Hello, I am in the process of moving a previously working dovecot setup to a new authentication system. The identity management system, kanidm, uses a Pam module and NSS backend to provide user info. Authentication works normally on the machine, but Dovecot is having a lot of trouble, logging:
Error: Invalid uid in reply Error: Invalid gid in reply
I ran doveadm -D user jesse@waffle.tech as a test, and I see:
Feb 17 21:58:33 doveadm(jesse@waffle.tech)<17666><>: Debug: auth-master: userdb lookup(jesse@waffle.tech): Started userdb lookup Feb 17 21:58:33 doveadm(jesse@waffle.tech)<17666><>: Debug: auth-master: conn unix:/run/dovecot/auth-userdb: Connecting Feb 17 21:58:33 doveadm(jesse@waffle.tech)<17666><>: Debug: auth-master: conn unix:/run/dovecot/auth-userdb (pid=17635,uid=0): Client connected (fd=9) Feb 17 21:58:33 doveadm(jesse@waffle.tech)<17666><>: Debug: auth-master: userdb lookup(jesse@waffle.tech): auth USER input: jesse system_groups_user=jesse uid=4123057063 gid=4123057063 home=/var/mail/jesse mail=maildir:/var/mail/jesse/Maildir Feb 17 21:58:33 doveadm(jesse@waffle.tech)<17666><>: Debug: auth-master: userdb lookup(jesse@waffle.tech): Finished userdb lookup (username=jesse system_groups_user=jesse uid=4123057063 gid=4123057063 home=/var/mail/jesse mail=maildir:/var/mail/jesse/Maildir) Feb 17 21:58:33 doveadm(jesse@waffle.tech)<17666><>: Error: Invalid uid in reply Feb 17 21:58:33 doveadm(jesse@waffle.tech)<17666><>: Error: Invalid gid in reply
We can see the UID and GID in the debug output, but it comes out blank in the final info. I'm having a hard time finding what the cause could be, is it possible that these UID/GID values are too large? that's about the only thing I can think of right now.
This is Dovecot 2.3.21 (47349e2482) on Fedora 39.
Thanks, jc
-- J. B. Crawford jesse@jbcrawford.us (575) 303-9001