Ah. You probably need to change ldap userdb so that you add
userdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf result_success = continue-ok }
so that the next one is processed.
you can use 'doveadm user test@onnet.ch' to verify that the attributes are read for this user, and with another username that they are not.
Aki
On 07.08.2018 12:23, Simeon Ott wrote:
… attached the dovecot -n, linked files, debug log lines during a standard client login
root@buserver:/etc/dovecot/conf.d# doveconf -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = syslog disable_plaintext_auth = no info_log_path = syslog lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_gid = 5000 mail_location = maildir:~/Maildir mail_plugins = zlib quota acl mail_uid = 5000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { hidden = no ignore_on_failure = no inbox = no list = children location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:CONTROL=%h/shared/%%u prefix = shared/%%u/ separator = / subscriptions = yes type = shared } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { acl = vfile acl_shared_dict = file:/var/spool/postfix/virtual/shared-mailboxes quota = maildir:User quota quota_exceeded_message = 4.2.2 Mailbox full quota_rule = *:storage=1G quota_rule2 = INBOX.Trash:storage=+100M quota_rule3 = INBOX.Spam:ignore quota_warning = storage=95%% quota-warning 95 %u sieve = ~/.dovecot.sieve sieve_before = /var/lib/dovecot/sieve/default.sieve sieve_dir = ~/sieve sieve_max_actions = 32 sieve_max_redirects = 4 sieve_max_script_size = 1M sieve_quota_max_scripts = 0 sieve_quota_max_storage = 0 } protocols = " imap lmtp sieve pop3" service auth { group = dovecot unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } user = dovecot } service lmtp { unix_listener lmtp { mode = 0666 } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } process_min_avail = 0 service_count = 1 vsz_limit = 64 M } ssl = no userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } userdb { args = username_format=%Lu /etc/dovecot/share.passwd driver = passwd-file } protocol lmtp { mail_plugins = zlib quota acl sieve } protocol lda { auth_socket_path = /var/run/dovecot/auth-master deliver_log_format = msgid=%m: %$ mail_plugins = zlib quota acl sieve postmaster_address = postmaster@onnet.ch <mailto:postmaster@onnet.ch> } protocol imap { mail_plugins = zlib quota acl imap_quota imap_acl } protocol sieve { info_log_path = /var/log/sieve.log log_path = /var/log/sieve.log mail_max_userip_connections = 10 managesieve_implementation_string = Dovecot Pigeonhole managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 }
root@buserver:/etc/dovecot# cat dovecot-acl root@buserver:/etc/dovecot#
—> means empty file
root@buserver:/etc/dovecot# cat share.passwd test@onnet.ch <mailto:test@onnet.ch>:::::::userdb_acl=vfile:/etc/dovecot/dovecot-acl userdb_acl_globals_only=yes
root@buserver:/etc/dovecot# sed -e '/^#/d' dovecot-ldap.conf hosts = localhost uris = ldap://localhost:389/ debug_level = 10 auth_bind = yes ldap_version = 3 base = ou=domains,dc=intra,dc=onnet,dc=ch deref = never scope = subtree user_attrs = homeDirectory=home=/var/spool/postfix/virtual/%$,uidNumber=uid,gidNumber=gid,quota=quota_rule=*:bytes=%$ user_filter = (&(objectClass=CourierMailAccount)(mail=%u)) pass_attrs = mail=user,userPassword=password pass_filter = (&(objectClass=CourierMailAccount)(mail=%u)) iterate_attrs = mail=user iterate_filter = (objectClass=CourierMailAccount) default_pass_scheme = CRYPT
root@buserver:/etc/dovecot# cat /var/log/mail.log | grep "Aug 7 11:17:27" Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: acl vfile: file /var/spool/postfix/virtual/onnet.ch/test//Maildir/.test <http://onnet.ch/test//Maildir/.test> folder 1.sub folder 1 1/dovecot-acl not found Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: acl vfile: reading file /var/spool/postfix/virtual/onnet.ch/test//Maildir/.super/dovecot-acl <http://onnet.ch/test//Maildir/.super/dovecot-acl> Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: acl vfile: reading file /var/spool/postfix/virtual/onnet.ch/test//Maildir/.super.hello <http://onnet.ch/test//Maildir/.super.hello> du/dovecot-acl Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: acl vfile: file /var/spool/postfix/virtual/onnet.ch/test//Maildir/.test <http://onnet.ch/test//Maildir/.test> folder 1/dovecot-acl not found Aug 7 11:17:27 buserver dovecot: auth: Debug: auth client connected (pid=3203) Aug 7 11:17:27 buserver dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011session=lkbV3NRyyQDAqDgB#011lip=192.168.56.50#011rip=192.168.56.1#011lport=143#011rport=52169#011resp=dGVzdEBvbm5ldC5jaAB0ZXN0QG9ubmV0LmNoAG5vdmVsbDEyMzQ1Ng== (previous base64 data may contain sensitive data) Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test@onnet.ch <mailto:test@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): bind search: base=ou=domains,dc=intra,dc=onnet,dc=ch filter=(&(objectClass=CourierMailAccount)(mail=test@onnet.ch <mailto:mail=test@onnet.ch>)) Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test@onnet.ch <mailto:test@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result: