Re: [Dovecot] singe system user for all virtual users
hi, thank you. Timo Sirainen wrote: On Sun, 2008-05-25 at 02:27 +0100, Wojtek Bogusz wrote: Error: Error in configuration file /usr/local/etc/dovecot.conf line 909: Unknown setting: userdb .. auth_userdb = What's this? Remove it. see the bottom of http://wiki.dovecot.org/VirtualUsers the section static userdb that is where it comes from. -- W
[Dovecot] singe system user for all virtual users
hi, i would like to have all the emails stored under one system user and system group. i keep user passwords in LDAP. for userdb i wanted to use static. but i keep getting this error: Error: Error in configuration file /usr/local/etc/dovecot.conf line 909: Unknown setting: userdb Fatal: Invalid configuration in /usr/local/etc/dovecot.conf i am using version 1.0.13 my /usr/local/etc/dovecot.conf without comments is: base_dir = /var/run/dovecot/ protocols = imaps imap listen = * disable_plaintext_auth = no shutdown_clients = yes log_timestamp = %Y-%m-%d %H:%M:%S ssl_disable = no ssl_cert_file = /etc/apache2/ssl/server.pem ssl_key_file = /etc/apache2/ssl/server.key mail_location = maildir:/home/MAIL/%n mail_privileged_group = mail protocol imap { login_greeting_capability = yes imap_client_workarounds = tb-extra-mailbox-sep } protocol lda { postmaster_address = [EMAIL PROTECTED] hostname = base auth_socket_path = /var/run/dovecot/auth-master } auth_verbose = yes auth_debug = yes auth_debug_passwords = yes auth default { mechanisms = plain passdb ldap { args = /etc/dovecot/dovecot-ldap.conf } userdb static { args = uid=mail gid=mail home=/home/MAIL/%n } auth_userdb = user = mail socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = mail # User running Dovecot LDA group = mail # Or alternatively mode 0660 + LDA user in this group } } } dict { } plugin { } what do i do wrong? best regards, Wojtek
Re: [Dovecot] Please help: LDAP configuration _almost_ works.
dear Rob, thank you for support! there are small differences in mine and yours config, like: - you do not have auth_bind_userdn defined. if i comment my out i cannot authenticate at all - log file: auth(default): ldap(wojtek,192.168.0.200): unknown user dovecot: auth(default): client out: FAIL^I1^Iuser=wojtek - you have user_attrs = mail=user, me: user_attrs = homeDirectory=home,uidNumber=uid. but i do not think it make any difference. - i did not have deref = never. do you know what does it do? i do not understand man ldapsearch explanation :( Rob, could you send me your ldap config (/etc/ldap/slapd.conf) please? maybe i am making some simple mistake with my ldap config... cheers, Wojtek Rob Coward wrote: I cant help you with what is going wrong for you, but we use dovecot very successfully with ldap lookups against Active Directory, using auth_bind=yes, and it does not require anonymous connections. The initial connection is by an un-privileged user that searches for the user, then a 2nd connection is used, authenticating against AD as the looked up user using the password supplied to dovecot. Our setup looks like this: # rpm -q dovecot dovecot-1.0-1.2.0.el5 # dovecot -n # /etc/dovecot.conf protocols: imap pop3 login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_user: dovecotlogin login_process_size: 64 login_processes_count: 10 login_max_processes_count: 64 first_valid_uid: 97 default_mail_env: maildir:/data/shared/mailstore/%d/%n mail_location: maildir:/data/shared/mailstore/%d/%n mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib64/dovecot/imap mail_plugin_dir(imap): /usr/lib64/dovecot/imap mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3 auth default: passdb: driver: ldap args: /etc/dovecot-ldap.conf passdb: