Am 15.11.2015 um 12:25 schrieb Jacques Serfontein:
> Hi,
>
> I seem to be having some trouble with the "sogo-tool expire-autoreply" and
> Dovecot's master user (sogo) when using the "sAMAccountName" instead of the
> "mail" attribute in the LDAP passdb with "auth_bind=yes".
>
> The idea is that users should only be able to authenticate with their user
> name and not their email address, and everything seems to be working quite
> well, except for the the above mentioned.
>
> As far as I can tell, the master user successfully authenticates, but then
> does a lookup in the userdb, but using the wrong filter, ie. "(mail=%u)"
> instead of "(sAMAccountName=%u)".
>
> If I change the passdb filter to match the userdb filter, then it seems to
> work, but that means users have to use their email address to authenticate,
> which is not what is desired.
>
> Please note that I am using an up to date version of SOGo (2.3.3) without
> OpenChange (for now) from the Inverse repository on Debian Jessie (8.2) and
> Samba AD (4.1.18).
>
>
> *doveconf -n :*
> auth_debug = yes
> auth_debug_passwords = yes
> auth_mechanisms = plain login
> auth_verbose = yes
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> mail_debug = yes
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date ihave
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
> }
> mailbox Sent {
> auto = subscribe
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> auto = no
> special_use = \Sent
> }
> mailbox Spam {
> auto = create
> special_use = \Junk
> }
> mailbox Trash {
> auto = subscribe
> special_use = \Trash
> }
> prefix =
> separator = /
> subscriptions = yes
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap-passdb.conf
> driver = ldap
> }
> passdb {
> args = /etc/dovecot/dovecot.passwd
> driver = passwd-file
> master = yes
> }
> protocols = imap sieve
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
> }
> unix_listener auth-master {
> group = vmail
> mode = 0600
> user = vmail
> }
> }
> service imap-login {
> inet_listener imaps {
> port = 0
> }
> }
> service managesieve-login {
> inet_listener sieve {
> address = 127.0.0.1 ::1
> }
> }
> ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
> ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
> userdb {
> args = /etc/dovecot/dovecot-ldap-userdb.conf
> driver = ldap
> }
> protocol lda {
> auth_socket_path = /var/run/dovecot/auth-master
> mail_plugins = sieve
> postmaster_address = postmaster
> }
> protocol imap {
> mail_max_userip_connections = 20
> }
>
> */etc/dovecot/dovecot-ldap-userdb.conf :*
>
> hosts = localhost:3268
> dn = [email protected]
> dnpass = s3LDg9p3p8iQEtb
> base = dc=test,dc=com,dc=na
> ldap_version = 3
> scope = subtree
> deref = never
> user_filter = (&(mail=%u)(objectClass=user))
> user_attrs =
> =uid=vmail,=gid=vmail,sAMAccountName=home=/home/vmail/%L$,=mail=maildir:~/Maildir
>
> */etc/dovecot/dovecot-ldap-passdb.conf :*
>
> hosts = localhost:3268
> dn = [email protected]
> dnpass = s3LDg9p3p8iQEtb
> base = dc=test,dc=com,dc=na
> ldap_version = 3
> scope = subtree
> deref = never
> auth_bind = yes
> pass_filter = (&(sAMAccountName=%u)(objectClass=user))
> pass_attrs = mail=user
>
> */usr/sbin/sogo-tool expire-autoreply -p /etc/sogo/sieve.creds :*
>
> <0x0x195a7d0[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
> <0x0x195a7d0[SOGoCache]> Using host(s) 'localhost' as server(s)
> <0x0x1b35730[SOGoSieveManager]> Could not login 'user1' on Sieve server:
> <0x0x1b38050[NGSieveClient]: socket=<NGActiveSocket[0x0x1b41810]: mode=rw
> address=<0x0x1b448d0[NGInternetSocketAddress]: host=localhost.localdomain
