hi all, i cannot figure out how to solve my problem with dovecot+ldap configuration. please help...
i was reading through the emails from the list related to ldap. i added this debugging line 372: "i_info("LDAP: Received reply %d", msgid);" to src/auth/db-ldap.c. you can see part of my mail.info log file below.
most interesting is that actually if you give a wrong password to the email client program dovecot report it back. so it can verify this on LDAP. also you can see that one of the lines below say "client out: OK^I1^Iuser=wojtek". what looks to me as a successful authentication. and than it cannot find the user! what is strange, as when i execute a command line: "ldapsearch -h localhost -b 'ou=Users,dc=frontline' -D 'uid=wojtek,ou=Users,dc=frontline' -x -W" it works ok (see the result below in the quoted emails).
Steffen wrote that "userdb is not running" - i do not understand this. how do i make it run? i thought that both userdb and passdb are in LDAP. please see the structure of my LDAP record below in quoted email.
Apr 12 16:05:27 base dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Ilip=192.168.0.202^Irip=192.168.0.200 Apr 12 16:05:27 base dovecot: auth(default): client out: CONT^I1^I Apr 12 16:05:27 base dovecot: auth(default): client in: CONT^I1^IAHdvanRlawBiZWR6aWUgZG9icnpl Apr 12 16:05:27 base dovecot: auth(default): ldap(wojtek,192.168.0.200): bind: dn=uid=wojtek,ou=Users,dc=frontline Apr 12 16:05:27 base dovecot: auth(default): LDAP: Received reply 2 Apr 12 16:05:27 base dovecot: auth(default): client out: OK^I1^Iuser=wojtek Apr 12 16:05:27 base dovecot: auth(default): master in: REQUEST^I1^I14825^I1 Apr 12 16:05:27 base dovecot: auth(default): ldap(wojtek,192.168.0.200): user search: base=ou=Users,dc=frontline scope=subtree filter=(&(objectClass=posixAccount)(uid=wojtek)) fields=homeDirectory,uidNumber Apr 12 16:05:27 base dovecot: auth(default): LDAP: Received reply 3 Apr 12 16:05:27 base dovecot: auth(default): LDAP: Received reply 4 Apr 12 16:05:27 base dovecot: auth(default): ldap(wojtek,192.168.0.200): Authenticated user not found Apr 12 16:05:27 base dovecot: auth(default): userdb(wojtek,192.168.0.200): user not found from userdb Apr 12 16:05:27 base dovecot: auth(default): master out: NOTFOUND^I1 Apr 12 16:05:27 base dovecot: imap-login: Internal login failure: user=<wojtek>, method=PLAIN, rip=192.168.0.200, lip=192.168.0.202
see my configuration:
$ sudo dovecot -n # 1.0.13: /usr/local/etc/dovecot.conf base_dir: /var/run/dovecot/ log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps imap ssl_cert_file: /etc/apache2/ssl/server.pem ssl_key_file: /etc/apache2/ssl/server.key disable_plaintext_auth: no login_dir: /var/run/dovecot//login login_executable: /usr/local/libexec/dovecot/imap-login login_greeting_capability: yes mail_privileged_group: mail mail_location: maildir:/home/MAIL/%u imap_client_workarounds: tb-extra-mailbox-sep auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf
$ sudo grep -v '^[[:space:]]*#' /etc/dovecot/dovecot-ldap.conf | grep -v '^$' hosts = localhost dn = uid=root,ou=Users,dc=frontline dnpass = ...password... auth_bind = yes auth_bind_userdn = uid=%u,ou=Users,dc=frontline ldap_version = 3 base = ou=Users,dc=frontline scope = subtree user_attrs = homeDirectory=home,uidNumber=uid user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) default_pass_scheme = MD5 user_global_uid = dovecot user_global_gid = dovecot
Wojtek Bogusz wrote:
hi Steffen, i have to modify ldapsearch command you wrote and add '-x' switch for simple authentication instead of SASL. but otherwise the command display good results:
# extended LDIF # # LDAPv3 # base <ou=Users,dc=frontline> with scope subtree # filter: (&(objectClass=posixAccount)(uid=wojtek)) # requesting: homeDirectory uidNumber #
# wojtek, Users, frontline dn: uid=wojtek,ou=Users,dc=frontline uidNumber: 30000 homeDirectory: /home/samba/wojtek
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
i am not sure how to show you the structure of the LDAP entry otherwise than just run a search without requesting specific field. here is the result:
# wojtek, Users, frontline dn: uid=wojtek,ou=Users,dc=frontline objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: wojtek sn: wojtek givenName: wojtek uid: wojtek uidNumber: 30000 gidNumber: 513 homeDirectory: /home/samba/wojtek loginShell: /bin/false gecos: Wojtek Bogusz userPassword:: [password here]
cheers, Wojtek
Steffen Kaiser wrote:
On Mon, 17 Mar 2008, Wojtek Bogusz wrote:
bind: dn=uid=wojtek,ou=Users,dc=frontline Mar 17 18:21:09 base dovecot: auth(default): client out: OK^I1^Iuser=wojtek Mar 17 18:21:09 base dovecot: auth(default): master in: REQUEST^I2^I19185^I1 Mar 17 18:21:09 base dovecot: auth(default): ldap(wojtek,192.168.0.200): user search: base=ou=Users,dc=frontline scope=subtree filter= (&(objectClass=posixAccount)(uid=wojtek)) fields=homeDirectory,uidNumber Mar 17 18:21:09 base dovecot: auth(default): ldap(wojtek,192.168.0.200): Authenticated user not found
Dovecot differs between userdb and passdb.
It seems that passdb is running, but userdb is not.
How does your LDAP entry looks like? Should the user data be read from LDAP, BTW?
Does the LDAP filter mentioned in the logs return the results for the currently bound user, aka:
ldapsearch -D uid=wojtek,ou=Users,dc=frontline -W
-b ou=Users,dc=frontline
'(&(objectClass=posixAccount)(uid=wojtek))' homeDirectory uidNumberdisplays home and uid?
Bye,
-- Steffen Kaiser