[Dovecot] Master user and missing folders
Hello again.
I am trying to use a master user. The login works. However, a LIST command gives me only the INBOX. Is this to be expected? When logging in normally, I do get the full list of folders.
(using Dovecot 1.1 rc3.)
Anders.
On Sat, 2008-04-12 at 17:28 +0200, Anders wrote:
Hello again.
I am trying to use a master user. The login works. However, a LIST command gives me only the INBOX. Is this to be expected? When logging in normally, I do get the full list of folders.
Your configuration is somehow wrong then. Set mail_debug=yes and look at the logs to see where Dovecot is trying to find the mails from. If that doesn't help, post the log, your dovecot -n output and other relevant configs.
Timo Sirainen <tss@iki.fi> writes:
On Sat, 2008-04-12 at 17:28 +0200, Anders wrote:
I am trying to use a master user. The login works. However, a LIST command gives me only the INBOX. Is this to be expected? When logging in normally, I do get the full list of folders.
Your configuration is somehow wrong then. Set mail_debug=yes and look at the logs to see where Dovecot is trying to find the mails from. If that doesn't help, post the log, your dovecot -n output and other relevant configs.
It logs the correct value for "home" with mail_debug=yes. It is also able to print the correct quota values, so Dovecot seems to end up at the right place.
My test PHP program is here:
echo '<? $mbox=imap_open("{localhost:143/notls}","am*master","masterpw", OP_HALFOPEN); print_r(imap_list($mbox,"{localhost:143}","*")); print_r(imap_get_quota($mbox,""));?>'|php -qC
The log looks like this (with domain changed to example.invalid):
Apr 18 20:50:18 mail dovecot: auth(default): client in: AUTH 1 LOGIN service=imap secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=44735 Apr 18 20:50:18 mail dovecot: auth(default): client out: CONT 1 VXNlcm5hbWU6 Apr 18 20:50:18 mail dovecot: auth(default): client in: CONT<hidden> Apr 18 20:50:18 mail dovecot: auth(default): client out: CONT 1 UGFzc3dvcmQ6 Apr 18 20:50:18 mail dovecot: auth(default): client in: CONT<hidden> Apr 18 20:50:18 mail dovecot: auth(default): passwd-file(master,127.0.0.1,master): lookup: user=master file=/usr/local/dovecot/etc/passwd.masterusers Apr 18 20:50:18 mail dovecot: auth(default): passdb(master,127.0.0.1,master): Master user logging in as am Apr 18 20:50:18 mail dovecot: auth(default): ldap(am,127.0.0.1): pass search: base=dc=example, dc=invalid scope=subtree filter=(&(objectClass=gosaMailAccount)(|(mail=am)(uid=am))) fields=mail,userPassword Apr 18 20:50:18 mail dovecot: auth(default): auth(am,127.0.0.1): username changed am -> am@example.invalid Apr 18 20:50:18 mail dovecot: auth(default): ldap(am@example.invalid,127.0.0.1): result: mail(user)=am@example.invalid userPassword(password)=<hidden> Apr 18 20:50:18 mail dovecot: auth(default): client out: OK 1 user=am@example.invalid Apr 18 20:50:18 mail dovecot: auth(default): master in: REQUEST 5 6644 1 Apr 18 20:50:18 mail dovecot: auth(default): ldap(am@example.invalid,127.0.0.1): user search: base=dc=example, dc=invalid scope=subtree filter=(&(objectClass=gosaMailAccount)(mail=am@example.invalid)) fields=mail,uid,gosaMailQuota Apr 18 20:50:18 mail dovecot: auth(default): ldap(am@example.invalid,127.0.0.1): result: uid(home=/var/mail/vhosts/%d/%n)=/var/mail/vhosts/example.invalid/am mail(sieve_dir=/var/mail/vhosts/%d/%n/sieve)=/var/mail/vhosts/example.invalid/am/sieve gosaMailQuota(quota_rule=*:bytes=%$M)=*:bytes=100M Apr 18 20:50:18 mail dovecot: auth(default): master out: USER 5 am@example.invalid home=/var/mail/vhosts/example.invalid/am sieve_dir=/var/mail/vhosts/example.invalid/am/sieve quota_rule=*:bytes=100M master_user=master Apr 18 20:50:18 mail dovecot: imap-login: Login: user=<am@example.invalid>, method=LOGIN, rip=127.0.0.1, lip=127.0.0.1, secured Apr 18 20:50:18 mail dovecot: IMAP(am@example.invalid): Disconnected: Logged out bytes=78/379 Apr 18 20:50:19 mail dovecot: auth(default): new auth connection: pid=6815
My LDAP config is this:
user_attrs = mail=sieve_dir=/var/mail/vhosts/%d/%n/sieve,uid=home=/var/mail/vhosts/%d/%n,gosaMailQuota=quota_rule=*:bytes=%$M
user_filter = (&(objectClass=gosaMailAccount)(mail=%u))
pass_attrs = mail=user,userPassword=password
pass_filter = (&(objectClass=gosaMailAccount)(|(mail=%u)(uid=%u)))
And here is dovecot -n output:
