Hi,
I seem to be having some trouble with the "sogo-tool expire-autoreply" and
Dovecot's master user (sogo) when using the "sAMAccountName" instead of the
"mail" attribute in the LDAP passdb with "auth_bind=yes".
The idea is that users should only be able to authenticate with their user
name and not their email address, and everything seems to be working quite
well, except for the the above mentioned.
As far as I can tell, the master user successfully authenticates, but then
does a lookup in the userdb, but using the wrong filter, ie. "(mail=%u)"
instead of "(sAMAccountName=%u)".
If I change the passdb filter to match the userdb filter, then it seems to
work, but that means users have to use their email address to authenticate,
which is not what is desired.
Please note that I am using an up to date version of SOGo (2.3.3) without
OpenChange (for now) from the Inverse repository on Debian Jessie (8.2) and
Samba AD (4.1.18).
*doveconf -n :*
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_debug = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Spam {
auto = create
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
subscriptions = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap-passdb.conf
driver = ldap
}
passdb {
args = /etc/dovecot/dovecot.passwd
driver = passwd-file
master = yes
}
protocols = imap sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
group = vmail
mode = 0600
user = vmail
}
}
service imap-login {
inet_listener imaps {
port = 0
}
}
service managesieve-login {
inet_listener sieve {
address = 127.0.0.1 ::1
}
}
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
userdb {
args = /etc/dovecot/dovecot-ldap-userdb.conf
driver = ldap
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
mail_plugins = sieve
postmaster_address = postmaster
}
protocol imap {
mail_max_userip_connections = 20
}
*/etc/dovecot/dovecot-ldap-userdb.conf :*
hosts = localhost:3268
dn = [email protected]
dnpass = s3LDg9p3p8iQEtb
base = dc=test,dc=com,dc=na
ldap_version = 3
scope = subtree
deref = never
user_filter = (&(mail=%u)(objectClass=user))
user_attrs =
=uid=vmail,=gid=vmail,sAMAccountName=home=/home/vmail/%L$,=mail=maildir:~/Maildir
*/etc/dovecot/dovecot-ldap-passdb.conf :*
hosts = localhost:3268
dn = [email protected]
dnpass = s3LDg9p3p8iQEtb
base = dc=test,dc=com,dc=na
ldap_version = 3
scope = subtree
deref = never
auth_bind = yes
pass_filter = (&(sAMAccountName=%u)(objectClass=user))
pass_attrs = mail=user
*/usr/sbin/sogo-tool expire-autoreply -p /etc/sogo/sieve.creds :*
<0x0x195a7d0[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
<0x0x195a7d0[SOGoCache]> Using host(s) 'localhost' as server(s)
<0x0x1b35730[SOGoSieveManager]> Could not login 'user1' on Sieve server:
<0x0x1b38050[NGSieveClient]: socket=<NGActiveSocket[0x0x1b41810]: mode=rw
address=<0x0x1b448d0[NGInternetSocketAddress]: host=localhost.localdomain
port=50775> connectedTo=<0x0x1b3c840[NGInternetSocketAddress]:
host=127.0.0.1 port=4190>>>: {RawResponse = "{ok = 0; reason = \"Internal
error occurred. Refer to server log for more information.\"; }"; result =
0; }
2015-11-15 13:07:19.299 sogo-tool[2282] An error occured while removing
auto-reply of user user1
*tail -f /var/log/mail.log -n 20 :*
Nov 15 13:06:45 server dovecot: master: Dovecot v2.2.13 starting up for
imap, sieve (core dumps disabled)
Nov 15 13:07:19 server dovecot: auth: Debug: Loading modules from
directory: /usr/lib/dovecot/modules/auth
Nov 15 13:07:19 server dovecot: auth: Debug: Loading modules from
directory: /usr/lib/dovecot/modules/auth
Nov 15 13:07:19 server dovecot: auth: Debug: Module loaded:
/usr/lib/dovecot/modules/auth/libauthdb_ldap.so
Nov 15 13:07:19 server dovecot: auth: Debug: Read auth token secret from
/var/run/dovecot/auth-token-secret.dat
Nov 15 13:07:19 server dovecot: auth: Debug: passwd-file
/etc/dovecot/dovecot.passwd: Read 1 users in 0 secs
Nov 15 13:07:19 server dovecot: auth: Debug: auth client connected
(pid=2285)
Nov 15 13:07:19 server dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=sieve#011secured#011session=TYbPS5IkVwB/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=4190#011rport=50775#011resp=dXNlcjEAc29nbwAxNjI1MzQ=
(previous base64 data may contain sensitive data)
Nov 15 13:07:19 server dovecot: auth: Debug:
passwd-file(sogo,127.0.0.1,master,<TYbPS5IkVwB/AAAB>): Master user lookup
for login: user1
Nov 15 13:07:19 server dovecot: auth: Debug:
passwd-file(sogo,127.0.0.1,master,<TYbPS5IkVwB/AAAB>): lookup: user=sogo
file=/etc/dovecot/dovecot.passwd
Nov 15 13:07:19 server dovecot: auth:
passwd-file(sogo,127.0.0.1,master,<TYbPS5IkVwB/AAAB>): Master user logging
in as user1
Nov 15 13:07:19 server dovecot: auth: Debug: client passdb out:
OK#0111#011user=user1#011original_user=sogo#011auth_user=sogo
Nov 15 13:07:19 server dovecot: auth: Debug: master in: REQUEST#
0112634809345#0112285#
0111#01122a6282271e31a1cf70f940ed9a08aca#011session_pid=2287
Nov 15 13:07:19 server dovecot: auth: Debug:
ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): user search:
base=dc=test,dc=com,dc=na scope=subtree
filter=(&(mail=user1)(objectClass=user)) fields=sAMAccountName
Nov 15 13:07:19 server dovecot: auth: Debug:
ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): no fields returned by the server
Nov 15 13:07:19 server dovecot: auth:
ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): unknown user
Nov 15 13:07:19 server dovecot: auth: Error:
ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): user not found from userdb
Nov 15 13:07:19 server dovecot: auth: Debug: master userdb out: NOTFOUND#
0112634809345
Nov 15 13:07:19 server dovecot: managesieve: Error: Authenticated user not
found from userdb, auth lookup id=2634809345 (client-pid=2285 client-id=1)
Nov 15 13:07:19 server dovecot: managesieve-login: Internal login failure
(pid=2285 id=1) (internal failure, 1 successful auths): user=<user1>,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=2287, secured,
session=<TYbPS5IkVwB/AAAB>
Any help and or suggestions would be greatly appreciated.
Regards,
Jacques
--
[email protected]
https://inverse.ca/sogo/lists
