-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 6 Jun 2017, Sandbox wrote:
Its weird, when i sat up (&(uid=%n)(mail=*@%{domain1.com})) as user_filter: ^^^^^^^^^^ https://wiki2.dovecot.org/Variables?highlight=%28domain%29
The variable is named domain.
auth: Debug: auth client connected (pid=14697) auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=3Ej8PkdRAgDAqAG3 lip=192.168.34.10 rip=192.168.34.18 lport=143 rport=59394 auth: Debug: client passdb out: CONT 1 auth: Debug: client in: CONT<hidden> auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): pass search: base=ou=People,dc=domain1,dc=com scope=subtree filter=(uid=testuser1) fields=uid,userPassword auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): result: uid= testuser1 userPassword=<hidden>; uid,userPassword unused auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): result: uid= testuser1 userPassword=<hidden> auth: Debug: client passdb out: OK 1 user=testuser1 %n=testuser1 auth: Debug: master in: REQUEST 3018063873 14697 1 3f04b57a81e1750e279d4dfec2e35414 session_pid=14699 request_auth_token auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): user search: base=ou=People,dc=domain1,dc=com scope=subtree filter=(&(uid=testuser 1)(mail=*@domain1.com})) fields=uid ^^^^^^^^^^^^^^^
auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): no fields returned by the server auth: Info: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): unknown user auth: Debug: master userdb out: NOTFOUND 3018063873 imap-login: Info: Internal login failure (pid=14697 id=1) (internal failure, 1 successful auths): user=<testuser1>, method=PLAIN, rip=192.168.34.18, lip=192.168.34.10, mpid=14699, TLS, session=<3Ej8PkdRAgDAqAG3>
As I understand the filter should give back this result: "testuser1" when the mail record is *@domain1.com.
and when i sat up the "old" method (uid=%n)
auth: Debug: auth client connected (pid=14739) auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=6v9kQkdREADAqAG3 lip=192.168.34.10 rip=192.168.34.18 lport=143 rport=59408 auth: Debug: client passdb out: CONT 1 auth: Debug: client in: CONT<hidden> auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): pass search: base=ou=People,dc=domain1,dc=com scope=subtree filter=(uid=testuser1) fields=uid,userPassword auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result: uid=testuser1 userPassword=<hidden>; uid,userPassword unused auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result: uid=testuser1 userPassword=<hidden> auth: Debug: client passdb out: OK 1 user=testuser1 %n=testuser1 auth: Debug: master in: REQUEST 2349465601 14739 1 30535968cbadc3948ed4578ae769de33 session_pid=14741 request_auth_token auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): user search: base=ou=People,dc=domain1,dc=com scope=subtree filter=(uid=testuser1) fields=uid auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result: uid=testuser1; uid unused auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result: uid=testuser1 auth: Debug: master userdb out: USER 2349465601 testuser1 auth_token=5f171ed4c66480dcc89a21709b062753c151aede imap-login: Info: Login: user=<testuser1>, method=PLAIN, rip=192.168.34.18, lip=192.168.34.10, mpid=14741, TLS, session=<6v9kQkdREADAqAG3>
btw, its Dovecot 2.2.18 (Ubuntu 16.04 LTS)
Robert
2017-06-03 18:18 GMT+02:00 Sami Ketola <sami.ketola@dovecot.fi>:
On 2 Jun 2017, at 11.40, Aki Tuomi <aki.tuomi@dovecot.fi> wrote:
Dovecot 2.2.29+ has feature called username_filter for passdb blocks, which lets you specify usernames the passdb block is to be used. This could simplify your config somewhat. See https://wiki.dovecot.org/ PasswordDatabase
Small mistake. That feature is in 2.2.30+
Sami
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWTarLHz1H7kL/d9rAQIIWAgAoWPAG/Q86Yt0CH1Zn1KdlXsTpk5NHc02 4snBpPo5nptJ9ZqUsuvQaGVu7iYqOZV4fJjONJAaPOrOkhxvGSa0twOlgF/+uNxs FJt5xn13OjuTKKOX24GTXxStVqQp0uOysGMlV3aFJudOCFig584IBtZa4Xdmky8Q GV2LHspK0go04YSZ7O8kSIJHcjEHsgOiO2OPl6jJo5rR7StVvzXIHOqeOLVeMWdS VDYDKxBcKf83HUgRJE0FU1zfR3UTrV/nwSTi232xgQ5XXhjY1fHZGirceaEleZkH T7Y6rzblph29eu4+xGcxEtJe0MQ5H03qP2lahGFj8IMzo9F5y1eB0w== =hDv0 -----END PGP SIGNATURE-----