[Dovecot] suspected bug in dovecot-ldap setup?

Pedro Venda pjvenda at pjvenda.org
Fri Oct 27 12:45:39 UTC 2006 

Hi everyone,

[first post: long and boring. beware!]

I've been working on a virtual multidomain MX server with pop3 access. 
Accounting for users/domains is done via OpenLDAP with the Jamm[1] schema and 
dovecot is 1.0rc10 (dovecot-1.0-0_27.rc10.el4.at fetched as RPM from 
atrpms.net for CentOS 4.4).

I intended to have authenticated binds but there was a problem with the 
user_filter directive being ignored:
user_filter = (&(objectClass=JammMailAccount)(mail=%n@%d)(accountActive=TRUE)
(delete=FALSE))

dovecot: Oct 26 16:20:58 Info: auth(default): client in: AUTH 1 PLAIN 
service=IMAP secured lip=::ffff:192.168.0.5 rip=::ffff:192.168.0.69 
resp=<hidden>
dovecot: Oct 26 16:20:58 Info: auth(default): 
ldap(dave at info.test,::ffff:192.168.0.69): bind search: 
base=o=hosting,dc=example,dc=com scope=subtree filter= 
**(&(objectClass=posixAccount(uid=dave at info.test))**
dovecot: Oct 26 16:20:58 Info: auth(default): 
ldap(dave at info.test,::ffff:192.168.0.69): unknown user 
dovecot: Oct 26 16:20:59 Info: auth(default): client out: FAIL  1       
user=dave at info.test
dovecot: Oct 26 16:20:59 Info: imap-login: Disconnected: 
user=<dave at info.test>, method=PLAIN, rip=::ffff:192.168.0.69, 
lip=::ffff:192.168.0.5, TLS

(nevermind the data, it's test only)

As you can see from the info file, the search filter used was being 
(&(objectClass=posixAccount(uid=dave at info.test)) and not 
(&(objectClass=JammMailAccount)(mail=dave at info.test)(accountActive=TRUE)
(delete=FALSE)).

I sorted this out by trying to enable auth_bind_userdn:
auth_bind_userdn = mail=%n@%d,jvd=%d,o=hosting,dc=example,dc=com

Now, the login worked well and the debug info is as follows:
dovecot: Oct 27 12:01:48 Info: auth(default): client in: AUTH   1       PLAIN   
service=IMAP    lip=::ffff:192.168.0.5  rip=::ffff:192.168.0.69 
resp=AGRhdmVAaW5mb
y50ZXN0AFRlbXAuMTIz
dovecot: Oct 27 12:01:48 Info: auth(default): client out: OK    1       
user=dave at info.test
dovecot: Oct 27 12:01:48 Info: auth(default): master in: REQUEST        1       
10634   1
dovecot: Oct 27 12:01:48 Info: auth(default): 
ldap(dave at info.test,::ffff:192.168.0.69): base=o=hosting,dc=example,dc=com 
scope=subtree filter=(&(objectClass=JammMailAccount)(mail=dave at info.test)
(accountActive=TRUE)(delete=FALSE)) fields=mailbox
dovecot: Oct 27 12:01:48 Info: auth(default): master out: USER  1       
dave at info.test  mail=info.test/dave/    uid=5000        gid=5000

(nevermind the debug data, passwords, etc. it's test only)

In this case, the search filter is ok:
(&(objectClass=JammMailAccount)(mail=dave at info.test)(accountActive=TRUE)
(delete=FALSE))

So aparently, the auth_bind_userdn directive that supposedly adds a 
performance gain by sparing one bind request, seems to interfere with the 
user_filter directive. 

I suspect this might be a bug, so here's my report. Is this a new issue?

Thanks for surviving this far through this post,
Best regards,
Pedro Venda.

[1]: [Java Mail Manager]: web applications to manage virtual email account 
information stored in an LDAP directory. (http://jamm.sourceforge.net)
-- 

Pedro João Lopes Venda
email: pjvenda at pjvenda org
http://www.pjvenda.org

More information about the dovecot mailing list