protocol lmtp {
    userdb {
       driver = sql
       args = /path/to/dovecot-sql.conf.ext
    }
}



---
Aki Tuomi
Dovecot oy

-------- Original message --------
From: Andras Kemeny <pdx@pdx.hu>
Date: 02/08/2018 01:35 (GMT+02:00)
To: dovecot@dovecot.org
Subject: LMTP error, mysterious

hi (especially to you, Aki),

so to solve the previous UID issue, i went the full LMTP route. however,
i seem to be having problems with the prefetch userdb (i'm trying to
minimize load on the LDAP server). namely, the log says:

Aug  2 00:15:35 rhyno postfix/submission/smtpd[21158]: 5EEF35C05C5:
client=localhost[127.0.0.1], sasl_method=login, sasl_username=aik
Aug  2 00:15:40 rhyno postfix/cleanup[22201]: 5EEF35C05C5:
message-id=<20180801221535.5EEF35C05C5@beach.rhyno.tech>
Aug  2 00:15:40 rhyno postfix/qmgr[17437]: 5EEF35C05C5:
from=<pdx@pdx.hu>, size=295, nrcpt=1 (queue active)
Aug  2 00:15:40 rhyno dovecot: lmtp(20321): Connect from local
Aug  2 00:15:40 rhyno dovecot: auth: Error: prefetch(aik@rhyno.tech):
userdb lookup not possible with only userdb prefetch
Aug  2 00:15:40 rhyno dovecot: lmtp(aik@rhyno.tech): Error: user
aik@rhyno.tech: Auth USER lookup failed
Aug  2 00:15:41 rhyno postfix/lmtp[22211]: 5EEF35C05C5:
to=<aik@rhyno.tech>, relay=beach.rhyno.tech[private/dovecot-lmtp],
delay=13, delays=13/0.01/0/0.03, dsn=4.3.0, status=deferred (host
beach.rhyno.tech[private/dovecot-lmtp] said: 451 4.3.0 <aik@rhyno.tech>
Internal error occurred. Refer to server log for more information. (in
reply to RCPT TO command))
Aug  2 00:15:41 rhyno dovecot: lmtp(20321): Disconnect from local:
Successful quit
Aug  2 00:15:42 rhyno postfix/submission/smtpd[21158]: disconnect from
localhost[127.0.0.1] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6

(the above is a transcript of a full session i've done over telneting to
localhost 587 and auth login-ing with valid credentials)

so, i've tested the actual login process, and it works flawlessly, and
it looks like IMAP is up and running:

Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
0 login aik@rhyno.tech ofCourseThisIsN0TtheRealPassword
0 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS
THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH
ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE
SPECIAL-USE] Logged in
1 list "" "%"
* LIST (\HasNoChildren \Sent) "." Sent
* LIST (\HasNoChildren \Trash) "." Trash
* LIST (\HasNoChildren) "." INBOX
1 OK List completed (0.000 + 0.000 secs).
2 status INBOX (MESSAGES)
* STATUS INBOX (MESSAGES 2)
2 OK Status completed (0.000 + 0.000 secs).

this is how i send the test mails:

Connected to localhost.
Escape character is '^]'.
220 beach.rhyno.tech mail server
ehlo x
250-beach.rhyno.tech
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
auth login
334 VXNlcm5hbWU6
***obviously_masked***
334 UGFzc3dvcmQ6
***obviously_masked***
235 2.7.0 Authentication successful
mail from:<pdx@pdx.hu>
250 2.1.0 Ok
rcpt to:<aik@rhyno.tech>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
test
.
250 2.0.0 Ok: queued as 5EEF35C05C5
quit
221 2.0.0 Bye
Connection closed by foreign host.

my concern is these two:

Aug  2 00:15:40 rhyno dovecot: auth: Error: prefetch(aik@rhyno.tech):
userdb lookup not possible with only userdb prefetch
Aug  2 00:15:40 rhyno dovecot: lmtp(aik@rhyno.tech): Error: user
aik@rhyno.tech: Auth USER lookup failed

10-auth.conf has these settings:

passdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
  driver = prefetch
}

dovecot-ldap.conf.ext has these settings (only the relevant ones)

dn = ***whatever, it works***
dnpass = ***whatever, it works***
auth_bind = no
base = dc=rhyno,dc=tech
pass_attrs = \
  =user=%{ldap:uid}, \
  =password=%{ldap:userPassword}, \
  =userdb_home=%{ldap:homeDirectory}, \
  =userdb_uid=%{ldap:uidNumber}, \
  =userdb_gid=%{ldap:gidNumber}
pass_filter =
(&(objectclass=postfixUser)(mailacceptinggeneralid=%n)(mailacceptinggeneralid=@%d))

so what am i missing? also, this format of setting variables
(=<output_field>=%{<whatever_special_result_field>}) is never explained
on the wiki (or am i just blind?)

thanks in advance,
a