driver: ldap args: /etc/dovecot-ldap-fr.conf passdb: driver: ldap args: /etc/dovecot-ldap-se.conf userdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot-ldap-fr.conf userdb: driver: ldap args: /etc/dovecot-ldap-se.conf # cat /etc/dovecot-ldap.conf hosts = ad.our.net dn=CN=Lookup,CN=Users,DC=our,DC=net dnpass= auth_bind = yes ldap_version = 3 base = OU=Stores,OU=UK,DC=our,DC=net deref = never scope = subtree user_attrs = mail=user user_filter = ((objectClass=user)(mail=%u)) pass_attrs = mail=user,userPassword=password,mail=userdb_user pass_filter = ((objectClass=user)(mail=%u)) user_global_uid = dovecot user_global_gid = dovecot We use multiple userdb / passdb definitions and ldap configs in order to limit the searches of our AD schema to specific sub-trees, both for performance and as there are other users elsewhere in our schema that we dont want dovecot to allow to connect. Hope this helps you. Rob On Wed, 2008-04-16 at 00:19 +0100, Wojtek Bogusz wrote: /etc/ldap/sldap.conf: access to attr=uid,homeDirectory,uidNumber by anonymous read I do not have this in my configuration, and dovecot does indeed use the credential I provide to successfully query LDAP for the user based on the (mail=%u) criteria. However, it does not see the reply. The fact that it does perform the query successfully implies to me that it does not use an anonymous connection. Very puzzling. i have no idea what dovecot is doing :-) from the log file it looks like there are 2 queries to ldap: 1. to check provided password for provided user name, 2. to find a user related information (and from what Steffen wrote this one is done with anonymous user - correct?). [on the margin: why isn't it done in one query: get me the user related information, i am binding with provided user and with provided password. this way it would be one query for two things.] in my case, i cannot list user related information from ldap in anonymous connection even from command line, using: ldapsearch -x -b 'ou=Users,dc=frontline' '((objectClass=posixAccount)(uid=wojtek))' homeDirectory so i guess that i have to workout ldap settings for anonymous query. my /etc/ldap/slapd.conf related to access permissions is: access to dn.children=ou=Users,dc=frontline attrs=uid,homeDirectory,uidNumber by anonymous read access to attrs=userPassword,sambaNTPassword,sambaLMPassword by dn=cn=admin,dc=frontline write by anonymous auth by self write by * none access to dn.children=ou=Users,dc=frontline by dn=cn=root,ou=Users,dc=frontline read by anonymous auth by self write access to dn.base= by * read access to * by dn=cn=admin,dc=frontline write by * read maybe the problem is here... any hints please? regards, Wojtek Please
Re: [Dovecot] Please help: LDAP configuration _almost_ works.
Rob. actually it works... you made me check one thing again and i did have a mistake with the user specified in dn in dovecot-ldap.conf. it was not possible to search userdb information with it. so a small fix in slapd.conf and it is working. now i am off to setting the ldap aliases for postfix. setting mailing lists with mailman, making ldap work with samba, etc... i need to offer users simple way of changing the password and editing mail address aliases. i was thinking of writing a simple web interface. but maybe there are already programs for doing this? all the best! Wojtek Rob Coward wrote: On Wed, 2008-04-16 at 10:39 +0100, Wojtek Bogusz wrote: dear Rob, thank you for support! there are small differences in mine and yours config, like: - you do not have auth_bind_userdn defined. if i comment my out i cannot authenticate at all - log file: auth(default): ldap(wojtek,192.168.0.200): unknown user dovecot: auth(default): client