I have been using Samba 4 kerberos and ldap with dovecot. Samba 4 changed a while back (resulting in me asking for help) which requires kerberos auth for ldap lookups. My setup worked perfectly before hand. Before and after were with dovecot-2.0.11 and the after also happens with 2.0.11.
The only changes were (in my ldap.conf for dovecot -- changes are new lines starting with *, * is not in the conf, just showing changes):
hosts = example.org base = dc=example,dc=org ldap_version = 3 user_attrs = userPrincipalName=user user_filter = (&(objectClass=person)(|(mail=%u)(sAMAccountName=%u)(userPrincipalName=%u))) *dn = MACHINEACCOUNT$@EXAMPLE.ORG *sasl_bind = yes *sasl_mech = GSSAPI *sasl_realm = EXAMPLE.ORG *#sasl_authz_id = MACHINEACCOUNT$@EXAMPE.ORG # For using doveadm -A: iterate_attrs = userPrincipalName=user iterate_filter = (objectClass=person)
in dovecot.conf: import_environment = TZ KRB5CCNAME=/etc/dovecot/krb5.cc
With that do any of the following lines from the referenced hg rev set mean I am missing anything on my import_environment variable? Or is it all good?
10.15 +/* <settings checks> */ 10.16 +#ifdef HAVE_SYSTEMD 10.17 +# define ENV_SYSTEMD " LISTEN_PID LISTEN_FDS" 10.18 +#else 10.19 +# define ENV_SYSTEMD "" 10.20 +#endif 10.21 +#ifdef DEBUG 10.22 +# define ENV_GDB " GDB" 10.23 +#else 10.24 +# define ENV_GDB "" 10.25 +#endif 10.26 +/* */ 10.27 + 10.28 static const struct master_settings master_default_settings = { 10.29 .base_dir = PKG_RUNDIR, 10.30 .libexec_dir = PKG_LIBEXECDIR, 10.31 + .import_environment = "TZ" ENV_SYSTEMD ENV_GDB,
If I am not missing anything, then there seems to be a problem with kerberos sasl with ldap lookups.
Thank you, Trever Adams
Reference: http://hg.dovecot.org/dovecot-2.0/rev/cec7fa92ff48 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=697325 (backtrace via abrtd is included here)
"Avert misunderstanding by calm, poise, and balance." -- Unknown