[Dovecot] domain variable still empty
Hello all,
First, thanks for your help with my previous NFS problem. I am trying to mount a mail server, with debian and dovecot 1.2.
Until now, I have both shared and public folders working, on a NFS share. indexes are stored locally, as well as per user flags. Sive is also working :-)
Now, I'd like to restrict sharing by domain, and for this, to use the "%d" variable
When I authenticate, for instance using arodier@red2team, the authentication works. However, the "%d" variable is still empty, when I'd like it to contains "red2team"
Here my config:
# 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.1 nfs4 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps managesieve ssl: required disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_greeting: Titan Ready mail_access_groups: mails mail_privileged_group: mails mail_uid: vmails mail_gid: mails mail_location: maildir:/home/emails/%d/%n/Maildir:INDEX=/var/mail/indexes/%n:CONTROL=/var/mail/indexes/%n mail_debug: yes mmap_disable: yes fsync_disable: yes mail_nfs_storage: yes lock_method: flock mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugins(default): quota imap_quota acl imap_acl fts fts_squat mail_plugins(imap): quota imap_quota acl imap_acl fts fts_squat mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve namespace: type: private separator: / location: maildir:/home/emails/%d/%n/Maildir:INDEX=/var/mail/indexes/private/%n:CONTROL=/var/mail/indexes/private/%n inbox: yes list: yes subscriptions: yes namespace: type: shared separator: / prefix: Shared/%%u/ location: maildir:/home/emails/%d/%%n/Maildir:INDEX=/var/mail/indexes/users/%n/%%n:CONTROL=/var/mail/indexes/users/%n/%%n list: children namespace: type: public separator: / prefix: Team/ location: maildir:/home/emails/%d/Public/Maildir/:INDEX=/var/mail/indexes/public/%n list: yes lda: postmaster_address: postmaster@red2group.com hostname: smtp1.red2group.com mail_plugins: quota acl sieve auth_socket_path: /var/run/dovecot/auth-master auth default: mechanisms: plain login default_realm: red2team username_format: %u verbose: yes debug: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 438 plugin: quota: maildir acl: vfile:/etc/dovecot/acls/:cache_secs=300 acl: vfile acl_shared_dict: proxy::acl sieve: /home/emails/%d/%n/Filters/Active.sieve sieve_dir: /home/emails/%d/%n/Filters fts: squat dict: quota: ldap:/etc/dovecot/dovecot-ldap.conf acl: mysql:/etc/dovecot/dovecot-mysql.conf
This is now the content of the dovecot-ldap config
auth_bind = yes base = dc=red2,dc=srv default_pass_scheme = PLAIN-MD5 hosts = callisto.red2.srv thebe.red2.srv ldap_version = 3 pass_filter = (&(objectClass=posixAccount)(uid=%n)) scope = subtree user_attrs = homeDirectory=home,gosaMailQuota=quota_rule=*:storage=%$M, mail_plugins user_filter = (&(objectClass=posixAccount)(uid=%n))
What surprise me is this line during the authentication: ===> auth(arodier@red2team,10.10.2.19): username changed arodier@red2team -> arodier
Any idea, please ? I am stuck on that since two days !
Kind regards, André.
On 11.4.2011, at 0.19, Andre Rodier wrote:
What surprise me is this line during the authentication: ===> auth(arodier@red2team,10.10.2.19): username changed arodier@red2team -> arodier
That means that the username gets changed from %n = arodier and %d = redteam2 to %n = arorier and %d = empty. So I don't understand why %d would ever be anything else than empty.
On Mon, 11 Apr 2011 00:35:33 +0300, Timo Sirainen wrote:
On 11.4.2011, at 0.19, Andre Rodier wrote:
What surprise me is this line during the authentication: ===> auth(arodier@red2team,10.10.2.19): username changed arodier@red2team -> arodier
That means that the username gets changed from %n = arodier and %d = redteam2 to %n = arorier and %d = empty. So I don't understand why %d would ever be anything else than empty.
Thanks Timo,
it was what I thought. However, even if I know know the cause, it doesn't help me too much to do what I want.
In the link provided, none of the reason is applied in my settings.
- My auth_username_format is set to the full username+domain, event empty, it's dropped.
- I use LDAP, not SQL, so I don't know how to return the domain from my query.
The question is now, how can I return both the username and the domain from LDAP, please ? Once I have the answer, I can add the information to the wiki page.
However, it seems I can use this method, specified on this page: http://wiki.dovecot.org/AuthDatabase/LDAP/Userdb:
You can add static fields that aren't looked up from LDAP (v1.1.rc5+). For example create a "mail" field with value "/var/vmail/%d/%n": user_attrs =
quotaBytes=quota_rule=*:bytes=%$,
=mail=/var/vmail/%d/%n
It is exactly what I want to do. But once I have created a "mail" field, how can I access this field from the main dovecot configuration file, please ?
Thanks for your answer and your patience.
Once I have finished to setup my environment, I'll publish a document to help others.
Kind regards,
Andre Rodier
On Mon, 11 Apr 2011 06:11:08 +0100, Andre Rodier wrote:
On Mon, 11 Apr 2011 00:35:33 +0300, Timo Sirainen wrote:
On 11.4.2011, at 0.19, Andre Rodier wrote:
What surprise me is this line during the authentication: ===> auth(arodier@red2team,10.10.2.19): username changed arodier@red2team -> arodier
That means that the username gets changed from %n = arodier and %d = redteam2 to %n = arorier and %d = empty. So I don't understand why %d would ever be anything else than empty.
Thanks Timo,
it was what I thought. However, even if I know know the cause, it doesn't help me too much to do what I want.
In the link provided, none of the reason is applied in my settings.
- My auth_username_format is set to the full username+domain, event empty, it's dropped.
