On Friday 26 November 2010 17:30:55 Timo Sirainen wrote:
On Thu, 2010-11-25 at 19:31 +0100, Andreas Ntaflos wrote:
Is it possible to have a static user database along with an LDAP password database and *not* be forced to set "allow_all_users=yes" for the userdb?
Yes.
dovecot: auth: Error: static(not-a-user@test01.example.com): passdb doesn't support lookups, can't verify user's existence
Set auth_debug=yes and see what it logs. passdb ldap should support it, as long as you don't set auth_bind=yes. I just verified that it works:
Thanks for the hint! I always forget how useful mail_debug and auth_debug can be. It turns out that the problem was indeed that I had passwd and pam as additional user and password databases. The order in which they are declared in dovecot.conf matters of course and when the PAM passdb is the last entry the problem appears.
The workaround is obviously to not set PAM as the last entry. But this also means that any user from the LDAP/static user database that tries to log in has to go through PAM first and fail. On a busy server with lots of LDAP/static users and few system users this would waste quite a few resources and clutter up /var/log/auth.log pretty badly.
Is there a way around that?
Andreas