[Dovecot] Static userdb with LDAP passdb but without "allow_all_users=yes"?

Hi,

Is it possible to have a static user database along with an LDAP password database and *not* be forced to set "allow_all_users=yes" for the userdb?

The wiki page on static user database says "Normally static userdb handles this by doing a passdb lookup instead." How should the passdb behave in order for this to work?

In my tests (on a test server) I am using Dovecot 2.0.7 and Postfix 2.7.0 on Ubuntu 10.04.1. I use (or am trying to use) LMTP with Dovecot and Postfix according to the HOWTO in the wiki [1] as well as dynamic address verification with LMTP [2]. Users are virtual, using a static userdb and passwords from LDAP. I also serve local system users which is why I also have userdb and passdb pam, but this isn't the issue here.

Delivering mail to an existing virtual user works fine as far as I can see but when a non-existent user is the recipient Dovecot complains that the passdb doesn't support lookups:

postfix/smtpd[26469]: connect from remote-smtp.example.net[10.0.0.10] postfix/cleanup[26474]: 772A760B25: message- id=20101125172409.772A760B25@mailtest.example.com postfix/qmgr[27672]: 772A760B25: from=, size=276, nrcpt=1 (queue active) dovecot: lmtp(22109): Connect from local dovecot: auth: Error: static(not-a-user@test01.example.com): passdb doesn't support lookups, can't verify user's existence dovecot: lmtp(22109): Error: user not-a-user@test01.example.com: Auth USER lookup failed dovecot: lmtp(22109): Disconnect from local: Client quit postfix/lmtp[26475]: 772A760B25: to=not-a-user@test01.example.com, relay=mailtest.example.com[private/dovecot-lmtp], delay=0.18, delays=0.17/0.01/0/0, dsn=4.3.0, status=undeliverable (host mailtest.example.com[private/dovecot-lmtp] said: 451 4.3.0 Internal error occurred. Refer to server log for more information. (in reply to RCPT TO command)) postfix/qmgr[27672]: 772A760B25: removed postfix/smtpd[26469]: NOQUEUE: reject: RCPT from remote- smtp.example.net[10.0.0.10]: 450 4.1.1 not-a-user@test01.example.com: Recipient address rejected: unverified address: ho st mailtest.example.com[private/dovecot-lmtp] said: 451 4.3.0 Internal error occurred. Refer to server log for more information. (in reply to RCPT TO command); from=andreas.ntaflos@example.net to=not-a-user@test01.example.com proto=ESMTP helo= postfix/smtpd[26469]: disconnect from remote-smtp.example.net[10.0.0.10]

I've uploaded this log file excerpt for your viewing convenience to
https://daff.pseudoterminal.org/misc/dovecot/failed_delivery.log More relevant information (doveconf -n, dovecot-ldap.conf) is found below. I can also provide a log excerpt from a successful delivery to an existing virtual user, if needed.

To summarise: I want to use LMTP, dynamic address verification, a static user database and an LDAP password database. Can it be done without having to rely on the MTA (Postfix) to verify existing users?

Thanks in advance!

Andreas

[1] http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP [2] http://wiki2.dovecot.org/LDA/Postfix

dovecot-ldap.conf: uris = ldap://ldap.example.com:389 tls = yes tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt base = ou=virtualDomains,dc=example,dc=com dn = uid=dovecot,ou=services,dc=example,dc=com dnpass = xxx

pass_attrs=uid=user, userPassword=password pass_filter=(&(objectClass=hostedAccount)(uid=%u)(accountEnabled=TRUE))

iterate_attrs = uid=user iterate_filter = (objectClass=hostedAccount)

doveconf -n: https://daff.pseudoterminal.org/misc/dovecot/doveconf-n.txt

Andreas Ntaflos Vienna, Austria

GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC 7E65 397C E2A8 090C A9B4