Hello
I'm trying to do an ldap proxy but it is not working, it just continues to access the user's mailbox. I was able to do a proxy with a user in a "passwd-file", but not ldap directory. Here is part my "args" file on the passdb ldap stanza:
base = dc=example,dc=com auth_bind = yes pass_filter = (&(objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=%u)(BCMailDovecotProxyHost=*)) pass_attrs = uid=user,proxy,BCMailDovecotProxyHost=host
I've turned on auth_verbose, debug, etc and still can't figure out why it wont proxy. Ive tried adding user_attrs (the same as the pass attrs). I've even just put nologin in the pass_attrs but the user is still able to login, its like that field is not being processed.
Harrison Metzger
On Tue, 2007-11-20 at 21:08 -0600, Harrison Metzger wrote:
Hello
I'm trying to do an ldap proxy but it is not working, it just continues to access the user's mailbox. I was able to do a proxy with a user in a "passwd-file", but not ldap directory. Here is part my "args" file on the passdb ldap stanza:
auth_bind = yes
I'm not sure if this affects it. It shouldn't, but you could try if it works without.
pass_attrs = uid=user,proxy,BCMailDovecotProxyHost=host
This looks ok.
I've turned on auth_verbose, debug, etc and still can't figure out why it wont proxy. Ive tried adding user_attrs (the same as the pass attrs). I've even just put nologin in the pass_attrs but the user is still able to login, its like that field is not being processed.
What do the logs show with auth_debug=yes?
I turned auth_bind off by commenting it out. Here is what my logs show:
Nov 26 07:40:56 holiday dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip=127.0.0.1 rip=127.0.0.1 resp=AGFwcGxlc2VqAHRhYmxl Nov 26 07:40:56 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): pass search: base=dc=beloit,dc=edu scope=subtree filter=(&(objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=applesej)) fields=uid,proxy,nologin,nodelay,BCMailDovecotProxyHost Nov 26 07:40:56 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): result: uid(user)=applesej BCMailDovecotProxyHost(host)=144.89.40.1 Nov 26 07:40:56 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): No password in reply Nov 26 07:40:57 holiday dovecot: auth(default): client out: FAIL 1 user=applesej temp host=144.89.40.1 Nov 26 07:40:59 holiday dovecot: pop3-login: Aborted login: user=<applesej>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
When auth_bind = yes, it simply allows the user to login and reads from their local mailbox.
Harrison Metzger
On Nov 26, 2007 7:33 AM, Timo Sirainen tss@iki.fi wrote:
Hello
I'm trying to do an ldap proxy but it is not working, it just continues to access the user's mailbox. I was able to do a proxy with a user in a "passwd-file", but not ldap directory. Here is part my "args" file on
On Tue, 2007-11-20 at 21:08 -0600, Harrison Metzger wrote: the
passdb ldap stanza:
auth_bind = yes
I'm not sure if this affects it. It shouldn't, but you could try if it works without.
pass_attrs = uid=user,proxy,BCMailDovecotProxyHost=host
This looks ok.
I've turned on auth_verbose, debug, etc and still can't figure out why it wont proxy. Ive tried adding user_attrs (the same as the pass attrs). I've even just put nologin in the pass_attrs but the user is still able to login, its like that field is not being processed.
What do the logs show with auth_debug=yes?
On Mon, 2007-11-26 at 07:46 -0600, Harrison Metzger wrote:
pass search: base=dc=beloit,dc=edu scope=subtree filter=(&(objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=applesej)) fields=uid,proxy,nologin,nodelay,BCMailDovecotProxyHost Nov 26 07:40:56 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): result: uid(user)=applesej BCMailDovecotProxyHost(host)=144.89.40.1
It looks for "proxy" field, but it doesn't get proxy field on return. So I guess it doesn't exist in LDAP? If you want to proxy all users, you could use for example uid=proxy in pass_attrs.