> port=50775> connectedTo=<0x0x1b3c840[NGInternetSocketAddress]:
> host=127.0.0.1 port=4190>>>: {RawResponse = "{ok = 0; reason = \"Internal
> error occurred. Refer to server log for more information.\"; }"; result =
> 0; }
> 2015-11-15 13:07:19.299 sogo-tool[2282] An error occured while removing
> auto-reply of user user1
>
> *tail -f /var/log/mail.log -n 20 :*
>
> Nov 15 13:06:45 server dovecot: master: Dovecot v2.2.13 starting up for
> imap, sieve (core dumps disabled)
> Nov 15 13:07:19 server dovecot: auth: Debug: Loading modules from
> directory: /usr/lib/dovecot/modules/auth
> Nov 15 13:07:19 server dovecot: auth: Debug: Loading modules from
> directory: /usr/lib/dovecot/modules/auth
> Nov 15 13:07:19 server dovecot: auth: Debug: Module loaded:
> /usr/lib/dovecot/modules/auth/libauthdb_ldap.so
> Nov 15 13:07:19 server dovecot: auth: Debug: Read auth token secret from
> /var/run/dovecot/auth-token-secret.dat
> Nov 15 13:07:19 server dovecot: auth: Debug: passwd-file
> /etc/dovecot/dovecot.passwd: Read 1 users in 0 secs
> Nov 15 13:07:19 server dovecot: auth: Debug: auth client connected
> (pid=2285)
> Nov 15 13:07:19 server dovecot: auth: Debug: client in:
> AUTH#0111#011PLAIN#011service=sieve#011secured#011session=TYbPS5IkVwB/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=4190#011rport=50775#011resp=dXNlcjEAc29nbwAxNjI1MzQ=
> (previous base64 data may contain sensitive data)
> Nov 15 13:07:19 server dovecot: auth: Debug:
> passwd-file(sogo,127.0.0.1,master,<TYbPS5IkVwB/AAAB>): Master user lookup
> for login: user1
> Nov 15 13:07:19 server dovecot: auth: Debug:
> passwd-file(sogo,127.0.0.1,master,<TYbPS5IkVwB/AAAB>): lookup: user=sogo
> file=/etc/dovecot/dovecot.passwd
> Nov 15 13:07:19 server dovecot: auth:
> passwd-file(sogo,127.0.0.1,master,<TYbPS5IkVwB/AAAB>): Master user logging
> in as user1
> Nov 15 13:07:19 server dovecot: auth: Debug: client passdb out:
> OK#0111#011user=user1#011original_user=sogo#011auth_user=sogo
> Nov 15 13:07:19 server dovecot: auth: Debug: master in: REQUEST#
> 0112634809345#0112285#
> 0111#01122a6282271e31a1cf70f940ed9a08aca#011session_pid=2287
> Nov 15 13:07:19 server dovecot: auth: Debug:
> ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): user search:
> base=dc=test,dc=com,dc=na scope=subtree
> filter=(&(mail=user1)(objectClass=user)) fields=sAMAccountName
> Nov 15 13:07:19 server dovecot: auth: Debug:
> ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): no fields returned by the server
> Nov 15 13:07:19 server dovecot: auth:
> ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): unknown user
> Nov 15 13:07:19 server dovecot: auth: Error:
> ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): user not found from userdb
> Nov 15 13:07:19 server dovecot: auth: Debug: master userdb out: NOTFOUND#
> 0112634809345
> Nov 15 13:07:19 server dovecot: managesieve: Error: Authenticated user not
> found from userdb, auth lookup id=2634809345 (client-pid=2285 client-id=1)
> Nov 15 13:07:19 server dovecot: managesieve-login: Internal login failure
> (pid=2285 id=1) (internal failure, 1 successful auths): user=<user1>,
> method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=2287, secured,
> session=<TYbPS5IkVwB/AAAB>
>
>
> Any help and or suggestions would be greatly appreciated.
> Check your /etc/sogo/sogo.conf. In your SOGoUserSources section you have to set IDFieldName, UIDFieldName, IMAPLoginFieldName and bindFields according to your needs. Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung Basisdienste 78457 Konstanz +49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
