postfix+dovecot and usernames different to e-mail addresses
Hi,
I want to replace an old mailserver setup with postfix+dovecot. The problem I'm facing now is, that the old system had usernames different to the e-mail address of the user. For example:
E-Mail-Address: foo@example.com Username: foo-example.com
I configured postfix so that it passes mails to dovecot using the following command (master.cf):
dovecot unix - n n - - pipe flags=DRhu user=mail-data:mail-data argv=/usr/lib/dovecot /dovecot-lda -a $(recipient)
When dovecot now receives an e-mail from postfix it logs
dovecot: lda(mail-data): Error: User initialization failed: Namespace 'INBOX.': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir dovecot: lda: Fatal: Invalid user settings. Refer to server log for more information.
My dovecot-ldap configuration looks quite simple:
hosts = 192.168.0.1,192.168.0.2 dn = cn=mailadmin,dc=example,dc=com dnpass = foo auth_bind = yes ldap_version = 3 base = ou=users,dc=example,dc=com user_attrs = mailMessageStore=home user_filter = (&(objectClass=qmailUser)(uid=%u)) pass_filter = (&(objectClass=qmailUser)(uid=%u))
I think dovecot does not know that the username is not the e-mail address, but how can I tell him?
Furthermore we have alternative addresses here, so for example there may be an e-mail address bar@example.com owned by foo-example.com who has foo@example.com as primary address.
Dovecot itself (IMAP) works fine, so here it can find the correct Maildir for the user. The difference is, that I connect using the username instead of the e-mail address in this case.
# dovecot --version 2.2.22 (fe789d2) # postconf -d | grep mail_version mail_version = 3.1.0 # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04 LTS Release: 16.04 Codename: xenial
Thanks for your help Benjamin
On Wed, Jun 8, 2016 at 10:13 AM, Benjamin dovecot@benjaminhubert.at wrote:
My dovecot-ldap configuration looks quite simple:
hosts = 192.168.0.1,192.168.0.2 dn = cn=mailadmin,dc=example,dc=com dnpass = foo auth_bind = yes ldap_version = 3 base = ou=users,dc=example,dc=com user_attrs = mailMessageStore=home user_filter = (&(objectClass=qmailUser)(uid=%u)) pass_filter = (&(objectClass=qmailUser)(uid=%u))
I think dovecot does not know that the username is not the e-mail address, but how can I tell him?
Furthermore we have alternative addresses here, so for example there may be an e-mail address bar@example.com owned by foo-example.com who has foo@example.com as primary address.
You need user_filter and pass_filter to recognize also the email addresses IMHO.
Mine look like: pass_filter = (&(objectClass=suseMailRecipient)(|(alias=%n)(uid=%n))) user_filter = (&(objectClass=suseMailRecipient)(|(alias=%n)(uid=%n)))
You have to adapt to your own ldap attributes and use the correct variable (%n) to match your usecase. My users can login (and receive mails) via all of their aliases, primary address (part of the alias set) or their username.
HTH, Wolfgang
Thank you for this hint, but no, that does not work.
Does Dovecot really use this user_filter when postfix passes mail using the dovecot-lda command?
I now tried it with
user_filter = (&(objectClass=qmailUser)(|(uid=%u)(mail=%u)))and when I search with this filter in LDAP directly (using the recipients e-mail address as %u) it returns the wanted user.
I also ensured, postfix passes the e-mail address as argument by playing around with master.cf, and it does. At the moment the dovecot line looks as follows:
dovecot unix - n n - - pipe
flags=DRhu user=mail-data:mail-data argv=/usr/lib/dovecot/dovecot-lda -a ${recipient}
Dovecot still tells me that it does not find the home directory for the user.
Benjamin
On 06/08/2016 10:45 PM, Wolfgang Rosenauer wrote:
On Wed, Jun 8, 2016 at 10:13 AM, Benjamin dovecot@benjaminhubert.at wrote:
My dovecot-ldap configuration looks quite simple:
hosts = 192.168.0.1,192.168.0.2 dn = cn=mailadmin,dc=example,dc=com dnpass = foo auth_bind = yes ldap_version = 3 base = ou=users,dc=example,dc=com user_attrs = mailMessageStore=home user_filter = (&(objectClass=qmailUser)(uid=%u)) pass_filter = (&(objectClass=qmailUser)(uid=%u))
I think dovecot does not know that the username is not the e-mail address, but how can I tell him?
Furthermore we have alternative addresses here, so for example there may be an e-mail address bar@example.com owned by foo-example.com who has foo@example.com as primary address.
You need user_filter and pass_filter to recognize also the email addresses IMHO.
Mine look like: pass_filter = (&(objectClass=suseMailRecipient)(|(alias=%n)(uid=%n))) user_filter = (&(objectClass=suseMailRecipient)(|(alias=%n)(uid=%n)))
You have to adapt to your own ldap attributes and use the correct variable (%n) to match your usecase. My users can login (and receive mails) via all of their aliases, primary address (part of the alias set) or their username.
