SunOS pop01.unix 5.10 Generic_118844-26 i86pc i386 i86pc dovecot-1.0.beta3
It is most likely something I am doing wrong, but could someone take a look at why I can not get LDAP prefetch to work?
If I define things like this:
dovecot.conf:
passdb ldap { args = /usr/local/etc/dovecot-ldap.conf }
userdb ldap { args = /usr/local/etc/dovecot-ldap.conf }
dovecot-ldap.conf:
base = uid=%n, o=%d, ou=mail, dc=example, dc=com user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(mail=%u)) pass_attrs = mail=user,userPassword=password,homeDirectory=userdb_home,uidNumber =userdb_uid,gidNumber=userdb_gid pass_filter = (&(objectClass=posixAccount)(mail=%u))
This works correctly. Queries LDAP twice, but retrieves home, uid, gid and mail correctly. Authenticates well.
If I replace the userdb line in dovecot.conf with:
userdb prefetch {
}
It does no longer work. The passdb query is still correct, and it is followed by a second "empty" ldap query (as seen from snoop) with the following errors:
Mar 20 15:58:06 pop01.unix dovecot: [ID 474965 mail.info] Dovecot v1.0.beta3 starting up Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default): prefetch(fred@uranus.com,172.20.12.12): userdb_uid not returned Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default): prefetch(fred@uranus.com,172.20.12.12): userdb_gid not returned Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default): userdb(fred@uranus.com,172.20.12.12): user not found from userdb Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.info] pop3-login: Internal login failure: user=<fred@uranus.com>, method=PLAIN, rip=172.20.12.12, lip=172.20.12.8
Snoop of failing lookup:
LDAP: Operation *[APPL 3: Search Request] LDAP: [Base Object] LDAP: uid=fred, o=uranus.com, ou=mail, LDAP: dc=example, dc=com [snip] LDAP: And *[0] LDAP: Equality Match *[3] LDAP: [Attr Descr] LDAP: objectClass LDAP: [Value] LDAP: posixAccount LDAP: *[3] LDAP: [OctetString] LDAP: mail LDAP: [OctetString] LDAP: fred@uranus.com LDAP: *[Sequence] LDAP: [OctetString] LDAP: mail LDAP: [OctetString] LDAP: userPassword LDAP: [OctetString] LDAP: homeDirectory LDAP: [OctetString] LDAP: uidNumber LDAP: [OctetString] LDAP: gidNumber [snip] LDAP: Operation *[APPL 4: Search ResEntry] LDAP: [Object Name] LDAP: uid=fred,o=uranus.com,ou=mail,dc LDAP: =example,dc=com LDAP: *[Partial Attributes] LDAP: *[Attribute] LDAP: [Type] LDAP: uidNumber LDAP: *[Vals] LDAP: [Value] LDAP: 105 LDAP: *[Attribute] LDAP: [Type] LDAP: gidNumber LDAP: *[Vals] LDAP: [Value] LDAP: 200 LDAP: *[Attribute] LDAP: [Type] LDAP: homeDirectory LDAP: *[Vals] LDAP: [Value] LDAP: /export/nfs/mail/com/s/u/ur LDAP: anus/fred/ LDAP: *[Attribute] LDAP: [Type] LDAP: userPassword LDAP: *[Vals] LDAP: [Value] LDAP: {crypt}QAa3SPeYrDARs (its "test", no leak fun here) LDAP: *[Attribute] LDAP: [Type] LDAP: mail LDAP: *[Vals] LDAP: [Value] LDAP: fred@uranus.com [snip] TCP: Destination port = 389 (LDAP) LDAP: ----- LDAP: ----- LDAP: LDAP: "" LDAP: TCP: Destination port = 389 (LDAP) LDAP: ----- LDAP: ----- LDAP: LDAP: "" LDAP:
Please advice!
Lund
-- Jorgen Lundman | <lundman@lundman.net> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home)
Thanks to a similar email, we discovered an userdb passwd definition still active, which would clear out the prefetch data.
Having ONLY passwd for ldap, and userdb prefetch makes it work correctly.
Lund
Jorgen Lundman wrote:
SunOS pop01.unix 5.10 Generic_118844-26 i86pc i386 i86pc dovecot-1.0.beta3
It is most likely something I am doing wrong, but could someone take a look at why I can not get LDAP prefetch to work?
