Hi Team,
I have enabled LDAP authentication with webmail client and it works successfully. But I found an error with LDAP user's mail. Email is not loaded when I log with an LDAP user. Login phase is successful and mail box is the issue. I created a mail user without including LDAP and that user works fine.
Issue comes only with LDAP users.
*Anushka Bandara* Research Engineer Lanka Software Foundation +94715846018
Here is my doveconf -n
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.9.125-linuxkit x86_64 Ubuntu 18.04.2 LTS overlay
auth_cache_size = 10 M
auth_mechanisms = plain login
auth_username_format = %n
disable_plaintext_auth = no
imap_idle_notify_interval = 4 mins
listen = *
log_path = /var/log/dovecot.log
login_greeting = Dovecot ready.
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_gid = 5000
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_plugins = " mail_crypt quota"
mail_privileged_group = vmail
mail_uid = 5000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
imapsieve_mailbox1_before = file:/var/mail/sieve/global/learn-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before = file:/var/mail/sieve/global/learn-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_name = *
mail_crypt_curve = prime256v1
mail_crypt_save_version = 2
quota = maildir:User quota
quota_exceeded_message = Benutzer %u hat das Speichervolumen überschritten. / User %u has exhausted allowed storage space.
sieve = file:/var/mail/sieve/%d/%n/scripts;active=/var/mail/sieve/%d/%n/active-script.sieve
sieve_before = /var/mail/sieve/global/spam-global.sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
sieve_pipe_bin_dir = /usr/bin
sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap lmtp sieve
service auth-worker {
user = vmail
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.copper.opensource.lk/.fullchain.pem
ssl_key = # hidden, use -P to show it
userdb {
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = static
}
protocol lmtp {
mail_plugins = " mail_crypt quota sieve"
postmaster_address = postmaster@copper.opensource.lk
}
protocol lda {
mail_plugins = " mail_crypt quota"
postmaster_address = postmaster@copper.opensource.lk
}
protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep
mail_max_userip_connections = 20
mail_plugins = " mail_crypt quota imap_quota imap_sieve"
}
protocol pop3 {
mail_max_userip_connections = 20
mail_plugins = " mail_crypt quota"
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
}
On Mon, Mar 18, 2019 at 10:17 AM Anushka Bandara <anushkab@opensource.lk> wrote:
Hi Team,
I have enabled LDAP authentication with webmail client and it works successfully. But I found an error with LDAP user's mail. Email is not loaded when I log with an LDAP user. Login phase is successful and mail box is the issue. I created a mail user without including LDAP and that user works fine.
Issue comes only with LDAP users.
*Anushka Bandara* Research Engineer Lanka Software Foundation +94715846018
To be honest, I can't really understand your issue. Can you explain what you did, what you expected to happen and what happened instead? Also include any relevant log lines.
Aki
On 18.3.2019 7.02, Anushka Bandara via dovecot wrote:
Here is my doveconf -n
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.9.125-linuxkit x86_64 Ubuntu 18.04.2 LTS overlay
auth_cache_size = 10 M
auth_mechanisms = plain login
auth_username_format = %n
disable_plaintext_auth = no
imap_idle_notify_interval = 4 mins
listen = *
log_path = /var/log/dovecot.log
login_greeting = Dovecot ready.
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_gid = 5000
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_plugins = " mail_crypt quota"
mail_privileged_group = vmail
mail_uid = 5000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
imapsieve_mailbox1_before = file:/var/mail/sieve/global/learn-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before = file:/var/mail/sieve/global/learn-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_name = *
mail_crypt_curve = prime256v1
mail_crypt_save_version = 2
quota = maildir:User quota
quota_exceeded_message = Benutzer %u hat das Speichervolumen überschritten. / User %u has exhausted allowed storage space.