out: FAIL^I1^Iuser=wojtek Our initial connection is made using the dn and dnpass settings. This looks up the user's dn based on the ((objectClass=user)(mail=% u)) search criteria. My understanding of the auth_bind_userdn setting is that it is only useful if all your users are in a specific tree in the ldap, so that you can specify (from http://wiki.dovecot.org/HowTo/DovecotOpenLdap?highlight=% 28auth_bind_userdn%29 ) auth_bind_userdn = uid=% u,ou=People,dc=_WIZZY_HOSTNAME_,ou=wizzy This I believe saves the first lookup to find the dn of the user trying to login. Our users are spread throughout our tree, hence using the initial lookup as the 'dn'/'dnpass' user to find our user's dn. If you remove auth_bind_userdn, do you have 'dn' 'dnpass' setup with a suitable unprivileged user to allow the initial lookup of the logging-in user's dn ? - you have user_attrs = mail=user, me: user_attrs = homeDirectory=home,uidNumber=uid. but i do not think it make any difference. Our users login with their email address as the userid - hence mail=user telling dovecot that the userid is stored in the 'mail' attribute in the ldap results. We dont bother with 'home' or 'uid' as they are all virtual users, using a fixed uid set by user_global_uid = dovecot and mail_location: maildir:/data/shared/mailstore/%d/%n - i did not have deref = never. do you know what does it do? i do not understand man ldapsearch explanation :( something to do with following links to other ldap servers I think. Dont think its strictly necessary in a single server setup. Rob, could you send me your ldap config (/etc/ldap/slapd.conf) please? maybe i am making some simple mistake with my ldap config... As I said, we use Active Directory (running on Win2k3 servers I believe), not slapd. Regards, Rob Rob Coward wrote: I cant help you with what is going wrong for you, but we use dovecot very successfully with ldap lookups against Active Directory, using auth_bind=yes, and it does not require anonymous connections. The initial connection is by an un-privileged user that searches for the user, then a 2nd connection is used, authenticating against AD as the looked up user using the password supplied to dovecot. Our setup looks like this: # rpm -q dovecot dovecot-1.0-1.2.0.el5 # dovecot -n # /etc/dovecot.conf protocols: imap pop3 login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_user: dovecotlogin login_process_size: 64 login_processes_count: 10 login_max_processes_count: 64 first_valid_uid: 97 default_mail_env: maildir:/data/shared/mailstore/%d/%n mail_location: maildir:/data/shared/mailstore/%d/%n mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib64/dovecot/imap mail_plugin_dir(imap): /usr/lib64/dovecot/imap mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3 auth default: passdb: driver: ldap args: /etc/dovecot-ldap.conf passdb: driver: ldap args: /etc/dovecot-ldap-fr.conf passdb: driver: ldap args: /etc/dovecot-ldap-se.conf userdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot-ldap-fr.conf userdb: driver: ldap args: /etc/dovecot-ldap-se.conf # cat /etc/dovecot-ldap.conf hosts = ad.our.net dn=CN=Lookup,CN=Users,DC=our,DC=net dnpass= auth_bind = yes ldap_version = 3 base = OU=Stores,OU=UK,DC=our,DC=net deref = never scope = subtree user_attrs = mail=user user_filter = ((objectClass=user)(mail=%u)) pass_attrs = mail=user,userPassword=password,mail=userdb_user pass_filter = ((objectClass=user)(mail=%u)) user_global_uid = dovecot user_global_gid = dovecot We use multiple userdb / passdb definitions and ldap configs in order to limit the searches of our AD schema to specific sub-trees, both
Re: [Dovecot] Please help: LDAP configuration _almost_ works.
