Dovecot with LDAP/AD has problem with uid/gid
Hi list!
I have a Server connected to an AD and I need to configure Dovecot to authenticate the users against the AD (with password and GSSAPI).
Now I'm trying to connect Dovecot to the AD with password. The authentication works, but I always got this error:
Apr 2 13:03:49 mail dovecot: pop3-login: Login: user=<lucabert>, method=PLAIN, rip=192.168.50.1, lip=192.168.50.3, mpid=3508, session=<ZWJDc34vDgDAqDIB> Apr 2 13:03:49 mail dovecot: pop3(lucabert): Error: stat(/var/spool/mail/lucabert/tmp) failed: Permission denied (euid=10001(lucabert) egid=10000(domain users) missing +x perm: /var/spool/mail/lucabert, dir owned by 1005:8 mode=0700) Apr 2 13:03:49 mail dovecot: pop3(lucabert): Error: Couldn't open INBOX: Internal error occurred. Refer to server log for more information. [2016-04-02 13:03:49]
My configuration:
# 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-83-generic x86_64 Ubuntu 14.04.4 LTS nfs auth_gssapi_hostname = mail.cch.intra auth_mechanisms = plain login cram-md5 gssapi auth_use_winbind = yes auth_username_chars = disable_plaintext_auth = no login_greeting = mail.cch.intra ready. mail_fsync = always mail_gid = 8 mail_location = maildir:/var/spool/mail/%Ln mail_nfs_index = yes mail_uid = 1005 mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocols = " imap pop3" ssl_cert =
auth-ldap.conf.ext:
passdb { driver = ldap
# Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext args = /etc/dovecot/dovecot-ldap.conf.ext }
userdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext
# Default fields can be used to specify defaults that LDAP may override #default_fields = home=/home/virtual/%u override_fields = uid=1005 gid=8 euid=1005 }
and in my /etc/dovecot/dovecot-ldap.conf.ext I have:
user_attrs =
=uid=1005,
=gid=8,
=quota_rule=*:bytes=%{ldap:quotaBytes},
=home=/var/spool/mail/%{ldap:sAMAccountName},
=mail=maildir:/var/spool/mail/%{ldap:sAMAccountName}/Maildir
But it seems that all these settings for uid/gid will be ignored/overwritten... Of course the Mailboxes have user 1005 and group 8.
Can someone help me?
Thanks Luca Bertoncello (lucabert@lucabert.de)
Luca Bertoncello lucabert@lucabert.de schrieb:
But it seems that all these settings for uid/gid will be ignored/overwritten... Of course the Mailboxes have user 1005 and group 8.
Well, I got it... I had in my 10-auth.conf (installation from Ubuntu-package)
!include auth-system.conf.extand it was the problem...
Now I have another problem: I can just login with password and not with GSSAPI... If I try to use GSSAPI I got in the log:
Apr 2 13:43:00 mail dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Apr 2 13:43:00 mail dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Apr 2 13:43:00 mail dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libmech_gssapi.so
Apr 2 13:43:00 mail dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Apr 2 13:43:00 mail dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libauthdb_ldap.so
Apr 2 13:43:00 mail dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Apr 2 13:43:00 mail dovecot: auth: Debug: auth client connected (pid=4018)
Apr 2 13:43:00 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.50.54, lip=192.168.50.3, TLS, session=
Any idea?
Thanks Luca Bertoncello (lucabert@lucabert.de)
participants (1)
-
Luca Bertoncello