Thanks Timo for your reply.
It now works fine with Passdb LDAP with password lookups. Users can now login with no problem.
However, when trying to do LDAP authentication with Authentication binds, I received the following errors from mail.log
Sep 1 15:34:22 server1 dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=34719#011resp=AG1pa2VfbGVlAGRsaWUzMjA1
Sep 1 15:34:22 server1 dovecot: auth-worker(default): pam(mike_lee,127.0.0.1): lookup service=dovecot
Sep 1 15:34:22 server1 dovecot: auth-worker(default): pam(mike_lee,127.0.0.1): #1/1 style=1 msg=Password:
Sep 1 15:34:22 server1 dovecot: auth(default): new auth connection: pid=1947
Sep 1 15:34:24 server1 dovecot: auth-worker(default): pam(mike_lee,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: secrets)
Sep 1 15:34:24 server1 dovecot: auth(default): passwd(mike_lee,127.0.0.1): lookup
Sep 1 15:34:24 server1 dovecot: auth(default): passwd(mike_lee,127.0.0.1): unknown user
Sep 1 15:34:24 server1 dovecot: auth(default): ldap(mike_lee,127.0.0.1): invalid credentials (given password: secrets)
Sep 1 15:34:26 server1 dovecot: auth(default): client out: FAIL#0111#011user=mike_lee
Sep 1 15:34:31 server1 dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=
I do not understand why I am getting pam() authentication issue when I deliberately chose not to use it.
The following is the setting I have in dovecot-ldap.conf
hosts = localhost #uris = dn = uid=dovecot,ou=accounts,dc=companyexample,dc=com,dc=au dnpass = helloworld
#sasl_bind = no #sasl_mech = #sasl_realm = #sasl_authz_id =
#tls = no #tls_ca_cert_file = #tls_ca_cert_dir = #tls_cert_file = #tls_key_file = #tls_cipher_suite = #tls_require_cert = #ldaprc_path = #debug_level = 0
auth_bind = yes
auth_bind_userdn = cn=%u,ou=accounts,dc=companyexample,dc=com,dc=au
ldap_version = 3
base = ou=accounts,dc=companyexample,dc=com,dc=au
deref = never scope = subtree
user_attrs = homeDirectory=home user_filter = (&(objectClass=posixAccount)(uid=%u))
#pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u))
default_pass_scheme = PLAIN
This is what I have in dovecot.conf
base_dir = /var/run/dovecot protocols = imap
protocol imap { listen = *:143 } # protocol pop3 { # listen = *:10100 # .. # } # protocol managesieve { # listen = *:12000 # .. # } #listen = *
disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S "
#ssl_listen = ssl = no #ssl_cert_file = /etc/ssl/certs/dovecot.pem #ssl_key_file = /etc/ssl/private/dovecot.pem #ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem #ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key #ssl_key_password = #ssl_ca_file = #ssl_verify_client_cert = no #ssl_cert_username_field = commonName #ssl_parameters_regenerate = 168 #ssl_cipher_list = ALL:!LOW:!SSLv2 #verbose_ssl = no
login_dir = /var/run/dovecot/login login_chroot = yes login_user = dovecot #login_process_size = 64 #login_process_per_connection = yes #login_processes_count = 3 #login_max_processes_count = 128 #login_max_connections = 256 #login_greeting = Dovecot ready. #login_trusted_networks = #login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c #login_log_format = %$: %s
mail_location = maildir:/home/%u/Maildir
mail_uid = 3000 mail_gid = 8
mail_privileged_group = mail #mail_access_groups = #mail_full_filesystem_access = no
#mail_debug = no #mail_log_max_lines_per_sec = 10 #mmap_disable = no #dotlock_use_excl = yes #fsync_disable = no #mail_nfs_index = no #lock_method = fcntl #mail_drop_priv_before_exec = no
verbose_proctitle = yes
first_valid_uid = 3000 last_valid_uid = 3000
first_valid_gid = 8 last_valid_gid = 8
#max_mail_processes = 512 #mail_process_size = 256 #mail_max_keyword_length = 50 #valid_chroot_dirs = #mail_chroot = #mail_cache_min_mail_count = 0
#mailbox_idle_check_interval = 30 mail_save_crlf = no
#maildir_stat_dirs = no maildir_copy_with_hardlinks = yes
#maildir_copy_preserve_filename = no #maildir_very_dirty_syncs = no
protocol imap { #login_executable = /usr/lib/dovecot/imap-login #mail_executable = /usr/lib/dovecot/imap #imap_max_line_length = 65536 #mail_max_userip_connections = 10 #mail_plugin_dir = /usr/lib/dovecot/modules/imap #imap_logout_format = bytes=%i/%o #imap_capability = #imap_idle_notify_interval = 120 #imap_id_send = #imap_id_log =
imap_client_workarounds = outlook-idle delay-newmail netscape-eoh tb-extra-mailbox-sep oe6-fetch-no-newmail }
protocol pop3 { pop3_uidl_format = %08Xu%08Xv }
protocol managesieve { }
#auth_executable = /usr/lib/dovecot/dovecot-auth #auth_process_size = 256 #auth_cache_size = 0 #auth_cache_ttl = 3600 #auth_cache_negative_ttl = 3600 #auth_realms = #auth_default_realm = #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ #auth_username_translation = #auth_username_format = #auth_master_user_separator =
#auth_anonymous_username = anonymous auth_verbose = yes auth_debug = yes auth_debug_passwords = yes #auth_worker_max_count = 30 #auth_gssapi_hostname = #auth_krb5_keytab = #auth_use_winbind = no #auth_winbind_helper_path = /usr/bin/ntlm_auth #auth_failure_delay = 2
auth default { mechanisms = plain
passdb pam { }
passdb passwd { }
passdb ldap { args = /etc/dovecot/dovecot-ldap.conf }
userdb passwd { args = /etc/dovecot/dovecot-ldap-userdb.conf }
userdb ldap { args = /etc/dovecot/dovecot-ldap.conf }
user = root #user = dovecot-auth
#chroot = #count = 1 #ssl_require_client_cert = no #ssl_username_from_cert = no
socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } !include_try /etc/dovecot/auth.d/*.auth }
plugin { }
# Config files can also be included. deliver doesn't support them currently. #!include /etc/dovecot/conf.d/*.conf # Optional configurations, don't give an error if it's not found: !include_try /etc/dovecot/conf.d/*.conf #!include_try /etc/dovecot/extra.conf
I wonder where I did it wrong. I did not set pam authentication.
Any help would be appreciated. Thank you
From: Timo Sirainen tss@iki.fi To: Daminto Lie dlie76@yahoo.com.au Cc: "dovecot@dovecot.org" dovecot@dovecot.org Sent: Wednesday, 31 August 2011 4:52 PM Subject: Re: [Dovecot] dovecot imap permission denied
On 31.8.2011, at 9.47, Daminto Lie wrote:
Thanks a lot Timo,
Creating directories for new users is not an issue. It's the permission that makes me headache.
The error message you showed said that the user's home directory didn't exist, and the permission problem came only because it didn't exist and Dovecot tried to create it.
I tried the following
sudo chmod o-r /home/$USER sudo chmod g+rw /home/$USER
It did not work until I did chmod 777 /home.
Right, because only then did it have enough permissions to create the home dir.
Is it safe to make home directory with permission 777?
No.