dn: dovecot needs a dn with which to search the database to find the user's DN based on their email. This is done with an anonymous connection, Hmmm... wish the docs mentioned that. It means that I need to set up LDAP to allow anonymous searches for the mail field. Odd... is this true? does it mean that i should have something like this in /etc/ldap/sldap.conf: access to attr=uid,homeDirectory,uidNumber by anonymous read still it does not work and i have in log files: dovecot: auth(default): ldap(wojtek,192.168.0.200): user search: base=ou=Users,dc=frontline scope=subtree filter=((objectClass=posixAccount)(uid=wojtek)) fields=homeDirectory,uidNumber dovecot: auth(default): ldap(wojtek,192.168.0.200): Authenticated user not found dovecot: auth(default): userdb(wojtek,192.168.0.200): user not found from userdb dovecot: auth(default): master out: NOTFOUND^I4 to be honest i do not know how to make ldap searchable for anonymous user. i have tried several options and it does not work. Yeah, it works in my setup :-) Can you supply your config?! yes. could you please send config please both dovecot (/etc/dovecot/dovecot*.conf) and openldap (/etc/ldap/*.conf) Did you sniffed the LDAP connection already? Only indirectly through the LDAP logs, which shows that a response is indeed sent by the LDAP server. how would you recommend to sniff? interesting thing. i also changed auth_bind to no dn and dnpass supplied and it does not work. looks like dovecot still tries to bind to ldap using anonymous user. cheers, Wojtek
Re: [Dovecot] Please help: LDAP configuration _almost_ works.
/etc/ldap/sldap.conf: access to attr=uid,homeDirectory,uidNumber by anonymous read I do not have this in my configuration, and dovecot does indeed use the credential I provide to successfully query LDAP for the user based on the (mail=%u) criteria. However, it does not see the reply. The fact that it does perform the query successfully implies to me that it does not use an anonymous connection. Very puzzling. i have no idea what dovecot is doing :-) from the log file it looks like there are 2 queries to ldap: 1. to check provided password for provided user name, 2. to find a user related information (and from what Steffen wrote this one is done with anonymous user - correct?). [on the margin: why isn't it done in one query: get me the user related information, i am binding with provided user and with provided password. this way it would be one query for two things.] in my case, i cannot list user related information from ldap in anonymous connection even from command line, using: ldapsearch -x -b 'ou=Users,dc=frontline' '((objectClass=posixAccount)(uid=wojtek))' homeDirectory so i guess that i have to workout ldap settings for anonymous query. my /etc/ldap/slapd.conf related to access permissions is: access to dn.children=ou=Users,dc=frontline attrs=uid,homeDirectory,uidNumber by anonymous read access to attrs=userPassword,sambaNTPassword,sambaLMPassword by dn=cn=admin,dc=frontline write by anonymous auth by self write by * none access to dn.children=ou=Users,dc=frontline by dn=cn=root,ou=Users,dc=frontline read by anonymous auth by self write access to dn.base= by * read access to * by dn=cn=admin,dc=frontline write by * read maybe the problem is here... any hints please? regards, Wojtek
Re: [Dovecot] LDAP
