Hi, I try to use the MailCrypt plugin with Floder encryption and encrypted user keys, using LDAP. I use Dovecot 2.2.27 (c0f36b0) I follow the wiki: https://wiki2.dovecot.org/Plugins/MailCrypt

doveconf -n and dovecot-ldap.conf.ext attached to this message.

I well configured slapd to let dovecot's dn query the userPassword (hashed password SSHA). I use fusiondirectory-mail plugin:

$ ldapsearch -D 'cn=dovecot,ou=dsa,dc=foo,dc=bar' -W -LLL '(&(objectClass=gosaMailAccount)(objectClass=posixAccount)(uid=<user>))' 'userPassword' dn: cn=<user>,ou=people,dc=foo,dc=bar userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

The problem is that mails still readable and no keys are generated, even if a send a mail to this address, or login through webmail. I wait more than 1h until something happens, Cf: https://dovecot.org/list/dovecot/2018-September/112763.html

If I try to generate keys manually I get this error:

$ doeveadm mailbox cryptokey generate -u <user> doveadm(<user>): Error: mail_crypt_user_generate_keypair(<user>) failed: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key Folder Public ID x ERROR: mail_crypt_require_encrypted_user_key set, cannot generate user keypair without password or key doveadm(<user>): Warning: Timeout leak: 0x7f0c439c0180 (mail-index-alloc-cache.c:240)

It works with -o plugin/mail_crypt_private_password=<password> of course, but by hand it's not the goal ><

I probably miss something, I guess that the part of the wiki about sql and password_query is only for configuration that use SQL for dbuser. Is there similar things to do with LDAP?

Thank you very much for your time.

-- f00wl FELINN https://felinn.org