I changed it so that proxy would be populated by an existing ldap attribute. Here are what my logs show now:
Nov 26 08:42:01 holiday dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip=127.0.0.1 rip=127.0.0.1 resp=AGFwcGxlc2VqAHRhYmxl Nov 26 08:42:01 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): bind search: base=dc=beloit,dc=edu filter=(&(objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=applesej)) Nov 26 08:42:01 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): result: uid(user)=applesej cn(proxy)=John Applesead BCMailDovecotProxyHost(host)=144.89.40.1 Nov 26 08:42:01 holiday dovecot: auth(default): ldap(applesej,127.0.0.1): bind: dn=uid=applesej,ou=People,dc=beloit,dc=edu Nov 26 08:42:01 holiday dovecot: auth(default): client out: OK 1 user=applesej proxy host=144.89.40.1 pass=xxxxxx Nov 26 08:42:01 holiday dovecot: auth(default): master in: REQUEST 1 21209 1 Nov 26 08:42:01 holiday dovecot: auth(default): Master request 21209.1 not found Nov 26 08:42:01 holiday dovecot: auth(default): master out: NOTFOUND 1 Nov 26 08:42:01 holiday dovecot: pop3-login: Internal login failure: user=<applesej>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
I know this user can proxy because when I set it up to do it by passwd-file it works. On Nov 26, 2007 8:07 AM, Timo Sirainen tss@iki.fi wrote:
On Mon, 2007-11-26 at 07:46 -0600, Harrison Metzger wrote:
pass search: base=dc=beloit,dc=edu scope=subtree
filter=(&(objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=applesej))
fields=uid,proxy,nologin,nodelay,BCMailDovecotProxyHost Nov 26 07:40:56 holiday dovecot: auth(default): ldap(applesej,127.0.0.1 ): result: uid(user)=applesej BCMailDovecotProxyHost(host)=144.89.40.1
It looks for "proxy" field, but it doesn't get proxy field on return. So I guess it doesn't exist in LDAP? If you want to proxy all users, you could use for example uid=proxy in pass_attrs.
Ok. I got it to work. I changed this:
pass_attrs = uid=user,cn=proxy,BCMailDovecotProxyHost=host,gidNumber=nologin,uidNumber=nodelay
By adding nologin and nodelay it seems to work. Also, I have to have each map to a unique ldap field or it won't like that. (If people have less than 4 entries in their ldap entry it may actually be a problem then. haha) The static fields would be really nice, Once redhat decides to put 1.1 in their repository it will wind up on the machine. Until then, this way seems to work. Thanks for your help.
Harrison Metzger
On Nov 26, 2007 8:50 AM, Harrison Metzger harrisonmetz@gmail.com wrote:
I changed it so that proxy would be populated by an existing ldap attribute. Here are what my logs show now:
Nov 26 08:42:01 holiday dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip= 127.0.0.1 rip=127.0.0.1 resp=AGFwcGxlc2VqAHRhYmxl Nov 26 08:42:01 holiday dovecot: auth(default): ldap(applesej,127.0.0.1 ): bind search: base=dc=beloit,dc=edu filter=(&(objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=applesej)) Nov 26 08:42:01 holiday dovecot: auth(default): ldap(applesej, 127.0.0.1): result: uid(user)=applesej cn(proxy)=John Applesead BCMailDovecotProxyHost(host)=144.89.40.1 Nov 26 08:42:01 holiday dovecot: auth(default): ldap(applesej, 127.0.0.1): bind: dn=uid=applesej,ou=People,dc=beloit,dc=edu Nov 26 08:42:01 holiday dovecot: auth(default): client out: OK 1 user=applesej proxy host=144.89.40.1 pass=xxxxxx Nov 26 08:42:01 holiday dovecot: auth(default): master in: REQUEST 1 21209 1 Nov 26 08:42:01 holiday dovecot: auth(default): Master request 21209.1 not found Nov 26 08:42:01 holiday dovecot: auth(default): master out: NOTFOUND 1 Nov 26 08:42:01 holiday dovecot: pop3-login: Internal login failure: user=<applesej>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
I know this user can proxy because when I set it up to do it by passwd-file it works.
On Nov 26, 2007 8:07 AM, Timo Sirainen tss@iki.fi wrote:
On Mon, 2007-11-26 at 07:46 -0600, Harrison Metzger wrote:
pass search: base=dc=beloit,dc=edu scope=subtree
filter=(&(objectClass=BCMailAccount)(BCMailEnable=true)(BCMailDovecotEnable=true)(uid=applesej))
fields=uid,proxy,nologin,nodelay,BCMailDovecotProxyHost Nov 26 07:40:56 holiday dovecot: auth(default): ldap(applesej, 127.0.0.1): result: uid(user)=applesej BCMailDovecotProxyHost(host)= 144.89.40.1
It looks for "proxy" field, but it doesn't get proxy field on return. So I guess it doesn't exist in LDAP? If you want to proxy all users, you could use for example uid=proxy in pass_attrs.
participants (2)
-
Harrison Metzger
-
Timo Sirainen