Hi all,
so far I had a setup where Dovecot was using a passwd file as userdb and passdb. Postfix was then authenticating with Dovecot via SASL to validate user accounts.
Now I added an LDAP backend and would like to use that for Dovecot and Postfix. My first approach was to change the passdb to use the LDAP driver with the following settings:
hosts = openldap:1389 base = ou=users,dc=example,dc=com auth_bind = yes auth_bind_userdn = uid=%n,ou=users,dc=example,dc=com
And I changed the userdb driver to static since anyway there is just the vmail system account for all virtual user mailboxes.
This is working as expected for the IMAP connections. But postfix authentication fails as it is apparently using a wrong user_filter. This is what I see in the logs from OpenLDAP:
docker-openldap-1 | 645908ae.1d975b70 0x7fe379297700 conn=1347 fd=12 ACCEPT from IP=172.19.0.7:52144 (IP=0.0.0.0:1389) docker-openldap-1 | 645908ae.1d98571f 0x7fe379a98700 conn=1347 op=0 BIND dn="" method=128 docker-openldap-1 | 645908ae.1d993bd7 0x7fe379a98700 conn=1347 op=0 RESULT tag=97 err=0 qtime=0.000009 etime=0.000072 text= docker-postfix-1 | May 08 14:35:26 nest postfix/smtpd[12455]: 8A9FC1E03C5: client=mo4-p01-ob.smtp.rzone.de[85.215.255.51] docker-postfix-1 | May 08 14:35:26 nest postfix/cleanup[12461]: 8A9FC1E03C5: message-id=713569303.508224.1683556526256@webmail.strato.de docker-postfix-1 | May 08 14:35:26 nest postfix/qmgr[951]: 8A9FC1E03C5: from=moritz@pflanzer.eu, size=3340, nrcpt=1 (queue active) docker-postfix-1 | May 08 14:35:26 nest postfix/smtpd[12455]: disconnect from mo4-p01-ob.smtp.rzone.de[85.215.255.51] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 docker-openldap-1 | 645908ae.2616b031 0x7fe379297700 conn=1347 op=1 SRCH base="ou=users,dc=example,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=moritz@example.com))" docker-openldap-1 | 645908ae.26179272 0x7fe379297700 conn=1347 op=1 SRCH attr=uid docker-openldap-1 | 645908ae.2619389b 0x7fe379297700 conn=1347 op=1 SEARCH RESULT tag=101 err=32 qtime=0.000017 etime=0.000221 nentries=0 text=
I tried setting the user_filter manually to "user_filter = (mail=%u)" but that doesn't have any effect.
Is this the expected behavior from Dovecot? I guess I can get it working by using the ldap driver for the userdb as well. But is that the best approach since I technically don't need it for dovecot itself. Or should I now change the postfix config as well to directly authenticate against the LDAP server instead of using SASL with Dovecot?
Looking forward to recommendations, Moritz