GSSAPI mail home mapping problem
Hello,
I'm trying to map authenticated kerberos users to mail_location,
The problem when I set mail_home = /var/mail/virtual/domain1.zw.loca/%n works fine.
But if mail_home is set as /var/mail/virtual/%d/%n
I get
Apr 12 19:53:18 postfix10 dovecot: imap-login: Login: user=<user0>, method=GSSAPI, rip=172.16.0.44, lip=10.16.0.220, mpid=2428, session=<iPA4Yc6/lJCsEAAs> Apr 12 19:53:18 postfix10 dovecot: imap(user0@domain1.zw.local =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Added userdb setting: plugin/=yes Apr 12 19:53:18 postfix10 dovecot: imap(user0@domain1.zw.local =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Effective uid=5000, gid=5000, home=/var/mail/virtual/domain1.zw.local =login_user=user0/user0
Right here, I can't figure out why login_user=user0/user0
Apr 12 19:53:18 postfix10 dovecot: imap(user0@domain1.zw.local =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/mail
Now login_user=user0
Apr 12 19:53:18 postfix10 dovecot: imap(user0@domain1.zw.local =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: maildir++: root=/var/mail/virtual/domain1.zw.local =login_user=user0/user0/mail, index=, indexpvt=, control=, inbox=/var/mail/virtual/domain1.zw.local =login_user=user0/user0/mail, alt=
then login_user=user0/user0/mail
Apr 12 19:53:18 postfix10 dovecot: imap(user0@domain1.zw.local =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Mailbox INBOX: Mailbox opened because: SELECT
doveconf -n # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 5.10.0-7-amd64 x86_64 Debian 10.6 # Hostname: postfix10.zw.local auth_debug = yes auth_gssapi_hostname = $ALL auth_krb5_keytab = /etc/dovecot/imap.keytab auth_mechanisms = gssapi auth_verbose = yes disable_plaintext_auth = no import_environment = TZ KRB5CCNAME=/etc/dovecot/imap.ticket KRB5_KTNAME=/etc/dovecot/imap.keytab mail_debug = yes mail_gid = 5000 mail_home = /var/mail/virtual/%d/%n mail_location = maildir:~/mail mail_privileged_group = mail mail_uid = 5000 namespace inbox { disabled = no inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocols = " imap lmtp pop3" service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = no ssl_cert = </etc/dovecot/private/dovecot.pem ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } userdb { driver = prefetch } protocol lmtp { postmaster_address = postmaster@zw.local }
egrep -v "^$|^#" /etc/dovecot/dovecot-ldap.conf.ext
uris = ldap://ldap10.zw.local
auth_bind = yes
sasl_bind = yes
sasl_mech = gssapi
sasl_realm = zw.local
debug_level = -1
ldap_version = 3
base = dc=zw,dc=local
user_attrs =
=user=%{ldap:mail}
=login_user=%{ldap:uid}
user_filter = (uid=%n)
pass_attrs =
=user=%{ldap:uid},
=k5principals=%{ldap:krbPrincipalName}
pass_filter = (&(objectClass=krbPrincipalAux)(uid=%n))
-- Lucas Castro
Sorry, my fault, I missed some comma on user and pass attrs.
On 8/10/21 1:31 PM, Lucas Castro wrote:
Hello,
I'm trying to map authenticated kerberos users to mail_location,
The problem when I set mail_home = /var/mail/virtual/domain1.zw.loca/%n works fine.
But if mail_home is set as /var/mail/virtual/%d/%n
I get
Apr 12 19:53:18 postfix10 dovecot: imap-login: Login: user=<user0>, method=GSSAPI, rip=172.16.0.44, lip=10.16.0.220, mpid=2428, session=<iPA4Yc6/lJCsEAAs> Apr 12 19:53:18 postfix10 dovecot: imap(user0@domain1.zw.local =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Added userdb setting: plugin/=yes Apr 12 19:53:18 postfix10 dovecot: imap(user0@domain1.zw.local =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Effective uid=5000, gid=5000, home=/var/mail/virtual/domain1.zw.local =login_user=user0/user0
Right here, I can't figure out why login_user=user0/user0
Apr 12 19:53:18 postfix10 dovecot: imap(user0@domain1.zw.local =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/mail
Now login_user=user0
Apr 12 19:53:18 postfix10 dovecot: imap(user0@domain1.zw.local =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: maildir++: root=/var/mail/virtual/domain1.zw.local =login_user=user0/user0/mail, index=, indexpvt=, control=, inbox=/var/mail/virtual/domain1.zw.local =login_user=user0/user0/mail, alt=
then login_user=user0/user0/mail
Apr 12 19:53:18 postfix10 dovecot: imap(user0@domain1.zw.local =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Mailbox INBOX: Mailbox opened because: SELECT
doveconf -n # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 5.10.0-7-amd64 x86_64 Debian 10.6 # Hostname: postfix10.zw.local auth_debug = yes auth_gssapi_hostname = $ALL auth_krb5_keytab = /etc/dovecot/imap.keytab auth_mechanisms = gssapi auth_verbose = yes disable_plaintext_auth = no import_environment = TZ KRB5CCNAME=/etc/dovecot/imap.ticket KRB5_KTNAME=/etc/dovecot/imap.keytab mail_debug = yes mail_gid = 5000 mail_home = /var/mail/virtual/%d/%n mail_location = maildir:~/mail mail_privileged_group = mail mail_uid = 5000 namespace inbox { disabled = no inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = type = private } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocols = " imap lmtp pop3" service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = no ssl_cert = </etc/dovecot/private/dovecot.pem ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } userdb { driver = prefetch } protocol lmtp { postmaster_address = postmaster@zw.local }
egrep -v "^$|^#" /etc/dovecot/dovecot-ldap.conf.ext uris = ldap://ldap10.zw.local auth_bind = yes sasl_bind = yes sasl_mech = gssapi sasl_realm = zw.local debug_level = -1 ldap_version = 3 base = dc=zw,dc=local user_attrs =
=user=%{ldap:mail}
=login_user=%{ldap:uid} user_filter = (uid=%n) pass_attrs =
=user=%{ldap:uid},
=k5principals=%{ldap:krbPrincipalName} pass_filter = (&(objectClass=krbPrincipalAux)(uid=%n))
-- Lucas Castro
participants (1)
-
Lucas Castro