[Dovecot] In-site migration from /etc/passwd to LDAP
I'm doing in-site migration of accounts from /etc/passwd to an LDAP directory. The migration should be progressive (not all users at the same time).
I'm already able to check mail for accounts in /etc/passwd and accounts in LDAP.
The problem is with mail delivery. I'm using Postfix + Dovecot-LDA. This is the error I get with every delivery
-- dovecot: Oct 03 00:16:09 Info: auth(default): master in: USER 1 moya service=deliver dovecot: Oct 03 00:16:09 Info: auth(default): ldap(moya): user search: base=ou=users,dc=sld,dc=cu scope=subtree filter=(&(objectClass=posixAccount)(uid=moya)) fields=sldMailbox,uidNumber dovecot: Oct 03 00:16:09 Info: auth(default): master out: USER 1 moya home=/srv/vmail/m/moya/ uid=29174 gid=101 deliver(moya): Oct 03 00:16:09 Fatal: setuid(29174) failed: Operation not permitted
29174 is the uid for moya, is the same in /etc/passwd or in LDAP via posixAccount class.
Any advise please?
Regards, maykel
Maybe you need to setuid deliver?
Aaaaaaaaaagur.
El Wednesday 03 October 2007 06:18:47 Maykel Moya escribió:
I'm doing in-site migration of accounts from /etc/passwd to an LDAP directory. The migration should be progressive (not all users at the same time).
I'm already able to check mail for accounts in /etc/passwd and accounts in LDAP.
The problem is with mail delivery. I'm using Postfix + Dovecot-LDA. This is the error I get with every delivery
-- dovecot: Oct 03 00:16:09 Info: auth(default): master in: USER 1 moya service=deliver dovecot: Oct 03 00:16:09 Info: auth(default): ldap(moya): user search: base=ou=users,dc=sld,dc=cu scope=subtree filter=(&(objectClass=posixAccount)(uid=moya)) fields=sldMailbox,uidNumber dovecot: Oct 03 00:16:09 Info: auth(default): master out: USER 1 moya home=/srv/vmail/m/moya/ uid=29174 gid=101 deliver(moya): Oct 03 00:16:09 Fatal: setuid(29174) failed: Operation not permitted
29174 is the uid for moya, is the same in /etc/passwd or in LDAP via posixAccount class.
Any advise please?
Regards, maykel
-- Joseba Torre. CIDIR Bizkaia.
- Joseba Torre <joseba.torre@ehu.es>:
Maybe you need to setuid deliver?
Aaaaaaaaaagur.
El Wednesday 03 October 2007 06:18:47 Maykel Moya escribió:
I'm doing in-site migration of accounts from /etc/passwd to an LDAP directory. The migration should be progressive (not all users at the same time).
I'm already able to check mail for accounts in /etc/passwd and accounts in LDAP.
The problem is with mail delivery. I'm using Postfix + Dovecot-LDA. This is the error I get with every delivery
-- dovecot: Oct 03 00:16:09 Info: auth(default): master in: USER 1 moya service=deliver dovecot: Oct 03 00:16:09 Info: auth(default): ldap(moya): user search: base=ou=users,dc=sld,dc=cu scope=subtree filter=(&(objectClass=posixAccount)(uid=moya)) fields=sldMailbox,uidNumber dovecot: Oct 03 00:16:09 Info: auth(default): master out: USER 1 moya home=/srv/vmail/m/moya/ uid=29174 gid=101 deliver(moya): Oct 03 00:16:09 Fatal: setuid(29174) failed: Operation not permitted
29174 is the uid for moya, is the same in /etc/passwd or in LDAP via posixAccount class.
Any advise please?
When you migrate an account also migrate the UID and GID to the user that runs deliver.
p@rick
-- state of mind Agentur für Kommunikation, Design und Softwareentwicklung
Patrick Koetter Tel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de
Amtsgericht München Partnerschaftsregister PR 563
El mié, 03-10-2007 a las 12:07 +0200, Patrick Ben Koetter escribió:
When you migrate an account also migrate the UID and GID to the user that runs deliver.
AFAIK deliver runs under dovecot user. Documentation say that dovecot user should not be used for owning mailboxes.
Besides, I wouldn't like to change UIDs so I can go back with minimal effort in case of a problem with the new setup. When the system probes itself stable enough I will migrate them to a pure virtual mail setup.
Regards, maykel
- Maykel Moya <moya@infomed.sld.cu>:
El mié, 03-10-2007 a las 12:07 +0200, Patrick Ben Koetter escribió:
When you migrate an account also migrate the UID and GID to the user that runs deliver.
AFAIK deliver runs under dovecot user. Documentation say that dovecot user should not be used for owning mailboxes.
"the user that runs deliver" and not the user who owns the deliver binary! You've added some user and group in Postfix master.cf to run deliver. This user must be able to access (rwx) the mailbox.
Besides, I wouldn't like to change UIDs so I can go back with minimal effort in case of a problem with the new setup. When the system probes itself stable enough I will migrate them to a pure virtual mail setup.
Your decision.
p@rick
-- state of mind Agentur für Kommunikation, Design und Softwareentwicklung
Patrick Koetter Tel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de
Amtsgericht München Partnerschaftsregister PR 563
participants (3)
-
Joseba Torre
-
Maykel Moya
-
Patrick Ben Koetter