Ah. You probably need to change ldap userdb so that you add
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf
result_success = continue-ok
}
so that the next one is processed.
you can use 'doveadm user
test@onnet.ch' to verify that the attributes are read for this user, and with another username that they are not.
Aki
On 07.08.2018 12:23, Simeon Ott wrote:
… attached the dovecot -n, linked files, debug log lines during a
standard client login
root@buserver:/etc/dovecot/conf.d# doveconf -n
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = syslog
disable_plaintext_auth = no
info_log_path = syslog
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_debug = yes
mail_gid = 5000
mail_location = maildir:~/Maildir
mail_plugins = zlib quota acl
mail_uid = 5000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace {
hidden = no
ignore_on_failure = no
inbox = no
list = children
location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:CONTROL=%h/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = yes
type = shared
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/var/spool/postfix/virtual/shared-mailboxes
quota = maildir:User quota
quota_exceeded_message = 4.2.2 Mailbox full
quota_rule = *:storage=1G
quota_rule2 = INBOX.Trash:storage=+100M
quota_rule3 = INBOX.Spam:ignore
quota_warning = storage=95%% quota-warning 95 %u
sieve = ~/.dovecot.sieve
sieve_before = /var/lib/dovecot/sieve/default.sieve
sieve_dir = ~/sieve
sieve_max_actions = 32
sieve_max_redirects = 4
sieve_max_script_size = 1M
sieve_quota_max_scripts = 0
sieve_quota_max_storage = 0
}
protocols = " imap lmtp sieve pop3"
service auth {
group = dovecot
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-master {
group = vmail
mode = 0666
user = vmail
}
unix_listener auth-userdb {
group = vmail
mode = 0666
user = vmail
}
user = dovecot
}
service lmtp {
unix_listener lmtp {
mode = 0666
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
process_min_avail = 0
service_count = 1
vsz_limit = 64 M
}
ssl = no
userdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
userdb {
args = username_format=%Lu /etc/dovecot/share.passwd
driver = passwd-file
}
protocol lmtp {
mail_plugins = zlib quota acl sieve
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
deliver_log_format = msgid=%m: %$
mail_plugins = zlib quota acl sieve
postmaster_address = postmaster@onnet.ch <mailto:postmaster@onnet.ch>
}
protocol imap {
mail_plugins = zlib quota acl imap_quota imap_acl
}
protocol sieve {
info_log_path = /var/log/sieve.log
log_path = /var/log/sieve.log
mail_max_userip_connections = 10
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 65536
}
root@buserver:/etc/dovecot# cat dovecot-acl
root@buserver:/etc/dovecot#
—> means empty file
root@buserver:/etc/dovecot# cat share.passwd
test@onnet.ch
<mailto:test@onnet.ch>:::::::userdb_acl=vfile:/etc/dovecot/dovecot-acl
userdb_acl_globals_only=yes
root@buserver:/etc/dovecot# sed -e '/^#/d' dovecot-ldap.conf
hosts = localhost
uris = ldap://localhost:389/
debug_level = 10
auth_bind = yes
ldap_version = 3
base = ou=domains,dc=intra,dc=onnet,dc=ch
deref = never
scope = subtree
user_attrs =
homeDirectory=home=/var/spool/postfix/virtual/%$,uidNumber=uid,gidNumber=gid,quota=quota_rule=*:bytes=%$
user_filter = (&(objectClass=CourierMailAccount)(mail=%u))
pass_attrs = mail=user,userPassword=password
pass_filter = (&(objectClass=CourierMailAccount)(mail=%u))
iterate_attrs = mail=user
iterate_filter = (objectClass=CourierMailAccount)
default_pass_scheme = CRYPT
root@buserver:/etc/dovecot# cat /var/log/mail.log | grep "Aug 7 11:17:27"
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: acl vfile: file
/var/spool/postfix/virtual/onnet.ch/test//Maildir/.test
<http://onnet.ch/test//Maildir/.test> folder 1.sub folder 1
1/dovecot-acl not found
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: acl vfile: reading file
/var/spool/postfix/virtual/onnet.ch/test//Maildir/.super/dovecot-acl
<http://onnet.ch/test//Maildir/.super/dovecot-acl>
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: acl vfile: reading file
/var/spool/postfix/virtual/onnet.ch/test//Maildir/.super.hello
<http://onnet.ch/test//Maildir/.super.hello> du/dovecot-acl
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: acl vfile: file
/var/spool/postfix/virtual/onnet.ch/test//Maildir/.test
<http://onnet.ch/test//Maildir/.test> folder 1/dovecot-acl not found
Aug 7 11:17:27 buserver dovecot: auth: Debug: auth client connected
(pid=3203)
Aug 7 11:17:27 buserver dovecot: auth: Debug: client in:
AUTH#0111#011PLAIN#011service=imap#011session=lkbV3NRyyQDAqDgB#011lip=192.168.56.50#011rip=192.168.56.1#011lport=143#011rport=52169#011resp=dGVzdEBvbm5ldC5jaAB0ZXN0QG9ubmV0LmNoAG5vdmVsbDEyMzQ1Ng==
(previous base64 data may contain sensitive data)
Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test@onnet.ch
<mailto:test@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): bind search:
base=ou=domains,dc=intra,dc=onnet,dc=ch
filter=(&(objectClass=CourierMailAccount)(mail=test@onnet.ch
<mailto:mail=test@onnet.ch>))
Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test@onnet.ch
<mailto:test@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result:
mail=test@onnet.ch <mailto:mail=test@onnet.ch>; mail unused
Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test@onnet.ch
<mailto:test@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result:
mail=test@onnet.ch <mailto:mail=test@onnet.ch>
Aug 7 11:17:27 buserver dovecot: auth: Debug: client passdb out:
