=CourierMailAccount)(mail=t...@onnet.ch > <mailto:mail=t...@onnet.ch>)) > fields=homeDirectory,uidNumber,gidNumber,quota > Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(t...@onnet.ch > <mailto:t...@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result: > uidNumber=5000 quota=1073741824 gidNumber=5000 > homeDirectory=onnet.ch/test/ <http://onnet.ch/test/>; > homeDirectory,uidNumber,quota,gidNumber unused > Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(t...@onnet.ch > <mailto:t...@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result: > uidNumber=5000 quota=1073741824 gidNumber=5000 > homeDirectory=onnet.ch/test/ <http://onnet.ch/test/> > Aug 7 11:17:27 buserver dovecot: auth: Debug: master userdb out: > USER#0113718250497#011t...@onnet.ch > <mailto:USER#0113718250497#011t...@onnet.ch>#011home=/var/spool/postfix/virtual/onnet.ch/test/#011uid=5000#011gid=5000#011quota_rule=*:bytes=1073741824#011auth_token=913bee7c974e18d4527fc38d90457411e7e61201 > <http://onnet.ch/test/#011uid=5000#011gid=5000#011quota_rule=*:bytes=1073741824#011auth_token=913bee7c974e18d4527fc38d90457411e7e61201> > Aug 7 11:17:27 buserver dovecot: imap-login: Login: > user=<t...@onnet.ch <mailto:t...@onnet.ch>>, method=PLAIN, > rip=192.168.56.1, lip=192.168.56.50, mpid=3206 > Aug 7 11:17:27 buserver dovecot: imap: Debug: Loading modules from > directory: /usr/lib/dovecot/modules > Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded: > /usr/lib/dovecot/modules/lib01_acl_plugin.so > Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded: > /usr/lib/dovecot/modules/lib02_imap_acl_plugin.so > Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded: > /usr/lib/dovecot/modules/lib10_quota_plugin.so > Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded: > /usr/lib/dovecot/modules/lib11_imap_quota_plugin.so > Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded: > /usr/lib/dovecot/modules/lib20_zlib_plugin.so > Aug 7 11:17:27 buserver dovecot: imap: Debug: Added userdb setting: > plugin/quota_rule=*:bytes=1073741824 > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: Effective uid=5000, gid=5000, > home=/var/spool/postfix/virtual/onnet.ch/test/ <http://onnet.ch/test/> > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: Quota root: name=User quota > backend=maildir args= > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: Quota rule: root=User quota mailbox=* > bytes=1073741824 messages=0 > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: Quota rule: root=User quota > mailbox=INBOX.Trash bytes=+104857600 messages=0 > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: Quota rule: root=User quota > mailbox=INBOX.Spam ignored > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: Quota warning: bytes=1020054732 (95%) > messages=0 reverse=no command=quota-warning 95 t...@onnet.ch > <mailto:t...@onnet.ch> > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: Quota grace: root=User quota > bytes=107374182 (10%) > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: Namespace inbox: type=private, > prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes > location=maildir:~/Maildir > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: maildir++: > root=/var/spool/postfix/virtual/onnet.ch/test//Maildir > <http://onnet.ch/test//Maildir>, index=, indexpvt=, control=, > inbox=/var/spool/postfix/virtual/onnet.ch/test//Maildir > <http://onnet.ch/test//Maildir>, alt= > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: acl: initializing backend with data: vfile > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: acl: acl username = t...@onnet.ch > <mailto:t...@onnet.ch> > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: acl: owner = 1 > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: acl vfile: Global ACLs disabled > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: Namespace : type=shared, > prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children, > subscriptions=yes > location=maildir:%h/Maildir:INDEX=/var/spool/postfix/virtual/onnet.ch/test//shared/%u:CONTROL=/var/spool/postfix/virtual/onnet.ch/test//shared/%u > <http://onnet.ch/test//shared/%u:CONTROL=/var/spool/postfix/virtual/onnet.ch/test//shared/%u> > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: shared: root=/var/run/dovecot, index=, > indexpvt=, control=, inbox=, alt= > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: acl: initializing backend with data: vfile > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: acl: acl username = t...@onnet.ch > <mailto:t...@onnet.ch> > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: acl: owner = 0 > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Debug: acl vfile: Global ACLs disabled > Aug 7 11:17:27 buserver dovecot: imap(t...@onnet.ch > <mailto:t...@onnet.ch>): Disconnected: Logged out in=30 out=457 > > thanks for looking into this > >> On 7 Aug 2018, at 10:34, Aki Tuomi <aki.tu...@dovecot.fi >> <mailto:aki.tu...@dovecot.fi>> wrote: >> >> Can you provide your doveconf -n after adding the database *after* LDAP. >> >> You probably need to add 'noauthenticate' as one parameter after the >> userdb ones. >> >> Aki >> >