HTH, Wolfgang
Ok. The problem seems to be something different. I found out that even if I pass the real username (foo-example.com) to dovecot-lda, dovecot tells me
Error: User initialization failed: Namespace 'INBOX.': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir
Why does dovecot find the home when accessed via IMAP, but not when accessed via dovecot-lda?
Benjamin
On 06/09/2016 04:03 PM, Benjamin wrote:
Thank you for this hint, but no, that does not work.
Does Dovecot really use this user_filter when postfix passes mail using the dovecot-lda command?
I now tried it with
user_filter = (&(objectClass=qmailUser)(|(uid=%u)(mail=%u)))and when I search with this filter in LDAP directly (using the recipients e-mail address as %u) it returns the wanted user.
I also ensured, postfix passes the e-mail address as argument by playing around with master.cf, and it does. At the moment the dovecot line looks as follows:
dovecot unix - n n - - pipe flags=DRhu user=mail-data:mail-dataargv=/usr/lib/dovecot/dovecot-lda -a ${recipient}
Dovecot still tells me that it does not find the home directory for the user.
Benjamin
On 06/08/2016 10:45 PM, Wolfgang Rosenauer wrote:
On Wed, Jun 8, 2016 at 10:13 AM, Benjamin dovecot@benjaminhubert.at wrote:
My dovecot-ldap configuration looks quite simple:
hosts = 192.168.0.1,192.168.0.2 dn = cn=mailadmin,dc=example,dc=com dnpass = foo auth_bind = yes ldap_version = 3 base = ou=users,dc=example,dc=com user_attrs = mailMessageStore=home user_filter = (&(objectClass=qmailUser)(uid=%u)) pass_filter = (&(objectClass=qmailUser)(uid=%u))
I think dovecot does not know that the username is not the e-mail address, but how can I tell him?
Furthermore we have alternative addresses here, so for example there may be an e-mail address bar@example.com owned by foo-example.com who has foo@example.com as primary address.
You need user_filter and pass_filter to recognize also the email addresses IMHO.
Mine look like: pass_filter = (&(objectClass=suseMailRecipient)(|(alias=%n)(uid=%n))) user_filter = (&(objectClass=suseMailRecipient)(|(alias=%n)(uid=%n)))
You have to adapt to your own ldap attributes and use the correct variable (%n) to match your usecase. My users can login (and receive mails) via all of their aliases, primary address (part of the alias set) or their username.
HTH, Wolfgang
Hi,
On Thu, Jun 9, 2016 at 5:13 PM, Benjamin dovecot@benjaminhubert.at wrote:
Ok. The problem seems to be something different. I found out that even if I pass the real username (foo-example.com) to dovecot-lda, dovecot tells me
Error: User initialization failed: Namespace 'INBOX.': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir
Why does dovecot find the home when accessed via IMAP, but not when accessed via dovecot-lda?
actually good question. I have to admit I only use LMTP and for that it works for me. I left out some more settings which might be important for you: pass_attrs = uid=user user_attrs = uid=user,=uid=600,=gid=600,=home=/srv/dovecot/%n,suseImapQuota=quota_rule=*:storage=%{ldap:suseImapQuota}M
since obviously the search itself it not sufficient. You need to make sure that the right mailbox is addressed in the end via the uid=user In your configuration you do not return a user at all so this can be a problem IMHO.
To me it seems that dovecot-lda is just ignoring all my LDAP configuration. I now added
=mail=maildir:%{ldap:mailMessageStore}/Maildir
to user_attrs, but dovecot still logs
Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir
Do I have to include the configuration somewhere else? It's only referenced in auth-ldap.conf.ext twice (passdb, userdb):
root@mailtest:/etc/dovecot# grep ldap /etc/dovecot/conf.d/* conf.d/10-auth.conf:!include auth-ldap.conf.ext conf.d/auth-ldap.conf.ext: driver = ldap conf.d/auth-ldap.conf.ext: args = /etc/dovecot/dovecot-ldap.conf.ext conf.d/auth-ldap.conf.ext: driver = ldap conf.d/auth-ldap.conf.ext: args = /etc/dovecot/dovecot-ldap.conf.ext
Benjamin
On 06/09/2016 06:26 PM, Wolfgang Rosenauer wrote:
Hi,
On Thu, Jun 9, 2016 at 5:13 PM, Benjamin dovecot@benjaminhubert.at wrote:
Ok. The problem seems to be something different. I found out that even if I pass the real username (foo-example.com) to dovecot-lda, dovecot tells me
Error: User initialization failed: Namespace 'INBOX.': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir
Why does dovecot find the home when accessed via IMAP, but not when accessed via dovecot-lda?
actually good question. I have to admit I only use LMTP and for that it works for me. I left out some more settings which might be important for you: pass_attrs = uid=user user_attrs = uid=user,=uid=600,=gid=600,=home=/srv/dovecot/%n,suseImapQuota=quota_rule=*:storage=%{ldap:suseImapQuota}M
since obviously the search itself it not sufficient. You need to make sure that the right mailbox is addressed in the end via the uid=user In your configuration you do not return a user at all so this can be a problem IMHO.
participants (2)
-
Benjamin
-
Wolfgang Rosenauer