sieve = file:/var/mail/sieve/%d/%n/scripts;active=/var/mail/sieve/%d/%n/active-script.sieve
sieve_before = /var/mail/sieve/global/spam-global.sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
sieve_pipe_bin_dir = /usr/bin
sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap lmtp sieve
service auth-worker {
user = vmail
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.copper.opensource.lk/.fullchain.pem <http://mail.copper.opensource.lk/.fullchain.pem>
ssl_key = # hidden, use -P to show it
userdb {
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = static
}
protocol lmtp {
mail_plugins = " mail_crypt quota sieve"
postmaster_address = postmaster@copper.opensource.lk <mailto:postmaster@copper.opensource.lk>
}
protocol lda {
mail_plugins = " mail_crypt quota"
postmaster_address = postmaster@copper.opensource.lk <mailto:postmaster@copper.opensource.lk>
}
protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep
mail_max_userip_connections = 20
mail_plugins = " mail_crypt quota imap_quota imap_sieve"
}
protocol pop3 {
mail_max_userip_connections = 20
mail_plugins = " mail_crypt quota"
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
}
On Mon, Mar 18, 2019 at 10:17 AM Anushka Bandara <anushkab@opensource.lk <mailto:anushkab@opensource.lk>> wrote:
Hi Team, I have enabled LDAP authentication with webmail client and it works successfully. But I found an error with LDAP user's mail. Email is not loaded when I log with an LDAP user. Login phase is successful and mail box is the issue. I created a mail user without including LDAP and that user works fine. Issue comes only with LDAP users. *Anushka Bandara* Research Engineer Lanka Software Foundation +94715846018
I suggest you try adding extra attributes to LDAP replies:
https://wiki.dovecot.org/AuthDatabase/LDAP/Userdb#Attribute_templates_.28v2....
Primarily, define "mail=" explicitly.
And then compare auth userdb outputs in logs for both LDAP and non-LDAP.
Hope this helps.
18.03.2019 12:25, Anushka Uditha Bandara wrote:
Hi,
Here is my "/etc/dovecot/dovecot-ldap.conf.ext". I couldn't find a fix.
hosts = ldap dn = cn=ro,dc=mail,dc=mail,dc=lk dnpass = roadmin auth_bind = yes auth_bind_userdn = uid=%n,ou=Users,dc=mai,dc=mail,dc=lk ldap_version = 3 base = ou=Users,dc=mail,dc=mail,dc=lk deref = never scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(cn=%n)) pass_attrs = mail=user,userPassword=password pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))
tls_ca_cert_file = /etc/letsencrypt/live/mail.lsf.mail.lk/.fullchain.pem <http://mail.lsf.mail.lk/.fullchain.pem> tls_ca_cert_dir = /etc/letsencrypt/live/mail.lsf.mail.lk/ <http://mail.lsf.mail.lk/> tls_cipher_suite = SECURE256:-VERS-SSL3.0 tls_cert_file =/etc/letsencrypt/live/mail.lsf.mail.lk/.fullchain.pem <http://mail.lsf.mail.lk/.fullchain.pem> tls_key_file =/etc/letsencrypt/live/mail.lsf.mail.lk/.privkey.pem <http://mail.lsf.mail.lk/.privkey.pem> tls_require_cert = try debug_level = -1
A problem with your /etc/dovecot/dovecot-ldap.conf.ext ? Can you attach it?
Try: auth_verbose = yes auth_verbose_passwords = no auth_debug = yes auth_debug_passwords = no
and compare those strings in logs for LDAP and non-LDAP logins:
auth: Debug: master userdb out: USER 47054849 support@example.com home=... mail=maildir:....
18.03.2019 7:47, Anushka Bandara via dovecot пишет:
Hi Team,
I have enabled LDAP authentication with webmail client and it works successfully. But I found an error with LDAP user's mail. Email is not loaded when I log with an LDAP user. Login phase is successful and mail box is the issue. I created a mail user without including LDAP and that user works fine.
Issue comes only with LDAP users.
*Anushka Bandara* Research Engineer Lanka Software Foundation +94715846018
participants (3)
-
Aki Tuomi
-
Anushka Bandara
-
Dmitry Donskih