Dovecot SASL and GSSAPI (IPA)

Ranbir m3freak at thesandhufamily.ca
Mon Dec 14 22:53:54 UTC 2015


On Mon, 2015-12-14 at 09:10 -0600, Manuel Delgado wrote:
> This is more a postfix question but I have done this configs before
> in a
> BETA-Lab and it's a real pain. I'll be glad to help if I can.
> 
> I my environment I had postfix directly authenticating SASL with the
> IPA
> server (FreeIPA) using Cyrus SASL libs. In IPA the service most be
> registered with principal smtp/HOSTNAME.

I managed to get past the SASL GSSAPI errors in postfix and now I'm
seeing this in dovecot whenever postfix tries to deliver a message via
lmtp:

Dec 14 17:24:49 mailman02 dovecot: auth: Debug: password(
ranbir at theinside.rnr,DESKTOP): passdb doesn't support credential
lookups
Dec 14 17:24:49 mailman02 dovecot: auth: Debug: password(
ranbir at theinside.rnr,DESKTOP): Credentials:
Dec 14 17:24:49 mailman02 dovecot: auth: Debug: client passdb out: OK	
1	user=ranbir at theinside.rnr
Dec 14 17:24:49 mailman02 dovecot: imap(ranbir at theinside.rnr): Debug:
acl vfile: file
/var/spool/mail/thesandhufamily.ca/ranbir/Maildir/.Sent/dovecot-acl not
found
Dec 14 17:24:49 mailman02 dovecot: lmtp(15525): Debug: none: root=,
index=, indexpvt=, control=, inbox=, alt=
Dec 14 17:24:49 mailman02 dovecot: lmtp(15525): Connect from POSTFIX
Dec 14 17:24:49 mailman02 dovecot: auth: Debug: master in: USER	
2	ranbir at thesandhufamily.ca	service=lmtp	lip=DOVEC
OT	lport=24	rip=POSTFIX	rport=56214
Dec 14 17:24:49 mailman02 dovecot: auth-worker(15521): Debug: passwd(
ranbir at thesandhufamily.ca,POSTFIX): lookup
Dec 14 17:24:50 mailman02 dovecot: auth-worker(15521): passwd(
ranbir at thesandhufamily.ca,POSTFIX): unknown user
Dec 14 17:24:50 mailman02 dovecot: auth: Debug: userdb out: NOTFOUND	
2 

Obviously postfix replies the with a "user doesn't exist" message.

I've tried creating a ldap_aliases file (and I added the config in
main.cf) which should allow postfix to do a bind to my freeipa box, but
postfix appears to never even try the ldap lookup. A manual testworks
OK, so I know the ldap_alises file was done correctly.

Is it possible in Dovecot to translate the mail address lookup from
postfix into just a "uid" search? If I could do that, Dovecot would
find "ranbir" and report back to postfix the user exists.


-- 
Ranbir
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20151214/5d647282/attachment.sig>


More information about the dovecot mailing list