mail=test@onnet.ch <mailto:mail=test@onnet.ch>; mail unused Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test@onnet.ch <mailto:test@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result: mail=test@onnet.ch <mailto:mail=test@onnet.ch> Aug 7 11:17:27 buserver dovecot: auth: Debug: client passdb out: OK#0111#011user=test@onnet.ch <mailto:OK#0111#011user=test@onnet.ch> Aug 7 11:17:27 buserver dovecot: auth: Debug: master in: REQUEST#0113718250497#0113203#0111#011089fd1d9e1a2c66586786422f24c51cd#011session_pid=3206#011request_auth_token Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test@onnet.ch <mailto:test@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): user search: base=ou=domains,dc=intra,dc=onnet,dc=ch scope=subtree filter=(&(objectClass=CourierMailAccount)(mail=test@onnet.ch <mailto:mail=test@onnet.ch>)) fields=homeDirectory,uidNumber,gidNumber,quota Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test@onnet.ch <mailto:test@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result: uidNumber=5000 quota=1073741824 gidNumber=5000 homeDirectory=onnet.ch/test/ <http://onnet.ch/test/>; homeDirectory,uidNumber,quota,gidNumber unused Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test@onnet.ch <mailto:test@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result: uidNumber=5000 quota=1073741824 gidNumber=5000 homeDirectory=onnet.ch/test/ <http://onnet.ch/test/> Aug 7 11:17:27 buserver dovecot: auth: Debug: master userdb out: USER#0113718250497#011test@onnet.ch <mailto:USER#0113718250497#011test@onnet.ch>#011home=/var/spool/postfix/virtual/onnet.ch/test/#011uid=5000#011gid=5000#011quota_rule=*:bytes=1073741824#011auth_token=913bee7c974e18d4527fc38d90457411e7e61201 <http://onnet.ch/test/#011uid=5000#011gid=5000#011quota_rule=*:bytes=1073741824#011auth_token=913bee7c974e18d4527fc38d90457411e7e61201> Aug 7 11:17:27 buserver dovecot: imap-login: Login: user=<test@onnet.ch <mailto:test@onnet.ch>>, method=PLAIN, rip=192.168.56.1, lip=192.168.56.50, mpid=3206 Aug 7 11:17:27 buserver dovecot: imap: Debug: Loading modules from directory: /usr/lib/dovecot/modules Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib02_imap_acl_plugin.so Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib11_imap_quota_plugin.so Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded: /usr/lib/dovecot/modules/lib20_zlib_plugin.so Aug 7 11:17:27 buserver dovecot: imap: Debug: Added userdb setting: plugin/quota_rule=*:bytes=1073741824 Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: Effective uid=5000, gid=5000, home=/var/spool/postfix/virtual/onnet.ch/test/ <http://onnet.ch/test/> Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: Quota root: name=User quota backend=maildir args= Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: Quota rule: root=User quota mailbox=* bytes=1073741824 messages=0 Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: Quota rule: root=User quota mailbox=INBOX.Trash bytes=+104857600 messages=0 Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: Quota rule: root=User quota mailbox=INBOX.Spam ignored Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: Quota warning: bytes=1020054732 (95%) messages=0 reverse=no command=quota-warning 95 test@onnet.ch <mailto:test@onnet.ch> Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: Quota grace: root=User quota bytes=107374182 (10%) Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: maildir++: root=/var/spool/postfix/virtual/onnet.ch/test//Maildir <http://onnet.ch/test//Maildir>, index=, indexpvt=, control=, inbox=/var/spool/postfix/virtual/onnet.ch/test//Maildir <http://onnet.ch/test//Maildir>, alt= Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: acl: initializing backend with data: vfile Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: acl: acl username = test@onnet.ch <mailto:test@onnet.ch> Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: acl: owner = 1 Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: acl vfile: Global ACLs disabled Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=yes location=maildir:%h/Maildir:INDEX=/var/spool/postfix/virtual/onnet.ch/test//shared/%u:CONTROL=/var/spool/postfix/virtual/onnet.ch/test//shared/%u <http://onnet.ch/test//shared/%u:CONTROL=/var/spool/postfix/virtual/onnet.ch/test//shared/%u> Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: shared: root=/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: acl: initializing backend with data: vfile Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: acl: acl username = test@onnet.ch <mailto:test@onnet.ch> Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: acl: owner = 0 Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Debug: acl vfile: Global ACLs disabled Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch <mailto:test@onnet.ch>): Disconnected: Logged out in=30 out=457
thanks for looking into this
On 7 Aug 2018, at 10:34, Aki Tuomi <aki.tuomi@dovecot.fi <mailto:aki.tuomi@dovecot.fi>> wrote:
Can you provide your doveconf -n after adding the database *after* LDAP.
You probably need to add 'noauthenticate' as one parameter after the userdb ones.
Aki