[Dovecot] LDAP
Wojtek Bogusz
Wojtek at FrontLineDefenders.org
Sat Apr 12 18:36:03 EEST 2008
hi all, i cannot figure out how to solve my problem with dovecot+ldap
configuration. please help...
i was reading through the emails from the list related to ldap. i added
this debugging line 372: "i_info("LDAP: Received reply %d", msgid);" to
src/auth/db-ldap.c. you can see part of my mail.info log file below.
most interesting is that actually if you give a wrong password to the
email client program dovecot report it back. so it can verify this on
LDAP. also you can see that one of the lines below say "client out:
OK^I1^Iuser=wojtek". what looks to me as a successful authentication.
and than it cannot find the user! what is strange, as when i execute a
command line: "ldapsearch -h localhost -b 'ou=Users,dc=frontline' -D
'uid=wojtek,ou=Users,dc=frontline' -x -W" it works ok (see the result
below in the quoted emails).
Steffen wrote that "userdb is not running" - i do not understand this.
how do i make it run? i thought that both userdb and passdb are in LDAP.
please see the structure of my LDAP record below in quoted email.
Apr 12 16:05:27 base dovecot: auth(default): client in:
AUTH^I1^IPLAIN^Iservice=IMAP^Ilip=192.168.0.202^Irip=192.168.0.200
Apr 12 16:05:27 base dovecot: auth(default): client out: CONT^I1^I
Apr 12 16:05:27 base dovecot: auth(default): client in:
CONT^I1^IAHdvanRlawBiZWR6aWUgZG9icnpl
Apr 12 16:05:27 base dovecot: auth(default): ldap(wojtek,192.168.0.200):
bind: dn=uid=wojtek,ou=Users,dc=frontline
Apr 12 16:05:27 base dovecot: auth(default): LDAP: Received reply 2
Apr 12 16:05:27 base dovecot: auth(default): client out: OK^I1^Iuser=wojtek
Apr 12 16:05:27 base dovecot: auth(default): master in: REQUEST^I1^I14825^I1
Apr 12 16:05:27 base dovecot: auth(default): ldap(wojtek,192.168.0.200):
user search: base=ou=Users,dc=frontline scope=subtree
filter=(&(objectClass=posixAccount)(uid=wojtek))
fields=homeDirectory,uidNumber
Apr 12 16:05:27 base dovecot: auth(default): LDAP: Received reply 3
Apr 12 16:05:27 base dovecot: auth(default): LDAP: Received reply 4
Apr 12 16:05:27 base dovecot: auth(default): ldap(wojtek,192.168.0.200):
Authenticated user not found
Apr 12 16:05:27 base dovecot: auth(default):
userdb(wojtek,192.168.0.200): user not found from userdb
Apr 12 16:05:27 base dovecot: auth(default): master out: NOTFOUND^I1
Apr 12 16:05:27 base dovecot: imap-login: Internal login failure:
user=<wojtek>, method=PLAIN, rip=192.168.0.200, lip=192.168.0.202
see my configuration:
$ sudo dovecot -n
# 1.0.13: /usr/local/etc/dovecot.conf
base_dir: /var/run/dovecot/
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imaps imap
ssl_cert_file: /etc/apache2/ssl/server.pem
ssl_key_file: /etc/apache2/ssl/server.key
disable_plaintext_auth: no
login_dir: /var/run/dovecot//login
login_executable: /usr/local/libexec/dovecot/imap-login
login_greeting_capability: yes
mail_privileged_group: mail
mail_location: maildir:/home/MAIL/%u
imap_client_workarounds: tb-extra-mailbox-sep
auth default:
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
userdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
$ sudo grep -v '^[[:space:]]*#' /etc/dovecot/dovecot-ldap.conf | grep -v
'^$'
hosts = localhost
dn = uid=root,ou=Users,dc=frontline
dnpass = ...password...
auth_bind = yes
auth_bind_userdn = uid=%u,ou=Users,dc=frontline
ldap_version = 3
base = ou=Users,dc=frontline
scope = subtree
user_attrs = homeDirectory=home,uidNumber=uid
user_filter = (&(objectClass=posixAccount)(uid=%u))
pass_attrs = uid=user,userPassword=password
pass_filter = (&(objectClass=posixAccount)(uid=%u))
default_pass_scheme = MD5
user_global_uid = dovecot
user_global_gid = dovecot
Wojtek Bogusz wrote:
> hi Steffen, i have to modify ldapsearch command you wrote and add '-x'
> switch for simple authentication instead of SASL. but otherwise the
> command display good results:
>
> # extended LDIF
> #
> # LDAPv3
> # base <ou=Users,dc=frontline> with scope subtree
> # filter: (&(objectClass=posixAccount)(uid=wojtek))
> # requesting: homeDirectory uidNumber
> #
>
> # wojtek, Users, frontline
> dn: uid=wojtek,ou=Users,dc=frontline
> uidNumber: 30000
> homeDirectory: /home/samba/wojtek
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
>
> i am not sure how to show you the structure of the LDAP entry otherwise
> than just run a search without requesting specific field. here is the
> result:
>
> # wojtek, Users, frontline
> dn: uid=wojtek,ou=Users,dc=frontline
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> cn: wojtek
> sn: wojtek
> givenName: wojtek
> uid: wojtek
> uidNumber: 30000
> gidNumber: 513
> homeDirectory: /home/samba/wojtek
> loginShell: /bin/false
> gecos: Wojtek Bogusz
> userPassword:: [password here]
>
> cheers, Wojtek
>
> Steffen Kaiser wrote:
>> On Mon, 17 Mar 2008, Wojtek Bogusz wrote:
>>
>>> bind: dn=uid=wojtek,ou=Users,dc=frontline
>>> Mar 17 18:21:09 base dovecot: auth(default): client out:
>>> OK^I1^Iuser=wojtek
>>> Mar 17 18:21:09 base dovecot: auth(default): master in:
>>> REQUEST^I2^I19185^I1
>>> Mar 17 18:21:09 base dovecot: auth(default):
>>> ldap(wojtek,192.168.0.200): user search: base=ou=Users,dc=frontline
>>> scope=subtree filter=
>>> (&(objectClass=posixAccount)(uid=wojtek)) fields=homeDirectory,uidNumber
>>> Mar 17 18:21:09 base dovecot: auth(default):
>>> ldap(wojtek,192.168.0.200): Authenticated user not found
>>
>> Dovecot differs between userdb and passdb.
>>
>> It seems that passdb is running, but userdb is not.
>>
>> How does your LDAP entry looks like? Should the user data be read from
>> LDAP, BTW?
>>
>> Does the LDAP filter mentioned in the logs return the results for the
>> currently bound user, aka:
>>
>> ldapsearch -D uid=wojtek,ou=Users,dc=frontline -W \
>> -b ou=Users,dc=frontline \
>> '(&(objectClass=posixAccount)(uid=wojtek))' homeDirectory uidNumber
>>
>> displays home and uid?
>>
>> Bye,
>>
>> -- Steffen Kaiser
>
More information about the dovecot
mailing list