- I use LDAP, not SQL, so I don't know how to return the domain from my query.
The question is now, how can I return both the username and the domain from LDAP, please ? Once I have the answer, I can add the information to the wiki page.
However, it seems I can use this method, specified on this page: http://wiki.dovecot.org/AuthDatabase/LDAP/Userdb:
You can add static fields that aren't looked up from LDAP (v1.1.rc5+). For example create a "mail" field with value "/var/vmail/%d/%n": user_attrs =
quotaBytes=quota_rule=*:bytes=%$,
=mail=/var/vmail/%d/%nIt is exactly what I want to do. But once I have created a "mail" field, how can I access this field from the main dovecot configuration file, please ?
Thanks for your answer and your patience.
Once I have finished to setup my environment, I'll publish a document to help others.
Kind regards,
Hello again, Timo, I am nearly there.
I finally got it working, using the ldap prefetch option. I don't know why, but it is only in this way that the '%d' domain is kept after the authentication:
Now, this line is normally resolved in my private namespace (mail location) => location = maildir:/home/emails/%d/%%n/Maildir:
In my dovecot ldap configuration:
-8<-------------------------------------------------------------------------------------------------------------------- hosts = callisto.red2.srv thebe.red2.srv auth_bind = yes ldap_version = 3 base = dc=red2,dc=srv scope = subtree user_attrs = gosaMailQuota=quota_rule=*:storage=%$M,=home=/home/emails/%d/%n,=mail=/home/emails/%d/%n, mail_plugins user_filter = (&(objectClass=posixAccount)(uid=%n)) pass_attrs = uid=uid,userPassword=password,\
=userdb_home=/home/emails/%d/%n,gosaMailQuota=userdb_quotarule=*:storage=%$M pass_filter = (&(objectClass=posixAccount)(uid=%n)(ou=%d)) default_pass_scheme = PLAIN-MD5 -8<--------------------------------------------------------------------------------------------------------------------
Obviously, I now need to cleanup and remove all options that are not needed.
Kind regards, André
On Mon, 11 Apr 2011 07:42:21 +0100, Andre Rodier wrote:
On Mon, 11 Apr 2011 06:11:08 +0100, Andre Rodier wrote:
On Mon, 11 Apr 2011 00:35:33 +0300, Timo Sirainen wrote:
On 11.4.2011, at 0.19, Andre Rodier wrote:
What surprise me is this line during the authentication: ===> auth(arodier@red2team,10.10.2.19): username changed arodier@red2team -> arodier
That means that the username gets changed from %n = arodier and %d
redteam2 to %n = arorier and %d = empty. So I don't understand why %d would ever be anything else than empty.
Thanks Timo,
it was what I thought. However, even if I know know the cause, it doesn't help me too much to do what I want.
In the link provided, none of the reason is applied in my settings.
- My auth_username_format is set to the full username+domain, event empty, it's dropped.
- I use LDAP, not SQL, so I don't know how to return the domain from my query.
The question is now, how can I return both the username and the domain from LDAP, please ? Once I have the answer, I can add the information to the wiki page.
However, it seems I can use this method, specified on this page: http://wiki.dovecot.org/AuthDatabase/LDAP/Userdb:
You can add static fields that aren't looked up from LDAP (v1.1.rc5+). For example create a "mail" field with value "/var/vmail/%d/%n": user_attrs =
quotaBytes=quota_rule=*:bytes=%$,
=mail=/var/vmail/%d/%nIt is exactly what I want to do. But once I have created a "mail" field, how can I access this field from the main dovecot configuration file, please ?
Thanks for your answer and your patience.
Once I have finished to setup my environment, I'll publish a document to help others.
Kind regards,
Hello again, Timo, I am nearly there.
I finally got it working, using the ldap prefetch option. I don't know why, but it is only in this way that the '%d' domain is kept after the authentication:
Now, this line is normally resolved in my private namespace (mail location) => location = maildir:/home/emails/%d/%%n/Maildir:
In my dovecot ldap configuration:
-8<-------------------------------------------------------------------------------------------------------------------- hosts = callisto.red2.srv thebe.red2.srv auth_bind = yes ldap_version = 3 base = dc=red2,dc=srv scope = subtree user_attrs =
gosaMailQuota=quota_rule=*:storage=%$M,=home=/home/emails/%d/%n,=mail=/home/emails/%d/%n, mail_plugins user_filter = (&(objectClass=posixAccount)(uid=%n)) pass_attrs = uid=uid,userPassword=password,\
=userdb_home=/home/emails/%d/%n,gosaMailQuota=userdb_quotarule=*:storage=%$M pass_filter = (&(objectClass=posixAccount)(uid=%n)(ou=%d)) default_pass_scheme = PLAIN-MD5
-8<--------------------------------------------------------------------------------------------------------------------
Obviously, I now need to cleanup and remove all options that are not needed.
Kind regards, André
Hi everybody,
It is me again, a typo error that I want to inform people. The resolved line I gave in example is my shared namespace. But the private namespace works as well.
The private namespace location: -8<-------------------------------------------------------------------------------------------------------------------- location = maildir:~/Maildir:INDEX=/var/mail/indexes/private/%n:CONTROL=/var/mail/indexes/private/%n -8<--------------------------------------------------------------------------------------------------------------------
The shared namespace location: -8<-------------------------------------------------------------------------------------------------------------------- location = maildir:/home/emails/%d/%%n/Maildir: -8<--------------------------------------------------------------------------------------------------------------------
The only strange thing, is that the quota seems to have been cached. After changing the value on my LDAP server, the value is read, but both roundcube and thunderbird are displaying the same percentage.
It will be another thread, now.
Kind regards, André.
participants (2)
-
Andre Rodier
-
Timo Sirainen