-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello,
I had a problem in my test configuration, therefore I want to suggest to improvements for logging:
- mail_log - add mailbox of operation
dovecot: Mar 07 09:35:16 Info: IMAP(dvtest) [16829]: expunged: uid=886, msgid=xxxxxxxxxxxxxx.xxxxxxxxxxx@xxxxxxxx.xx-xxxx-xxxxx-xxxx.xx dovecot: Mar 07 09:35:16 Info: IMAP(dvtest) [16829]: expunged: uid=887, msgid=xxxxxxxxxxxx.xxxxx.xxxxxxxxx.xxxxxxxx@xx-xxxx-xxxxx-xxxx.xx
Please add, from which folder the mail is deleted/expunged, because uid is no unique throughout the mail storage and I do not find no tracking in which mailbox the operation happens.
- Login - add which passdb / userdb the data was gathered from
dovecot: Mar 07 09:34:03 Info: auth(default): ldap(dvtest,10.20.10.63): bind search: base=dc=fh-bonn-rhein-sieg,dc=de filter=(&(objectClass=fhMailAlias)(uid=dvtest)) dovecot: Mar 07 09:34:03 Info: auth(default): ldap(dvtest,10.20.10.63): result: uidNumber(userdb_uid)=1012 gidNumber(userdb_gid)=102 homeDirectory(userdb_home)=/home/dvtest uid(userdb_user)=dvtest mailLocationDovecot(userdb_mail)=maildir:/home/dvtestMAIL/MailDir:INDEX=/var/cache/dovecot/1012/index:CONTROL=/var/cache/dovecot/1012/index/control dovecot: Mar 07 09:34:03 Info: auth(default): ldap(dvtest,10.20.10.63): bind: dn=uid=dvtest,ou=staff,dc=fb02,dc=fh-bonn-rhein-sieg,dc=de dovecot: Mar 07 09:34:03 Info: auth(default): ldap(dvtest,10.20.10.63): invalid credentials dovecot: Mar 07 09:34:03 Info: auth(default): client out: OK 1 user=dvtest dovecot: Mar 07 09:34:03 Info: auth(default): master in: REQUEST 1 16810 1 dovecot: Mar 07 09:34:03 Info: auth(default): prefetch(dvtest,10.20.10.63): passdb didn't return userdb entries dovecot: Mar 07 09:34:03 Info: auth(default): ldap(dvtest,10.20.10.63): user search: base=dc=fh-bonn-rhein-sieg,dc=de scope=subtree filter=(&(objectClass=fhMailAlias)(uid=dvtest)) fields=homeDirectory,uidNumber,gidNumber,mailLocationDovecot,uid dovecot: Mar 07 09:34:03 Info: auth(default): master out: USER 1 dvtest uid=1012 gid=102 home=/home/dvtest user=dvtest mail=maildir:/home/dvtestMAIL/MailDir:INDEX=/var/cache/dovecot/1012/index:CONTROL=/var/cache/dovecot/1012/index/control dovecot: Mar 07 09:34:03 Info: pop3-login: Login: 16810:, user=<dvtest>, method=PLAIN, rip=10.20.10.63, lip=10.20.10.166
First I didn't realized any problem at all ;) and assumed LDAP bind working.
Dovecot successfully reads the LDAP attributes for the user dvtest, however, the LDAP bind fails with "invalid credentials", yet, dvtest was allowed to login.
The reason is simple: When I was testing the LDAP bind stuff, I "commented out" the user dvtest in /etc/passwd, but not in "/etc/shadow" and intentionally used another password in LDAP. Dovecot is configured to consult userdb/passdb ldap, first, then pam. In my case, the LDAP bind failed, so Dovecot fall back to pam - just as configured.
I would like suggest to log wich passdb / userdb Dovecot gathered the information from, because, at first, I interpreted the log file as if Dovecot allows an user to login, who is not authentificated.
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRe6N+y9SORjhbDpvAQJITQf6AmueszP73MBoG5mPRzB0mEzKC9jmY+gb eepPjBZp7yqXnACt7hOjcI0ckLZpgmQd4TbwVmO1otJaaQa/UZvgy1pV7gXeMTVs RZnAT7qiT7j+RB54yg1nT65/W9VmP3ymp41pi+qlWfC3qaVwsFk9hgarQC1FzF/w tD92cT8vvLPzXXf22xO6bmeTW4xg6fsUWbC7BiL461qJTMXjHGZdMwU7jPbTrI3c iYAel2jKAMaspgTpz/sEg3Yjka2tafinItnah8Q9HIQGixzUlV750NULx/jR8Cop 1ufFZSigkVRY25XpxESgCAaKQg3LsB7rnZOVyG/hA3KDmyh2+nu9Yw== =WUyX -----END PGP SIGNATURE-----