[Dovecot] v1.1 alpha1: can't pop/imap login with LDAP
Hi,
We recentlty upgraded our dovecot from v1.0.2 to v1.1ahpha1 under CentOS 4.4. Also, we are using Postfix 2.4.3 and OpenLDAP 2.3.35. We've been using LDAP for our POP/IAMP user authentication, however after upgrading to v1.1alpha1, LDAP authentication does't seem to be working properly.
We re-examined the source code, and made a few modification.
We are suspecting that...
(1) db-ldap.c is not handling value properly?? (2) userdb-ldap.c is not allocating memory for userdb_reply??
The modification we made are following:
*** src/auth/db-ldap.c.orig Thu Jul 12 10:42:49 2007 --- src/auth/db-ldap.c Tue Jul 24 20:20:31 2007
*** 55,60 **** --- 55,62 ---- BerElement *ber;
string_t *var, *debug;
int value_index;
};
#define DEF_STR(name) DEF_STRUCT_STR(name, ldap_settings)
*** 764,769 **** --- 766,772 ---- ctx->vals = ldap_get_values(ctx->conn->ld, ctx->entry, ctx->attr); ctx->value = ctx->vals[0];
ctx->value_index = 0;
}
static void
*** 797,804 **** db_ldap_result_change_attr(ctx); } else { /* continuing existing attribute */ ! if (ctx->value != NULL) ! ctx->value++; }
if (ctx->value != NULL) {
--- 800,806 ---- db_ldap_result_change_attr(ctx); } else { /* continuing existing attribute */ ! ctx->value = ctx->vals[++ctx->value_index]; }
if (ctx->value != NULL) {
*** src/auth/userdb-ldap.c.orig Thu Jul 12 10:42:49 2007 --- src/auth/userdb-ldap.c Tue Jul 24 20:33:45 2007
*** 37,42 **** --- 37,44 ---- struct db_ldap_result_iterate_context *ldap_iter; const char *name, *const *values;
auth_request_init_userdb_reply(auth_request);
ldap_iter = db_ldap_result_iterate_init(conn, entry, auth_request, conn->user_attr_map); while (db_ldap_result_iterate_next_all(ldap_iter, &name, &values)) {
With the modification, LDAP authentication is working without any problem, at least for our system. However we are not sure whether the above modification affect other functions of dovecot. Is there an official patch to fix the problem already released? And somehow we missed it? If there is no patch, then will there be any to be released sometime in near future?
By the way, our dovecot configuration is:
protocols: imap pop3 listen(default): *:40143 listen(imap): *:40143 listen(pop3): *:40110 ssl_disable: yes disable_plaintext_auth: no login_dir: /opt/mrn/mss/var/run/dovecot/login login_executable(default): /opt/mrn/mss/libexec/dovecot/imap-login login_executable(imap): /opt/mrn/mss/libexec/dovecot/imap-login login_executable(pop3): /opt/mrn/mss/libexec/dovecot/pop3-login mail_location: maildir:~/mail mmap_disable: yes mail_executable(default): /opt/mrn/mss/libexec/dovecot/imap mail_executable(imap): /opt/mrn/mss/libexec/dovecot/imap mail_executable(pop3): /opt/mrn/mss/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /opt/mrn/mss/lib/dovecot/imap mail_plugin_dir(imap): /opt/mrn/mss/lib/dovecot/imap mail_plugin_dir(pop3): /opt/mrn/mss/lib/dovecot/pop3 auth default: mechanisms: plain login cram-md5 apop username_translation: %@ verbose: yes debug: yes passdb: driver: ldap args: /opt/mrn/mss/etc/dovecot-ldap.conf userdb: driver: prefetch userdb: driver: ldap args: /opt/mrn/mss/etc/dovecot-ldap.conf socket: type: listen master: path: /opt/mrn/mss/var/run/dovecot/auth-master mode: 384 user: mssmail group: mssmail plugin: quota: maildir:ignore=Trash
And our dovecot-ldap.conf is:
hosts =localhost:40389
dn =cn=Manager,o=internet,c=jp
dnpass = ********
auth_bind = no
ldap_version = 3
base = ou=mail,o=internet,c=jp
user_attrs =
mail=user,uidNumber=uid,gidNumber=gid,homeDirectory=home,mailQuota=quota=maildir:ignore=Trash:storage
user_filter = (&(objectClass=mailAccount)(mail=%u))
pass_attrs =
mail=user,userPassword=password,uidNumber=userdb_uid,gidNumber=userdb_gid,homeDirectory=userdb_home,mailQuota=userdb_quota=maildir:igno
re=Trash:storage
pass_filter = (&(objectClass=mailAccount)(mail=%u))
default_pass_scheme = PLAIN
Thanks in advance,
-- Katsu Yamamoto Marino Ltd., Yokohama, JAPAN
On Wed, 2007-07-25 at 11:30 +0900, Katsu Yamamoto wrote:
We re-examined the source code, and made a few modification.
We are suspecting that...
(1) db-ldap.c is not handling value properly?? (2) userdb-ldap.c is not allocating memory for userdb_reply??
Thanks, fixed: http://hg.dovecot.org/dovecot/rev/d779b7220e23
user_attrs = mail=user,uidNumber=uid,gidNumber=gid,homeDirectory=home,mailQuota=quota=maildir:ignore=Trash:storage
With this v1.1 the mailQuota is better set as:
mailQuota=quota=maildir:ignore=Trash:storage=%$
Currently the old way works too, but I'm not sure if I should just remove it, because some people would want to return static key=value pairs, and that's not possible currently.
participants (2)
-
Katsu Yamamoto
-
Timo Sirainen