If I define things like this:
dovecot.conf:
passdb ldap { args = /usr/local/etc/dovecot-ldap.conf }
userdb ldap { args = /usr/local/etc/dovecot-ldap.conf }
dovecot-ldap.conf:
base = uid=%n, o=%d, ou=mail, dc=example, dc=com user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(mail=%u)) pass_attrs = mail=user,userPassword=password,homeDirectory=userdb_home,uidNumber =userdb_uid,gidNumber=userdb_gid pass_filter = (&(objectClass=posixAccount)(mail=%u))
This works correctly. Queries LDAP twice, but retrieves home, uid, gid and mail correctly. Authenticates well.
If I replace the userdb line in dovecot.conf with:
userdb prefetch { }
It does no longer work. The passdb query is still correct, and it is followed by a second "empty" ldap query (as seen from snoop) with the following errors:
Mar 20 15:58:06 pop01.unix dovecot: [ID 474965 mail.info] Dovecot v1.0.beta3 starting up Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default): prefetch(fred@uranus.com,172.20.12.12): userdb_uid not returned Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default): prefetch(fred@uranus.com,172.20.12.12): userdb_gid not returned Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default): userdb(fred@uranus.com,172.20.12.12): user not found from userdb Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.info] pop3-login: Internal login failure: user=<fred@uranus.com>, method=PLAIN, rip=172.20.12.12, lip=172.20.12.8
Snoop of failing lookup:
LDAP: Operation *[APPL 3: Search Request] LDAP: [Base Object] LDAP: uid=fred, o=uranus.com, ou=mail, LDAP: dc=example, dc=com [snip] LDAP: And *[0] LDAP: Equality Match *[3] LDAP: [Attr Descr] LDAP: objectClass LDAP: [Value] LDAP: posixAccount LDAP: *[3] LDAP: [OctetString] LDAP: mail LDAP: [OctetString] LDAP: fred@uranus.com LDAP: *[Sequence] LDAP: [OctetString] LDAP: mail LDAP: [OctetString] LDAP: userPassword LDAP: [OctetString] LDAP: homeDirectory LDAP: [OctetString] LDAP: uidNumber LDAP: [OctetString] LDAP: gidNumber [snip] LDAP: Operation *[APPL 4: Search ResEntry] LDAP: [Object Name] LDAP: uid=fred,o=uranus.com,ou=mail,dc LDAP: =example,dc=com LDAP: *[Partial Attributes] LDAP: *[Attribute] LDAP: [Type] LDAP: uidNumber LDAP: *[Vals] LDAP: [Value] LDAP: 105 LDAP: *[Attribute] LDAP: [Type] LDAP: gidNumber LDAP: *[Vals] LDAP: [Value] LDAP: 200 LDAP: *[Attribute] LDAP: [Type] LDAP: homeDirectory LDAP: *[Vals] LDAP: [Value] LDAP: /export/nfs/mail/com/s/u/ur LDAP: anus/fred/ LDAP: *[Attribute] LDAP: [Type] LDAP: userPassword LDAP: *[Vals] LDAP: [Value] LDAP: {crypt}QAa3SPeYrDARs (its "test", no leak fun here) LDAP: *[Attribute] LDAP: [Type] LDAP: mail LDAP: *[Vals] LDAP: [Value] LDAP: fred@uranus.com [snip] TCP: Destination port = 389 (LDAP) LDAP: ----- LDAP: ----- LDAP: LDAP: "" LDAP: TCP: Destination port = 389 (LDAP) LDAP: ----- LDAP: ----- LDAP: LDAP: "" LDAP:
Please advice!
Lund
-- Jorgen Lundman | <lundman@lundman.net> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home)
Lund, I had the same issue, and solved it doing exactly what you did by NOT using prefetch, although I would prefer to. Help me understand a little better what you're saying. I also want to use multiple passdb mechanisms. Does your findings mean I basically can't do a prefetch with multiple mechanisms? I check both LDAP first, followed by /etc/passwd.
~Adam
On Tue, 4 Apr 2006, Jorgen Lundman wrote:
Thanks to a similar email, we discovered an userdb passwd definition still active, which would clear out the prefetch data.
Having ONLY passwd for ldap, and userdb prefetch makes it work correctly.
Lund
Jorgen Lundman wrote:
SunOS pop01.unix 5.10 Generic_118844-26 i86pc i386 i86pc dovecot-1.0.beta3
It is most likely something I am doing wrong, but could someone take a look at why I can not get LDAP prefetch to work?