# 1.1.rc4: /usr/local/dovecot-1.1rc4/etc/dovecot.conf protocols: imap imaps managesieve listen(default): 127.0.0.1 listen(imap): 127.0.0.1 listen(managesieve): * ssl_listen(default): * ssl_listen(imap): * ssl_listen(managesieve): ssl_cert_file: /etc/ssl/private/dovecot.pem disable_plaintext_auth: no login_dir: /usr/local/dovecot-1.1rc4/var/run/dovecot/login login_executable(default): /usr/local/dovecot-1.1rc4/libexec/dovecot/imap-login login_executable(imap): /usr/local/dovecot-1.1rc4/libexec/dovecot/imap-login login_executable(managesieve): /usr/local/dovecot-1.1rc4/libexec/dovecot/managesieve-login login_user: doveauth valid_chroot_dirs: /var/mail/vhosts mail_uid: vmail mail_gid: vmail mail_location: maildir:~/Maildir mail_executable(default): /usr/local/dovecot-1.1rc4/libexec/dovecot/imap mail_executable(imap): /usr/local/dovecot-1.1rc4/libexec/dovecot/imap mail_executable(managesieve): /usr/local/dovecot-1.1rc4/libexec/dovecot/managesieve mail_plugins(default): acl quota expire imap_quota mail_log mail_plugins(imap): acl quota expire imap_quota mail_log mail_plugins(managesieve): mail_plugin_dir(default): /usr/local/dovecot-1.1rc4/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/dovecot-1.1rc4/lib/dovecot/imap mail_plugin_dir(managesieve): /usr/local/dovecot-1.1rc4/lib/dovecot/managesieve imap_client_workarounds(default): delay-newmail imap_client_workarounds(imap): delay-newmail imap_client_workarounds(managesieve): sieve_storage(default): sieve_storage(imap): sieve_storage(managesieve): ~/sieve sieve(default): sieve(imap): sieve(managesieve): ~/.dovecot.sieve-not auth default: mechanisms: plain login user: dovecot master_user_separator: * debug: yes passdb: driver: passwd-file args: /usr/local/dovecot/etc/passwd.masterusers pass: yes master: yes passdb: driver: ldap args: /usr/local/dovecot/etc/dovecot-ldap.conf userdb: driver: ldap args: /usr/local/dovecot/etc/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /usr/local/dovecot/var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: quota: maildir quota_rule: *:bytes=0 quota_warning: storage=95%% /usr/local/bin/quota-warning 95 quota_warning2: storage=80%% /usr/local/bin/quota-warning 80 acl: vfile:/etc/dovecot-acls:cache_secs=300 expire: backup 30 spam 3 expire_dict: proxy::expire dict: expire: db:/usr/local/dovecot/var/expire.db
Anders <mail@flac.kalibalik.dk> writes:
It logs the correct value for "home" with mail_debug=yes. It is also able to print the correct quota values, so Dovecot seems to end up at the right place.
It was actually auth_debug that I turned on, not mail_debug. Here is the mail_debug log. It led me to suspect the acl plugin and, indeed, if I turn that one off, I can list the folders even with a master user login.
Cheers, Anders.
IMAP(am): Loading modules from directory: /usr/local/dovecot-1.1rc4/lib/dovecot/imap IMAP(am): Module loaded: /usr/local/dovecot-1.1rc4/lib/dovecot/imap/lib01_acl_plugin.so IMAP(am): Module loaded: /usr/local/dovecot-1.1rc4/lib/dovecot/imap/lib10_quota_plugin.so IMAP(am): Module loaded: /usr/local/dovecot-1.1rc4/lib/dovecot/imap/lib11_imap_quota_plugin.so IMAP(am): Module loaded: /usr/local/dovecot-1.1rc4/lib/dovecot/imap/lib20_expire_plugin.so IMAP(am): Module loaded: /usr/local/dovecot-1.1rc4/lib/dovecot/imap/lib20_mail_log_plugin.so IMAP(am): Effective uid=5000, gid=5000, home=/var/mail/vhosts/example.invalid/am IMAP(am): Quota root: name= backend=maildir args= IMAP(am): Quota rule: root= mailbox= bytes=104857600 (0%) messages=0 (0%) IMAP(am): Quota warning: bytes=99614720 (95%) messages=0 (0%) command=/usr/local/bin/quota-warning 95 IMAP(am): Quota warning: bytes=83886080 (80%) messages=0 (0%) command=/usr/local/bin/quota-warning 80 IMAP(am): maildir: data=/var/mail/vhosts/example.invalid/am/Maildir IMAP(am): maildir++: root=/var/mail/vhosts/example.invalid/am/Maildir, index=, control=, inbox=/var/mail/vhosts/example.invalid/am/Maildir IMAP(am): acl: initializing backend with data: vfile:/etc/dovecot-acls:cache_secs=300 IMAP(am): acl: acl username = master IMAP(am): acl: owner = 0 IMAP(am): acl vfile: Global ACL directory: /etc/dovecot-acls imap-login: Login: user=<am>, method=LOGIN, rip=127.0.0.1, lip=127.0.0.1, secured IMAP(am): acl vfile: file /etc/dovecot-acls//.DEFAULT not found IMAP(am): acl vfile: file /var/mail/vhosts/example.invalid/am/Maildir/dovecot-acl not found IMAP(am): Disconnected: Logged out bytes=78/379
Anders wrote:
Anders <mail@flac.kalibalik.dk> writes:
It logs the correct value for "home" with mail_debug=yes. It is also able to print the correct quota values, so Dovecot seems to end up at the right place.
