Hi,
I am setting up a dovecot instance to host a bunch of virtual domains, with ldap backing for auth. I am using a single hostname for test purposes, with a couple of entries in the diectory. If I use auth binds I get a result, but this does not suit the end purpose of the server.
If I use ldapsearch with the same base, search filter, and credentials as the ldap auth config I get the correct attributes returned, and I have bit of perl that verifies the password hash matches the password provided.
I am running out of ideas here, I had thought of putting in a custom bit of perl and using the checkpassword method, but this is sub optimal. If anyone can help with this I'd be grateful.
# dovecot --version 2.2.26.0 (23d1de6)
# dovecot -n # 2.2.26.0 (23d1de6): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.8.0-1-amd64 x86_64 Debian stretch/sid ext3 auth_cache_size = 2 M auth_debug = yes auth_debug_passwords = yes auth_default_realm = maliuta.org auth_master_user_separator = * auth_mechanisms = plain login auth_realms = maliuta.org auth_verbose = yes auth_verbose_passwords = yes first_valid_uid = 117 last_valid_uid = 117 lda_mailbox_autocreate = yes login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_gid = vmail mail_location = maildir:/var/spool/vmail/%d/%n/Maildir mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded- character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/ldap/maliuta.org-ldap.conf.ext driver = ldap } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = " imap lmtp sieve" service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } user = $default_internal_user } service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl_cert =
# grep -v '^ *\(#.*\)\?$' /etc/dovecot/ldap/maliuta.org-ldap.conf.ext uris = ldap://localhost dn = cn=admin,dc=maliuta,dc=org dnpass = <secret> tls = yes tls_ca_cert_dir = /etc/ssl/certs auth_bind = no ldap_version = 3 base = ou=mail,dc=mailuta,dc=org scope = subtree default_pass_scheme = SSHA deref = never user_attrs = postfixDeliveryAddress=user user_filter = (&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson)) pass_attrs = postfixDeliveryAddress=user,userPassword=password pass_filter = (&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson)(postfixD eliveryAddress=%u)) iterate_attrs = uid=user iterate_filter = (objectClass=postfixMailPerson)
# ldapsearch -H ldap://localhost:389 -x -D 'cn=admin,dc=maliuta,dc=org' -W -b "ou=mail,dc=maliuta,dc=org" -s sub -LLL -ZZ '(&(postfixDeliveryEnabled=TRUE)(objectClass=postfixMailPerson)(postfixDeliveryAddress=nikolai@test.maliuta.org))' uid userPassword Enter LDAP Password: dn: mail=nikolai@test.maliuta.org,ou=mail,dc=maliuta,dc=org uid: nikolai userPassword:: e1NTSEF9QVBZMTlaeGw1cWd0a25XeGxURXdqM2g5Yk5YL3BxOGY=
## From /var/log/mail.log
Nov 20 07:24:20 kiliya dovecot: auth: Debug: auth client connected (pid=27086)
Nov 20 07:24:20 kiliya dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=1kW2C65BFI2WZbl8#011lip=
-- Nikolai Lusan nikolai@lusan.id.au