OK#0111#011user=test@onnet.ch <mailto:OK#0111#011user=test@onnet.ch>
Aug 7 11:17:27 buserver dovecot: auth: Debug: master in:
REQUEST#0113718250497#0113203#0111#011089fd1d9e1a2c66586786422f24c51cd#011session_pid=3206#011request_auth_token
Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test@onnet.ch
<mailto:test@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): user search:
base=ou=domains,dc=intra,dc=onnet,dc=ch scope=subtree
filter=(&(objectClass=CourierMailAccount)(mail=test@onnet.ch
<mailto:mail=test@onnet.ch>))
fields=homeDirectory,uidNumber,gidNumber,quota
Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test@onnet.ch
<mailto:test@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result:
uidNumber=5000 quota=1073741824 gidNumber=5000
homeDirectory=onnet.ch/test/ <http://onnet.ch/test/>;
homeDirectory,uidNumber,quota,gidNumber unused
Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test@onnet.ch
<mailto:test@onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result:
uidNumber=5000 quota=1073741824 gidNumber=5000
homeDirectory=onnet.ch/test/ <http://onnet.ch/test/>
Aug 7 11:17:27 buserver dovecot: auth: Debug: master userdb out:
USER#0113718250497#011test@onnet.ch
<mailto:USER#0113718250497#011test@onnet.ch>#011home=/var/spool/postfix/virtual/onnet.ch/test/#011uid=5000#011gid=5000#011quota_rule=*:bytes=1073741824#011auth_token=913bee7c974e18d4527fc38d90457411e7e61201
<http://onnet.ch/test/#011uid=5000#011gid=5000#011quota_rule=*:bytes=1073741824#011auth_token=913bee7c974e18d4527fc38d90457411e7e61201>
Aug 7 11:17:27 buserver dovecot: imap-login: Login:
user=<test@onnet.ch <mailto:test@onnet.ch>>, method=PLAIN,
rip=192.168.56.1, lip=192.168.56.50, mpid=3206
Aug 7 11:17:27 buserver dovecot: imap: Debug: Loading modules from
directory: /usr/lib/dovecot/modules
Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded:
/usr/lib/dovecot/modules/lib01_acl_plugin.so
Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded:
/usr/lib/dovecot/modules/lib02_imap_acl_plugin.so
Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded:
/usr/lib/dovecot/modules/lib10_quota_plugin.so
Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded:
/usr/lib/dovecot/modules/lib11_imap_quota_plugin.so
Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded:
/usr/lib/dovecot/modules/lib20_zlib_plugin.so
Aug 7 11:17:27 buserver dovecot: imap: Debug: Added userdb setting:
plugin/quota_rule=*:bytes=1073741824
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: Effective uid=5000, gid=5000,
home=/var/spool/postfix/virtual/onnet.ch/test/ <http://onnet.ch/test/>
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: Quota root: name=User quota
backend=maildir args=
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: Quota rule: root=User quota mailbox=*
bytes=1073741824 messages=0
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: Quota rule: root=User quota
mailbox=INBOX.Trash bytes=+104857600 messages=0
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: Quota rule: root=User quota
mailbox=INBOX.Spam ignored
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: Quota warning: bytes=1020054732 (95%)
messages=0 reverse=no command=quota-warning 95 test@onnet.ch
<mailto:test@onnet.ch>
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: Quota grace: root=User quota
bytes=107374182 (10%)
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: Namespace inbox: type=private,
prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes
location=maildir:~/Maildir
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: maildir++:
root=/var/spool/postfix/virtual/onnet.ch/test//Maildir
<http://onnet.ch/test//Maildir>, index=, indexpvt=, control=,
inbox=/var/spool/postfix/virtual/onnet.ch/test//Maildir
<http://onnet.ch/test//Maildir>, alt=
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: acl: initializing backend with data: vfile
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: acl: acl username = test@onnet.ch
<mailto:test@onnet.ch>
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: acl: owner = 1
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: acl vfile: Global ACLs disabled
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: Namespace : type=shared,
prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children,
subscriptions=yes
location=maildir:%h/Maildir:INDEX=/var/spool/postfix/virtual/onnet.ch/test//shared/%u:CONTROL=/var/spool/postfix/virtual/onnet.ch/test//shared/%u
<http://onnet.ch/test//shared/%u:CONTROL=/var/spool/postfix/virtual/onnet.ch/test//shared/%u>
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: shared: root=/var/run/dovecot, index=,
indexpvt=, control=, inbox=, alt=
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: acl: initializing backend with data: vfile
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: acl: acl username = test@onnet.ch
<mailto:test@onnet.ch>
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: acl: owner = 0
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Debug: acl vfile: Global ACLs disabled
Aug 7 11:17:27 buserver dovecot: imap(test@onnet.ch
<mailto:test@onnet.ch>): Disconnected: Logged out in=30 out=457
thanks for looking into this
On 7 Aug 2018, at 10:34, Aki Tuomi <aki.tuomi@dovecot.fi
<mailto:aki.tuomi@dovecot.fi>> wrote:
Can you provide your doveconf -n after adding the database *after* LDAP.
You probably need to add 'noauthenticate' as one parameter after the
userdb ones.
Aki