Hello,
I have postfix+dovecot authenticating via LDAP to Active directory and everything is working fine except that some user names get changed by dovecot.
# cat dovecot/dovecot-ldap.conf hosts = 192.168.50.30 192.168.50.31 base = ou=HST-Users,dc=h-st,dc=com ldap_version = 3 auth_bind = yes dn = cn=<account>,cn=Users,dc=h-st,dc=com dnpass = <password> user_attrs = sAMAccountName=mail=maildir:/home/vmail/%Ud/%Ln,=gid=1000,=uid=1001 user_filter = (&(objectClass=person)(mail=%u)) pass_filter = (&(objectClass=person)(mail=%u))
I am using the value of ³mail² field from active directory as user name. So here are test users: test1: mail=test1@h-st.com test3: mail=test3@housigma20.h-st.com test5: mail=test5@yomama.com
USER TEST1: # telnet localhost pop3 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Dovecot ready. user test1@h-st.com +OK pass houston +OK Logged in.
Logs show: dovecot: auth(default): client in: AUTH 1 PLAIN service=pop3 secured lip=127.0.0.1 rip=127.0.0.1 lport=110 rport=43073 resp=<hidden> dovecot: auth(default): ldap(test1@h-st.com,127.0.0.1): bind search: base=ou=HST-Users,dc=h-st,dc=com filter=(&(objectClass=person)(mail=test1@h-st.com)) dovecot: auth(default): ldap(test1@h-st.com,127.0.0.1): no fields returned by the server dovecot: auth(default): client out: OK 1 user=test1@h-st.com dovecot: auth(default): master in: REQUEST 7 3526 1 dovecot: auth(default): ldap(test1@h-st.com,127.0.0.1): user search: base=ou=HST-Users,dc=h-st,dc=com scope=subtree filter=(&(objectClass=person)(mail=test1@h-st.com)) fields=sAMAccountName dovecot: auth(default): ldap(test1@h-st.com,127.0.0.1): result: sAMAccountName(mail=maildir:/home/vmail/%Ud/%Ln)=maildir:/home/vmail/H-ST.CO M/test1 dovecot: auth(default): master out: USER 7 test1@h-st.com mail=maildir:/home/vmail/H-ST.COM/test1 gid=1000 uid=1001 dovecot: pop3-login: Login: user=test1@h-st.com, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
The directory was created and everything is fine.
USER TEST3: # telnet localhost pop3 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Dovecot ready. user test3@housigma20.h-st.com +OK pass houston -ERR [IN-USE] Internal login failure. Refer to server log for more information. Connection closed by foreign host.
Logs show: dovecot: auth(default): client in: AUTH 1 PLAIN service=pop3 secured lip=127.0.0.1 rip=127.0.0.1 lport=110 rport=34057 resp=<hidden> dovecot: auth(default): ldap(test3@housigma20.h-st.com,127.0.0.1): bind search: base=ou=HST-Users,dc=h-st,dc=com filter=(&(objectClass=person)(mail=test3@housigma20.h-st.com)) dovecot: auth(default): auth(test3@housigma20.h-st.com,127.0.0.1): username changed test3@housigma20.h-st.com -> test3 dovecot: auth(default): ldap(test3,127.0.0.1): result: uid(user)=test3 dovecot: auth(default): client out: OK 1 user=test3 dovecot: auth(default): master in: REQUEST 8 3859 1 dovecot: auth(default): ldap(test3,127.0.0.1): user search: base=ou=HST-Users,dc=h-st,dc=com scope=subtree filter=(&(objectClass=person)(mail=test3)) fields=sAMAccountName dovecot: auth(default): ldap(test3,127.0.0.1): Unknown user dovecot: auth(default): userdb(test3,127.0.0.1): user not found from userdb ldap dovecot: auth(default): master out: NOTFOUND 8 dovecot: pop3-login: Internal login failure (auth failed, 1 attempts): user=<test3>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
It obvously fails because the username was changed to only %u. Why does it get changed...?
Any ideas...?
Thanks..
# dovecot -n # 1.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.16.60-0.21-xenpae i686 SUSE Linux Enterprise Server 10 (i586) protocols: imap imaps pop3 pop3s login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_uid: vmail mail_gid: vmail mail_location: maildir:~/Maildir/ mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): acl mail_plugins(imap): acl mail_plugins(pop3): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: mechanisms: plain login verbose: yes debug: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 432 user: vmail group: vmail