hi all, i cannot figure out how to solve my problem with dovecot+ldap configuration. please help... i was reading through the emails from the list related to ldap. i added this debugging line 372: i_info(LDAP: Received reply %d, msgid); to src/auth/db-ldap.c. you can see part of my mail.info log file below. most interesting is that actually if you give a wrong password to the email client program dovecot report it back. so it can verify this on LDAP. also you can see that one of the lines below say client out: OK^I1^Iuser=wojtek. what looks to me as a successful authentication. and than it cannot find the user! what is strange, as when i execute a command line: ldapsearch -h localhost -b 'ou=Users,dc=frontline' -D 'uid=wojtek,ou=Users,dc=frontline' -x -W it works ok (see the result below in the quoted emails). Steffen wrote that userdb is not running - i do not understand this. how do i make it run? i thought that both userdb and passdb are in LDAP. please see the structure of my LDAP record below in quoted email. Apr 12 16:05:27 base dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Ilip=192.168.0.202^Irip=192.168.0.200 Apr 12 16:05:27 base dovecot: auth(default): client out: CONT^I1^I Apr 12 16:05:27 base dovecot: auth(default): client in: CONT^I1^IAHdvanRlawBiZWR6aWUgZG9icnpl Apr 12 16:05:27 base dovecot: auth(default): ldap(wojtek,192.168.0.200): bind: dn=uid=wojtek,ou=Users,dc=frontline Apr 12 16:05:27 base dovecot: auth(default): LDAP: Received reply 2 Apr 12 16:05:27 base dovecot: auth(default): client out: OK^I1^Iuser=wojtek Apr 12 16:05:27 base dovecot: auth(default): master in: REQUEST^I1^I14825^I1 Apr 12 16:05:27 base dovecot: auth(default): ldap(wojtek,192.168.0.200): user search: base=ou=Users,dc=frontline scope=subtree filter=((objectClass=posixAccount)(uid=wojtek)) fields=homeDirectory,uidNumber Apr 12 16:05:27 base dovecot: auth(default): LDAP: Received reply 3 Apr 12 16:05:27 base dovecot: auth(default): LDAP: Received reply 4 Apr 12 16:05:27 base dovecot: auth(default): ldap(wojtek,192.168.0.200): Authenticated user not found Apr 12 16:05:27 base dovecot: auth(default): userdb(wojtek,192.168.0.200): user not found from userdb Apr 12 16:05:27 base dovecot: auth(default): master out: NOTFOUND^I1 Apr 12 16:05:27 base dovecot: imap-login: Internal login failure: user=wojtek, method=PLAIN, rip=192.168.0.200, lip=192.168.0.202 see my configuration: $ sudo dovecot -n # 1.0.13: /usr/local/etc/dovecot.conf base_dir: /var/run/dovecot/ log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap ssl_cert_file: /etc/apache2/ssl/server.pem ssl_key_file: /etc/apache2/ssl/server.key disable_plaintext_auth: no login_dir: /var/run/dovecot//login login_executable: /usr/local/libexec/dovecot/imap-login login_greeting_capability: yes mail_privileged_group: mail mail_location: maildir:/home/MAIL/%u imap_client_workarounds: tb-extra-mailbox-sep auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf $ sudo grep -v '^[[:space:]]*#' /etc/dovecot/dovecot-ldap.conf | grep -v '^$' hosts = localhost dn = uid=root,ou=Users,dc=frontline dnpass = ...password... auth_bind = yes auth_bind_userdn = uid=%u,ou=Users,dc=frontline ldap_version = 3 base = ou=Users,dc=frontline scope = subtree user_attrs = homeDirectory=home,uidNumber=uid user_filter = ((objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = ((objectClass=posixAccount)(uid=%u)) default_pass_scheme = MD5 user_global_uid = dovecot user_global_gid = dovecot Wojtek Bogusz wrote: hi Steffen, i have to modify ldapsearch command you wrote and add '-x' switch for simple authentication instead of SASL. but otherwise the command display good results: # extended LDIF # # LDAPv3 # base ou=Users,dc=frontline with scope subtree # filter: ((objectClass=posixAccount)(uid=wojtek)) # requesting: homeDirectory uidNumber # # wojtek, Users, frontline dn: uid=wojtek,ou=Users,dc=frontline uidNumber: 3 homeDirectory: /home/samba/wojtek # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 i am not sure how to show you the structure of the LDAP entry otherwise than just run a search without requesting specific field. here is the result: # wojtek, Users, frontline dn: uid=wojtek,ou=Users,dc=frontline objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: wojtek sn: wojtek givenName: wojtek uid: wojtek uidNumber: 3 gidNumber: 513 homeDirectory: /home/samba/wojtek loginShell: /bin/false gecos: Wojtek Bogusz userPassword:: [password here] cheers, Wojtek Steffen Kaiser wrote: On Mon, 17 Mar 2008, Wojtek Bogusz wrote: bind: dn=uid=wojtek,ou=Users,dc=frontline Mar 17 18:21:09 base dovecot: auth(default): client
