On 28.09.2018 00:08, Florian Pritz wrote:
On Wed, Sep 26, 2018 at 09:34:07AM +0300, Aki Tuomi aki.tuomi@open-xchange.com wrote:
# before current passbd passdb { driver = passwd-file args = username_format=%Lu /etc/dovecot/aliases }
# into /etc/dovecot/aliases alias@user:::::::user=real_username noauthenticate
This hopefully works. This seems to work fine and I had the idea of doing something similar for the userdb, but there it appears that the user name change doesn't happen.
auth_debug=yes userdb { driver = passwd-file args = username_format=%Lu /etc/dovecot/aliases result_success = continue-ok } userdb { driver = passwd-file args = username_format=%u /etc/passwd } When I perform a lookup with
doveadm user 'test@xinu.at'
I get many empty fields since the alias file doesn't have them set. I expected that they would be fetched from the next userdb (/etc/passwd), but that doesn't seem to happen. I get this in the log:dovecot[10118]: auth: Debug: master in: USER 1 test@xinu.at service=doveadm debug dovecot[10118]: auth: Debug: passwd-file(test@xinu.at): lookup: user=test@xinu.at file=/etc/dovecot/aliases dovecot[10118]: auth: Debug: passwd-file(test@xinu.at): lookup: user=test@xinu.at file=/etc/passwd dovecot[10118]: auth: passwd-file(test@xinu.at): unknown user dovecot[10118]: auth: Debug: userdb out: USER 1 test@xinu.at So it looks like the user name change doesn't get applied with userdb, while it works as expected with passdb. Is this expected or is this a bug?
Just for comparison, the passdb config is this:
passdb { driver = passwd-file args = username_format=%Lu /etc/dovecot/aliases } passdb { driver = pam } And when logging in with
doveadm auth test test@xinu.at
the log looks like this:dovecot[10118]: auth: Debug: auth client connected (pid=0) dovecot[10118]: auth: Debug: client in: AUTH 1 PLAIN service=doveadm debug resp=<hidden> dovecot[10118]: auth: Debug: passwd-file(test@xinu.at): lookup: user=test@xinu.at file=/etc/dovecot/aliases dovecot[10118]: auth: Debug: passwd-file(test@xinu.at): username changed test@xinu.at -> flo dovecot[10118]: auth: Debug: passwd-file(flo): Allowing any password dovecot[10118]: auth: Debug: passwd-file(flo): Not performing authentication (noauthenticate set) dovecot[10118]: auth-worker(10356): Debug: pam(flo): lookup service=dovecot dovecot[10118]: auth-worker(10356): Debug: pam(flo): #1/1 style=1 msg=Password: dovecot[10118]: auth: Debug: client passdb out: OK 1 user=flo original_user=test@xinu.at Florian
Full config:
# 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.2 (7704de5e) # OS: Linux 4.18.5-arch1-1-ARCH x86_64 Arch Linux # Hostname: calima auth_debug = yes mail_location = mdbox:~/.mdbox mail_plugins = zlib managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext mmap_disable = yes namespace { hidden = no inbox = yes location = prefix = INBOX. separator = . type = private } passdb { args = username_format=%Lu /etc/dovecot/aliases driver = passwd-file } passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = count:User quota quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_vsizes = yes sieve = ~/.dovecot.sieve sieve_dir = ~/.sieve sieve_global_dir = /etc/dovecot/sieve/global/ sieve_global_path = /etc/dovecot/sieve/default.sieve } protocols = imap lmtp service auth { user = root } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } } ssl_cert =
Username change should've occured in userdb too, although with passwd_file you probably need to return it as userdb_user.
Aki