[Dovecot] dovecot-auth: sockbuf.c:91: ber_sockbuf_ctrl: Assertion `( (sb)->sb_opts.lbo_valid == 0x3 )' failed.

28 Jan 2008


      2008/1/28, Maciej Paczesny :
...
Hello,
I'm almost sure that all topics and problems mentioned below were
separately posted to this list already. But after spending 4 days on
searching, I did'n find a compilation similar to my case. So maybe
some of you guys, are able to answer to help me solve this:
1. I'd like to use userdb and passdb of Dovetcot to work with Windows AD.
2. I have to use them both because I'd like to use LDA to serve for my Postfix.
3. I DO NOT want tou use any external programs (ie PAM) to talk to AD server.
4. I was able to make my system partially running - I CAN bind to AD
database, and confirm user/password.
5. I want to get follownig attributes: home directory (OK, I could put
it statically), uid/gid (OK, it could be static too) and MAIL QUOTA
(my users have different values - no 'statics').
To help you on this subject, here are my configs/data:
OS =>
Gentoo Linux
uname -a =>
2.6.15-gentoo-r7 #1 SMP PREEMPT Tue Mar 21 18:08:57 CET 2006 i686
Intel(R) Xeon(TM) CPU 2.40GHz GenuineIntel GNU/Linux
dovecot --version =>
1.1.beta14
dovecot -n =>
protocols: imaps
ssl_listen: *:993
ssl_cert_file: /etc/ssl/dovecot/newcert.pem
ssl_key_file: /etc/ssl/dovecot/newkey.pem
ssl_parameters_regenerate: 0
ssl_cipher_list: ALL:!LOW:!SSLv2
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/imap-login
verbose_proctitle: yes
mail_uid: 5000
mail_gid: 5000
mail_location: maildir:~/.Maildir/
mail_debug: yes
mail_executable: /usr/libexec/dovecot/var
mail_plugins: quota imap_quota
auth default:
  mechanisms: login plain
  username_format: %Lu
  verbose: yes
  debug: yes
  debug_passwords: yes
  passdb:
    driver: ldap
    args: /etc/dovecot/dovecot-ldap.conf
  userdb:
    driver: ldap
    args: /etc/dovecot/dovecot-ldap.conf
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 438
      user: postfix
      group: postfix
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
      user: vmail
      group: vmail
plugin:
  quota: maildir:storage=10240000000:ignore=Trash
  sieve: /var/vmail/lpr/%u/.Maildir/.dovecot.sieve
grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf
hosts = 10.10.10.8:3268
uris = ldap://10.10.10.8:3268
dn = lpr\Administrator
dnpass = ***
auth_bind = yes
auth_bind_userdn = lpr\%u
base = dc=lpr,dc=com,dc=pl
ldap_version = 3
user_attrs = uidNumber=uid,gidNumber=gid,postOfficeBox=home,carLicense=quota
user_filter = (&(cn=%u))
pass_attrs = cn=user,userPasword=password
pass_filter = (&(cn=%u))
Windows AD =>
Windows 2003 R2 PL
-----------------------
Logs:
Jan 28 00:37:40 gentoo dovecot: auth(default): client in: AUTH  1
 PLAIN   service=imap    secured lip=10.10.10.2  rip=10.10.10.29
Jan 28 00:37:40 gentoo dovecot: auth(default): client out: CONT 1
Jan 28 00:37:40 gentoo dovecot: auth(default): client in: CONT  1
 AG1wYWN6ZXNueQBOZGYxNjEzODI=
Jan 28 00:37:40 gentoo dovecot: auth(default): client out: OK   1       user=xxx
Jan 28 00:37:40 gentoo dovecot: auth(default): master in: REQUEST
 1       16026   1
Jan 28 00:37:40 gentoo dovecot: auth(default): ldap(xxx,10.10.10.29):
user search: base=dc=lpr,dc=com,dc=pl scope=subtree filter=(&(cn=xxx))
fields=uidNumber,gidNumber,postOfficeBox,carLicense
Jan 28 00:37:40 gentoo dovecot: auth(default): master out: USER 1       xxx
Jan 28 00:37:40 gentoo dovecot: imap-login: Login: user=<xxx>,
method=PLAIN, rip=10.10.10.29, lip=10.10.10.2, TLS
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Loading modules from
directory: /usr/lib/dovecot/imap
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Module loaded:
/usr/lib/dovecot/imap/lib10_quota_plugin.so
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Module loaded:
/usr/lib/dovecot/imap/lib11_imap_quota_plugin.so
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Effective uid=5000, gid=5000, home=
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Quota root:
name=storage=10240000000 backend=maildir args=ignore=Trash
Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): Namespace: type=private,
prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes,
subscriptions=yes
Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): maildir:
data=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir/
Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): maildir++:
root=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir, index=,
control=, inbox=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir
Jan 28 00:37:41 gentoo dovecot: IMAP(xxx):
mkdir(/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir/cur)
failed: Permission denied
the second case is that i receive following errors in log file:
Jan 28 00:47:31 gentoo dovecot: auth(default): client in: AUTH  1
 PLAIN   service=imap    secured lip=10.10.10.2  rip=10.10.10.29
Jan 28 00:47:31 gentoo dovecot: auth(default): client out: CONT 1
Jan 28 00:47:31 gentoo dovecot: auth(default): client in: CONT  1
 AG1wYCN6ZXNuew9OZGYxxAEzODIe=
Jan 28 00:47:31 gentoo dovecot: auth(default): client out: OK   1       user=xxx
Jan 28 00:47:31 gentoo dovecot: auth(default): master in: REQUEST
 1       16170   1
Jan 28 00:47:31 gentoo dovecot: auth(default):
prefetch(xxx,10.10.10.29): passdb didn't return userdb entries
Jan 28 00:47:31 gentoo dovecot: auth(default):
userdb(xxx,10.10.10.29): user not found from userdb
Jan 28 00:47:31 gentoo dovecot: auth(default): master out: NOTFOUND     1
when i use prefetch driver and with change like this one below to
ldap.conf file:
pass_attrs = uid=user, userPassword=password,
postOfficeBox=userdb_home, uidNumber=userdb_uid, gidNumber=userdb_gid,
carLicense=userdb_quota
(and, yes, i know about the home directory path. it is easy to make it
real and working (change mail_location) - it is not a problem.)
the case and question is: how can i get a QUOTA (in my case -
carLicense) attribute from AD/LDAP? is it shown somewhere? how can it
be verified? the value "storage=10240000000 " is a static one written
in config and the same for all users.
is there any kind of manual on how to make AD and Dovecot running and
returning uid, gid, home, quota etc attributes without PAM?
ok, I did manage to step ahead a bit.
using passdb and userdb gives me some progress - sniffit gives me the
proof that i'm receiving proper data from AD LDAP. but there is
another problem:

Jan 28 13:11:13 gentoo dovecot: imap-login: file
client-authenticate.c: line 200 (sasl_callback): assertion failed:
(!client->destroyed || reply == SASL_SERVER_REPLY_CLIENT_ERROR ||
reply == SASL_SERVER_REPLY_MASTER_FAILED)
[...]
Jan 28 13:36:50 gentoo dovecot: auth(default): dovecot-auth:
sockbuf.c:91: ber_sockbuf_ctrl: Assertion `( (sb)->sb_opts.lbo_valid
== 0x3 )' failed.

it seems that Dovecot cannot insert received data into the environment
variables (???)


-- 
Maciej Paczesny
maciunio2@gmail.com
***Gdyby nie wymyślono elektryczności,
siedziałbym przed kompem przy świeczkach***