I have pretty much everything working fine.
I have run into one issue with the filters that I am unsure where this a filter is being set.
Dovecot 2.2.32 (dfbe293d4)
I have setup dovecot-ldap.conf.ext to control my LDAP query's
My current layout used filters based on looking at the posixAccount attributes
user_filter = (&(objectClass=posixAccount)(uid=%u))
If I connect to a a ldap account that has no posixAccount attributes set I was getting a failure in the logs
Nov 02 14:15:48 mail2 dovecot[28715]: auth: Debug: ldap(sales,192.168.123.39,<fd5mpwVddrvAqHsn>): user search: base=ou=People,dc=userful,dc=ca scope=subtree filter=(&(objectClass=posixAccount)(uid=sales)) fields=mail,user_filter Nov 02 14:15:48 mail2 dovecot[28715]: auth: Debug: ldap(sales,192.168.123.39,<fd5mpwVddrvAqHsn>): no fields returned by the server Nov 02 14:15:48 mail2 dovecot[28715]: auth: ldap(sales,192.168.123.39,<fd5mpwVddrvAqHsn>): unknown user Nov 02 14:15:48 mail2 dovecot[28715]: auth: Error: ldap(sales,192.168.123.39,<fd5mpwVddrvAqHsn>): user not found from userdb
I changed the filters thinking I needed to look at the attributes seen by one of these accounts, I used the apache studio to find out what was visible.
From that I saw inetOrgPerson could be used. So I changed the filters.
user_filter = (&(objectClass=inetOrgPerson)(uid=%u)) pass_filter = (&(objectClass=inetOrgPerson)(uid=%n)) iterate_filter = (objectClass=inetOrgPerson)
Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=Y0GBzgVdlorAqHsn lip=192.168.123.236 Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales@userful.com,192.168.123.39,<Y0GBzgVdlorAqHsn>): bind search: base=ou=People,dc=userful,dc=ca filter=(&(objectClass=inetOrgPerson)(uid=sales)) Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales@userful.com,192.168.123.39,<Y0GBzgVdlorAqHsn>): result: uid=sales; uid unused Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales@userful.com,192.168.123.39,<Y0GBzgVdlorAqHsn>): username changed sales@userful.com -> sales Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): result: uid=sales Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: ldap(sales@userful.com,192.168.123.39,<Y0GBzgVdlorAqHsn>): username changed sales@userful.com -> sales Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: client passdb out: OK 1 user=sales original_user=sales@userful.com
so far so good but then I get
Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: master in: REQUEST 3851550721 29049 1 519189df600c24c010b57158ac01c867 session_pid=29073 request_auth_token Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): user search: base=ou=People,dc=userful,dc=ca scope=subtree filter=(&(objectClass=posixAccount)(uid=sales)) fields=mail,user_filter Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): no fields returned by the server Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): unknown user Nov 02 14:26:44 mail2 dovecot[29047]: auth: Error: ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): user not found from userdb
The question then is where did it get filter=(&(objectClass=posixAccount) from since I changed the filters to inetOrgPerson
I grep the dovecot settings directory and all My filters are in the one file. The file that hold the ldap settings
-- William Merkens IT Support Analyst Userful Corporation +1 403.289.2177 ext.289 +1 866 USERFUL (1-866-873-7385) Suite 300, 736 8th Ave. SW Calgary AB T2P 1H4
Managed Desktops Done Right. http://www.userful.com