[Dovecot] user_global_uid - tricky to set

[Alexej Davidov]

On Tue, 06 Mar 2007 16:55:25 +0200
Timo Sirainen <tss at iki.fi> wrote:

> On Thu, 2007-03-01 at 22:02 +0100, Alexej Davidov wrote:
> > Hola!
> > 
> > Dovecot should serve virtual mail users. So I've set user_global_uid
> > and user_global_gid in dovecot_ldap.conf to vmail/vmail. Also I've
> > commented auth the user_attrs field. Still Dovecot tries to switch
> > to the uid that is defined in the LDAP entry. 
> > 
> > It took me some time to figure out, that the only way to prevent
> > this is to set
> > user_attrs = foo=uid,bar=gid
> > or something like this, so Dovecot doesn't have a chance to find the
> > uid/gid. Still it will perform some LDAP lookups.
> > 
> > In my oppinion, Dovecot shouldn't try to get the uid/gid from LDAP
> > if the user_attrs field is undefined.
> 
> Commenting out user_attrs is the same as setting it to the default
> value. Setting "user_attrs =" should have worked. However if you don't
> want userdb LDAP lookup at all, use userdb static instead.

I want to use ldap for authorization. The entries just happen to
contain a uid field, which should not be used for file access, though.

Setting "user_attrs =" did not work. Dovecot still looked up the uid
from ldap. I always got:
Mar  1 21:31:54 myhost dovecot: imap-login: Login:
user=<foo at bar.net>, method=PLAIN, rip=xxx.xxx.xxx.xxx,
lip=xxx.xxx.xxx.xxx, TLS
Mar  1 21:31:54 myhost dovecot: IMAP(foo at bar.net):
stat(/var/vmail/foo/cur) failed: Permission denied 

I tried again with "user_attrs =" and strange enough the error is now
different:
Mar  6 19:11:52 myhost dovecot: imap-login: Internal login failure:
user=<foo at bar.net>, method=PLAIN, rip=xxx.xxx.xxx.xxx,
lip=xxx.xxx.xxx.xxx, TLS 
Mar  6 19:11:52 myhost dovecot: child 9966 (auth) killed with signal 11

After setting user_attrs back to "foo=uid,bar=gid" everything works
again.

A.