It was actually auth_debug that I turned on, not mail_debug. Here is the mail_debug log. It led me to suspect the acl plugin and, indeed, if I turn that one off, I can list the folders even with a master user login.
Cheers, Anders.
IMAP(am): Loading modules from directory: /usr/local/dovecot-1.1rc4/lib/dovecot/imap IMAP(am): Module loaded: /usr/local/dovecot-1.1rc4/lib/dovecot/imap/lib01_acl_plugin.so IMAP(am): Module loaded: /usr/local/dovecot-1.1rc4/lib/dovecot/imap/lib10_quota_plugin.so IMAP(am): Module loaded: /usr/local/dovecot-1.1rc4/lib/dovecot/imap/lib11_imap_quota_plugin.so IMAP(am): Module loaded: /usr/local/dovecot-1.1rc4/lib/dovecot/imap/lib20_expire_plugin.so IMAP(am): Module loaded: /usr/local/dovecot-1.1rc4/lib/dovecot/imap/lib20_mail_log_plugin.so IMAP(am): Effective uid=5000, gid=5000, home=/var/mail/vhosts/example.invalid/am IMAP(am): Quota root: name= backend=maildir args= IMAP(am): Quota rule: root= mailbox= bytes=104857600 (0%) messages=0 (0%) IMAP(am): Quota warning: bytes=99614720 (95%) messages=0 (0%) command=/usr/local/bin/quota-warning 95 IMAP(am): Quota warning: bytes=83886080 (80%) messages=0 (0%) command=/usr/local/bin/quota-warning 80 IMAP(am): maildir: data=/var/mail/vhosts/example.invalid/am/Maildir IMAP(am): maildir++: root=/var/mail/vhosts/example.invalid/am/Maildir, index=, control=, inbox=/var/mail/vhosts/example.invalid/am/Maildir IMAP(am): acl: initializing backend with data: vfile:/etc/dovecot-acls:cache_secs=300 IMAP(am): acl: acl username = master IMAP(am): acl: owner = 0 IMAP(am): acl vfile: Global ACL directory: /etc/dovecot-acls imap-login: Login: user=<am>, method=LOGIN, rip=127.0.0.1, lip=127.0.0.1, secured IMAP(am): acl vfile: file /etc/dovecot-acls//.DEFAULT not found IMAP(am): acl vfile: file /var/mail/vhosts/example.invalid/am/Maildir/dovecot-acl not found IMAP(am): Disconnected: Logged out bytes=78/379
Hi Timo,
do you have an idea about this problem? To summarize, I cannot list folders if using a master user login and the acl plugin. (my dovecot -n output was in the message before the one quoted above)
Thanks, Anders.
On Sat, 2008-04-26 at 13:36 +0200, Anders wrote:
It was actually auth_debug that I turned on, not mail_debug. Here is the mail_debug log. It led me to suspect the acl plugin and, indeed, if I turn that one off, I can list the folders even with a master user login. .. do you have an idea about this problem? To summarize, I cannot list folders if using a master user login and the acl plugin. (my dovecot -n output was in the message before the one quoted above)
With master users ACL plugin uses the master user for ACL checks instead of the mailbox owner. That also makes the default ACL be "deny" for mailboxes.. I'm not sure if there's currently any other simple way to avoid this than to disable ACL plugin for master users.
Timo Sirainen wrote:
With master users ACL plugin uses the master user for ACL checks instead of the mailbox owner. That also makes the default ACL be "deny" for mailboxes.. I'm not sure if there's currently any other simple way to avoid this than to disable ACL plugin for master users.
Okay, I disabled the ACL plugin for master users by creating a global .DEFAULT acl file:
==== user=master lrwstiekxa owner lrwstiekxa
Was that how you meant?
Thanks, Anders.
On Sun, 2008-04-27 at 21:09 +0200, Anders wrote:
Timo Sirainen wrote:
With master users ACL plugin uses the master user for ACL checks instead of the mailbox owner. That also makes the default ACL be "deny" for mailboxes.. I'm not sure if there's currently any other simple way to avoid this than to disable ACL plugin for master users.
Okay, I disabled the ACL plugin for master users by creating a global .DEFAULT acl file:
==== user=master lrwstiekxa owner lrwstiekxa
Was that how you meant?
That probably works only for mailboxes at root level. Some day I should look into how exactly the inheritance works. I thought there was no inheritance, but someone said there was, so I'm not really sure how it works. :)
participants (2)
-
Anders
-
Timo Sirainen