Hi, I suspect the problem may be related to the fact that my pass_filter and user_filter are different.
Surely the sogo-tool should use the user's email address and not UID when querying Dovecot's userdb? Regards, Jacques On Tue, Nov 17, 2015 at 9:20 AM, Jacques Serfontein < [email protected]> wrote: > Hi Christian, > > Herewith my SOGoUserSources. I have tried different combinations without > any luck. Should I perhaps try clearing the SOGo database after each change? > > */etc/sogo/sogo.conf :* > .... > SOGoUserSources = ( > { > type = ldap; > CNFieldName = cn; > UIDFieldName = "sAMAccountName"; > baseDN = "DC=test,DC=com,DC=na"; > bindDN = "[email protected]"; > bindFields = (sAMAccountName); > bindPassword = s3LDg9p3p8iQEtb; > canAuthenticate = YES; > displayName = "Test Domain"; > hostname = ldap://127.0.0.1:389; > filter = "mail = '*'"; > id = directory; > isAddressBook = YES; > } > ); > ... > > Regards, > Jacques > > > On Mon, Nov 16, 2015 at 11:18 AM, Christian Mack < > [email protected]> wrote: > >> Am 15.11.2015 um 12:25 schrieb Jacques Serfontein: >> > Hi, >> > >> > I seem to be having some trouble with the "sogo-tool expire-autoreply" >> and >> > Dovecot's master user (sogo) when using the "sAMAccountName" instead of >> the >> > "mail" attribute in the LDAP passdb with "auth_bind=yes". >> > >> > The idea is that users should only be able to authenticate with their >> user >> > name and not their email address, and everything seems to be working >> quite >> > well, except for the the above mentioned. >> > >> > As far as I can tell, the master user successfully authenticates, but >> then >> > does a lookup in the userdb, but using the wrong filter, ie. "(mail=%u)" >> > instead of "(sAMAccountName=%u)". >> > >> > If I change the passdb filter to match the userdb filter, then it seems >> to >> > work, but that means users have to use their email address to >> authenticate, >> > which is not what is desired. >> > >> > Please note that I am using an up to date version of SOGo (2.3.3) >> without >> > OpenChange (for now) from the Inverse repository on Debian Jessie (8.2) >> and >> > Samba AD (4.1.18). >> > >> > >> > *doveconf -n :* >> > auth_debug = yes >> > auth_debug_passwords = yes >> > auth_mechanisms = plain login >> > auth_verbose = yes >> > lda_mailbox_autocreate = yes >> > lda_mailbox_autosubscribe = yes >> > mail_debug = yes >> > managesieve_notify_capability = mailto >> > managesieve_sieve_capability = fileinto reject envelope >> encoded-character >> > vacation subaddress comparator-i;ascii-numeric relational regex >> imap4flags >> > copy include variables body enotify environment mailbox date ihave >> > namespace inbox { >> > inbox = yes >> > location = >> > mailbox Drafts { >> > auto = subscribe >> > special_use = \Drafts >> > } >> > mailbox Sent { >> > auto = subscribe >> > special_use = \Sent >> > } >> > mailbox "Sent Messages" { >> > auto = no >> > special_use = \Sent >> > } >> > mailbox Spam { >> > auto = create >> > special_use = \Junk >> > } >> > mailbox Trash { >> > auto = subscribe >> > special_use = \Trash >> > } >> > prefix = >> > separator = / >> > subscriptions = yes >> > } >> > passdb { >> > args = /etc/dovecot/dovecot-ldap-passdb.conf >> > driver = ldap >> > } >> > passdb { >> > args = /etc/dovecot/dovecot.passwd >> > driver = passwd-file >> > master = yes >> > } >> > protocols = imap sieve >> > service auth { >> > unix_listener /var/spool/postfix/private/auth { >> > group = postfix >> > mode = 0660 >> > user = postfix >> > } >> > unix_listener auth-master { >> > group = vmail >> > mode = 0600 >> > user = vmail >> > } >> > } >> > service imap-login { >> > inet_listener imaps { >> > port = 0 >> > } >> > } >> > service managesieve-login { >> > inet_listener sieve { >> > address = 127.0.0.1 ::1 >> > } >> > } >> > ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem >> > ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key >> > userdb { >> > args = /etc/dovecot/dovecot-ldap-userdb.conf >> > driver = ldap >> > } >> > protocol lda { >> > auth_socket_path = /var/run/dovecot/auth-master >> > mail_plugins = sieve >> > postmaster_address = postmaster >> > } >> > protocol imap { >> > mail_max_userip_connections = 20 >> > } >> > >> > */etc/dovecot/dovecot-ldap-userdb.conf :* >> > >> > hosts = localhost:3268 >> > dn = [email protected] >> > dnpass = s3LDg9p3p8iQEtb >> > base = dc=test,dc=com,dc=na >> > ldap_version = 3 >> > scope = subtree >> > deref = never >> > user_filter = (&(mail=%u)(objectClass=user)) >> > user_attrs = >> > >> =uid=vmail,=gid=vmail,sAMAccountName=home=/home/vmail/%L$,=mail=maildir:~/Maildir >> > >> > */etc/dovecot/dovecot-ldap-passdb.conf :* >> > >> > hosts = localhost:3268 >> > dn = [email protected] >> > dnpass = s3LDg9p3p8iQEtb >> > base = dc=test,dc=com,dc=na >> > ldap_version = 3 >> > scope = subtree >> > deref = never >> > auth_bind = yes >> > pass_filter = (&(sAMAccountName=%u)(objectClass=user)) >> > pass_attrs = mail=user >> > >> > */usr/sbin/sogo-tool expire-autoreply -p /etc/sogo/sieve.creds :* >> > >> > <0x0x195a7d0[SOGoCache]> Cache cleanup interval set every 300.000000 >> seconds >> > <0x0x195a7d0[SOGoCache]> Using host(s) 'localhost' as server(s) >> > <0x0x1b35730[SOGoSieveManager]> Could not login 'user1' on Sieve server: >> > <0x0x1b38050[NGSieveClient]: socket=<NGActiveSocket[0x0x1b41810]: >> mode=rw >> > address=<0x0x1b448d0[NGInternetSocketAddress]: >> host=localhost.localdomain >> > port=50775> connectedTo=<0x0x1b3c840[NGInternetSocketAddress]: >> > host=127.0.0.1 port=4190>>>: {RawResponse = "{ok = 0; reason = >> \"Internal >> > error occurred. Refer to server log for more information.\"; }"; result >> = >> > 0; } >> > 2015-11-15 13:07:19.299 sogo-tool[2282] An error occured while removing >> > auto-reply of user user1 >> > >> > *tail -f /var/log/mail.log -n 20 :* >> > >> > Nov 15 13:06:45 server dovecot: master: Dovecot v2.2.13 starting up for >> > imap, sieve (core dumps disabled) >> > Nov 15 13:07:19 server dovecot: auth: Debug: Loading modules from >> > directory: /usr/lib/dovecot/modules/auth >> > Nov 15 13:07:19 server dovecot: auth: Debug: Loading modules from >> > directory: /usr/lib/dovecot/modules/auth >> > Nov 15 13:07:19 server dovecot: auth: Debug: Module loaded: >> > /usr/lib/dovecot/modules/auth/libauthdb_ldap.so >> > Nov 15 13:07:19 server dovecot: auth: Debug: Read auth token secret from >> > /var/run/dovecot/auth-token-secret.dat >> > Nov 15 13:07:19 server dovecot: auth: Debug: passwd-file >> > /etc/dovecot/dovecot.passwd: Read 1 users in 0 secs >> > Nov 15 13:07:19 server dovecot: auth: Debug: auth client connected >> > (pid=2285) >> > Nov 15 13:07:19 server dovecot: auth: Debug: client in: >> > >> AUTH#0111#011PLAIN#011service=sieve#011secured#011session=TYbPS5IkVwB/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=4190#011rport=50775#011resp=dXNlcjEAc29nbwAxNjI1MzQ= >> > (previous base64 data may contain sensitive data) >> > Nov 15 13:07:19 server dovecot: auth: Debug: >> > passwd-file(sogo,127.0.0.1,master,<TYbPS5IkVwB/AAAB>): Master user >> lookup >> > for login: user1 >> > Nov 15 13:07:19 server dovecot: auth: Debug: >> > passwd-file(sogo,127.0.0.1,master,<TYbPS5IkVwB/AAAB>): lookup: user=sogo >> > file=/etc/dovecot/dovecot.passwd >> > Nov 15 13:07:19 server dovecot: auth: >> > passwd-file(sogo,127.0.0.1,master,<TYbPS5IkVwB/AAAB>): Master user >> logging >> > in as user1 >> > Nov 15 13:07:19 server dovecot: auth: Debug: client passdb out: >> > OK#0111#011user=user1#011original_user=sogo#011auth_user=sogo >> > Nov 15 13:07:19 server dovecot: auth: Debug: master in: REQUEST# >> > 0112634809345#0112285# >> > 0111#01122a6282271e31a1cf70f940ed9a08aca#011session_pid=2287 >> > Nov 15 13:07:19 server dovecot: auth: Debug: >> > ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): user search: >> > base=dc=test,dc=com,dc=na scope=subtree >> > filter=(&(mail=user1)(objectClass=user)) fields=sAMAccountName >> > Nov 15 13:07:19 server dovecot: auth: Debug: >> > ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): no fields returned by the >> server >> > Nov 15 13:07:19 server dovecot: auth: >> > ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): unknown user >> > Nov 15 13:07:19 server dovecot: auth: Error: >> > ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): user not found from userdb >> > Nov 15 13:07:19 server dovecot: auth: Debug: master userdb out: >> NOTFOUND# >> > 0112634809345 >> > Nov 15 13:07:19 server dovecot: managesieve: Error: Authenticated user >> not >> > found from userdb, auth lookup id=2634809345 (client-pid=2285 >> client-id=1) >> > Nov 15 13:07:19 server dovecot: managesieve-login: Internal login >> failure >> > (pid=2285 id=1) (internal failure, 1 successful auths): user=<user1>, >> > method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=2287, secured, >> > session=<TYbPS5IkVwB/AAAB> >> > >> > >> > Any help and or suggestions would be greatly appreciated. >> > >> >> Check your /etc/sogo/sogo.conf. >> In your SOGoUserSources section you have to set IDFieldName, >> UIDFieldName, IMAPLoginFieldName and bindFields according to your needs. >> >> >> Kind regards, >> Christian Mack >> >> -- >> Christian Mack >> Universität Konstanz >> Kommunikations-, Informations-, Medienzentrum (KIM) >> Abteilung Basisdienste >> 78457 Konstanz >> +49 7531 88-4416 >> >> > -- [email protected] https://inverse.ca/sogo/lists