Re: [Dovecot] LDAP
hi Steffen, i have to modify ldapsearch command you wrote and add '-x' switch for simple authentication instead of SASL. but otherwise the command display good results: # extended LDIF # # LDAPv3 # base ou=Users,dc=frontline with scope subtree # filter: ((objectClass=posixAccount)(uid=wojtek)) # requesting: homeDirectory uidNumber # # wojtek, Users, frontline dn: uid=wojtek,ou=Users,dc=frontline uidNumber: 3 homeDirectory: /home/samba/wojtek # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 i am not sure how to show you the structure of the LDAP entry otherwise than just run a search without requesting specific field. here is the result: # wojtek, Users, frontline dn: uid=wojtek,ou=Users,dc=frontline objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: wojtek sn: wojtek givenName: wojtek uid: wojtek uidNumber: 3 gidNumber: 513 homeDirectory: /home/samba/wojtek loginShell: /bin/false gecos: Wojtek Bogusz userPassword:: [password here] cheers, Wojtek Steffen Kaiser wrote: On Mon, 17 Mar 2008, Wojtek Bogusz wrote: bind: dn=uid=wojtek,ou=Users,dc=frontline Mar 17 18:21:09 base dovecot: auth(default): client out: OK^I1^Iuser=wojtek Mar 17 18:21:09 base dovecot: auth(default): master in: REQUEST^I2^I19185^I1 Mar 17 18:21:09 base dovecot: auth(default): ldap(wojtek,192.168.0.200): user search: base=ou=Users,dc=frontline scope=subtree filter= ((objectClass=posixAccount)(uid=wojtek)) fields=homeDirectory,uidNumber Mar 17 18:21:09 base dovecot: auth(default): ldap(wojtek,192.168.0.200): Authenticated user not found Dovecot differs between userdb and passdb. It seems that passdb is running, but userdb is not. How does your LDAP entry looks like? Should the user data be read from LDAP, BTW? Does the LDAP filter mentioned in the logs return the results for the currently bound user, aka: ldapsearch -D uid=wojtek,ou=Users,dc=frontline -W \ -b ou=Users,dc=frontline \ '((objectClass=posixAccount)(uid=wojtek))' homeDirectory uidNumber displays home and uid? Bye, -- Steffen Kaiser
Re: [Dovecot] LDAP
Charles Marcus wrote: On 3/15/2008, Wojtek Bogusz ([EMAIL PROTECTED]) wrote: i am using version 1.0.rc17 upgrade...very old... hi. thanks. i upgraded to version 1.0.13 and it changes nothing in the problem. let me quote the /var/log/mail.info and config files below. i would be really grateful for help as i am a bit stacked with this problem. cheers, Wojtek # /var/log/mail.info: Mar 17 18:21:08 base dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Ilip=192.168.0.202^Irip=192.168.0.200 Mar 17 18:21:08 base dovecot: auth(default): client out: CONT^I1^I Mar 17 18:21:09 base dovecot: auth(default): client in: CONT^I1^IAHdvanRlawBiZWR6aWUgZG9icnpl Mar 17 18:21:09 base dovecot: auth(default): ldap(wojtek,192.168.0.200): bind: dn=uid=wojtek,ou=Users,dc=frontline Mar 17 18:21:09 base dovecot: auth(default): client out: OK^I1^Iuser=wojtek Mar 17 18:21:09 base dovecot: auth(default): master in: REQUEST^I2^I19185^I1 Mar 17 18:21:09 base dovecot: auth(default): ldap(wojtek,192.168.0.200): user search: base=ou=Users,dc=frontline scope=subtree filter= ((objectClass=posixAccount)(uid=wojtek)) fields=homeDirectory,uidNumber Mar 17 18:21:09 base dovecot: auth(default): ldap(wojtek,192.168.0.200): Authenticated user not