If I define things like this:
dovecot.conf:
passdb ldap { args = /usr/local/etc/dovecot-ldap.conf }
userdb ldap { args = /usr/local/etc/dovecot-ldap.conf }
dovecot-ldap.conf:
base = uid=%n, o=%d, ou=mail, dc=example, dc=com user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(mail=%u)) pass_attrs = mail=user,userPassword=password,homeDirectory=userdb_home,uidNumber =userdb_uid,gidNumber=userdb_gid pass_filter = (&(objectClass=posixAccount)(mail=%u))
This works correctly. Queries LDAP twice, but retrieves home, uid, gid and mail correctly. Authenticates well.
If I replace the userdb line in dovecot.conf with:
userdb prefetch { }
It does no longer work. The passdb query is still correct, and it is followed by a second "empty" ldap query (as seen from snoop) with the following errors:
Mar 20 15:58:06 pop01.unix dovecot: [ID 474965 mail.info] Dovecot v1.0.beta3 starting up Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default): prefetch(fred@uranus.com,172.20.12.12): userdb_uid not returned Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default): prefetch(fred@uranus.com,172.20.12.12): userdb_gid not returned Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default): userdb(fred@uranus.com,172.20.12.12): user not found from userdb Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.info] pop3-login: Internal login failure: user=<fred@uranus.com>, method=PLAIN, rip=172.20.12.12, lip=172.20.12.8
Snoop of failing lookup:
LDAP: Operation *[APPL 3: Search Request] LDAP: [Base Object] LDAP: uid=fred, o=uranus.com, ou=mail, LDAP: dc=example, dc=com [snip] LDAP: And *[0] LDAP: Equality Match *[3] LDAP: [Attr Descr] LDAP: objectClass LDAP: [Value] LDAP: posixAccount LDAP: *[3] LDAP: [OctetString] LDAP: mail LDAP: [OctetString] LDAP: fred@uranus.com LDAP: *[Sequence] LDAP: [OctetString] LDAP: mail LDAP: [OctetString] LDAP: userPassword LDAP: [OctetString] LDAP: homeDirectory LDAP: [OctetString] LDAP: uidNumber LDAP: [OctetString] LDAP: gidNumber [snip] LDAP: Operation *[APPL 4: Search ResEntry] LDAP: [Object Name] LDAP: uid=fred,o=uranus.com,ou=mail,dc LDAP: =example,dc=com LDAP: *[Partial Attributes] LDAP: *[Attribute] LDAP: [Type] LDAP: uidNumber LDAP: *[Vals] LDAP: [Value] LDAP: 105 LDAP: *[Attribute] LDAP: [Type] LDAP: gidNumber LDAP: *[Vals] LDAP: [Value] LDAP: 200 LDAP: *[Attribute] LDAP: [Type] LDAP: homeDirectory LDAP: *[Vals] LDAP: [Value] LDAP: /export/nfs/mail/com/s/u/ur LDAP: anus/fred/ LDAP: *[Attribute] LDAP: [Type] LDAP: userPassword LDAP: *[Vals] LDAP: [Value] LDAP: {crypt}QAa3SPeYrDARs (its "test", no leak fun here) LDAP: *[Attribute] LDAP: [Type] LDAP: mail LDAP: *[Vals] LDAP: [Value] LDAP: fred@uranus.com [snip] TCP: Destination port = 389 (LDAP) LDAP: ----- LDAP: ----- LDAP: LDAP: "" LDAP: TCP: Destination port = 389 (LDAP) LDAP: ----- LDAP: ----- LDAP: LDAP: "" LDAP:
Please advice!
Lund
-- Jorgen Lundman | <lundman@lundman.net> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home)
On Tue, 2006-04-04 at 10:32 -0500, Adam M. Dunn wrote:
Lund, I had the same issue, and solved it doing exactly what you did by NOT using prefetch, although I would prefer to. Help me understand a little better what you're saying. I also want to use multiple passdb mechanisms. Does your findings mean I basically can't do a prefetch with multiple mechanisms? I check both LDAP first, followed by /etc/passwd.
I've fixed problems related to prefetch and multiple userdbs in CVS.
participants (3)
-
Adam M. Dunn
-
Jorgen Lundman
-
Timo Sirainen