found Mar 17 18:21:09 base dovecot: auth(default): userdb(wojtek,192.168.0.200): user not found from userdb Mar 17 18:21:09 base dovecot: auth(default): master out: NOTFOUND^I2 Mar 17 18:21:09 base dovecot: imap-login: Internal login failure: user=wojtek, method=PLAIN, rip=192.168.0.200, lip=192.168.0.202 # 1.0.13: /usr/local/etc/dovecot.conf base_dir: /var/run/dovecot/ log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap ssl_cert_file: /etc/apache2/ssl/server.pem ssl_key_file: /etc/apache2/ssl/server.key disable_plaintext_auth: no login_dir: /var/run/dovecot//login login_executable: /usr/local/libexec/dovecot/imap-login login_greeting_capability: yes mail_privileged_group: mail mail_location: maildir:/home/MAIL/%u imap_client_workarounds: tb-extra-mailbox-sep auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf # /etc/dovecot/dovecot-ldap.conf hosts = localhost dn = uid=root,ou=Users,dc=frontline dnpass = [user root plain text password here] auth_bind = yes auth_bind_userdn = uid=%u,ou=Users,dc=frontline ldap_version = 3 base = ou=Users,dc=frontline scope = subtree user_attrs = homeDirectory=home,uidNumber=uid user_filter = ((objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = ((objectClass=posixAccount)(uid=%u)) default_pass_scheme = MD5 user_global_uid = dovecot user_global_gid = dovecot
[Dovecot] LDAP
hi. i am trying to setup dovecot imap server with users in LDAP. but i get Internal login failure. can you help please? it is probably something obvious. thank you. Wojtek i am using version 1.0.rc17 # /etc/dovecot/dovecot.conf base_dir: /var/run/dovecot/ log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap ssl_cert_file: /etc/apache2/ssl/server.pem ssl_key_file: /etc/apache2/ssl/server.key disable_plaintext_auth: no login_dir: /var/run/dovecot//login login_executable: /usr/lib/dovecot/imap-login login_greeting_capability: yes mail_extra_groups: mail mail_location: maildir:/home/MAIL/%u imap_client_workarounds: tb-extra-mailbox-sep auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf # /etc/dovecot/dovecot-ldap.conf hosts = localhost dn = uid=root,ou=Users,dc=frontline dnpass = [user root plain text password here] auth_bind = yes auth_bind_userdn = uid=%u,ou=Users,dc=frontline ldap_version = 3 base = ou=Users,dc=frontline scope = subtree user_attrs = homeDirectory=home,uidNumber=uid user_filter = ((objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = ((objectClass=posixAccount)(uid=%u)) default_pass_scheme = MD5 user_global_uid = dovecot user_global_gid = dovecot in logfile i got this when i try to login: # /var/log/mail.info Mar 15 16:13:25 base dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Ilip=192.168.0.202^Irip=192.168.0.200 Mar 15 16:13:25 base dovecot: auth(default): client out: CONT^I1^I Mar 15 16:13:25 base dovecot: auth(default): client in: CONT^I1^IAHdvanRlawBiZWR6aWUgZG9icnpl Mar 15 16:13:25 base dovecot: auth(default): ldap(wojtek,192.168.0.200): bind: dn=uid=wojtek,ou=Users,dc=frontline Mar 15 16:13:25 base dovecot: auth(default): client out: OK^I1^Iuser=wojtek Mar 15 16:13:25 base dovecot: auth(default): master in: REQUEST^I1^I24908^I1 Mar 15 16:13:25 base dovecot: auth(default): ldap(wojtek,192.168.0.200): user search: base=ou=Users,dc=frontline scope=subtree filter=((objectClass=*)(u id=wojtek)) fields=homeDirectory,uidNumber Mar 15 16:13:25 base dovecot: auth(default): ldap(wojtek,192.168.0.200): Authenticated user not found Mar 15 16:13:25 base dovecot: auth(default): userdb(wojtek,192.168.0.200): user not found from userdb Mar 15 16:13:25 base dovecot: auth(default): master out: NOTFOUND^I1 Mar 15 16:13:25 base dovecot: imap-login: Internal login failure: user=wojtek, method=PLAIN, rip=192.168.0.200, lip=192.168.0.202