LDAP users issue

Anushka Bandara

18 Mar 2019 18 Mar '19

6:47 a.m.

Hi Team,

I have enabled LDAP authentication with webmail client and it works successfully. But I found an error with LDAP user's mail. Email is not loaded when I log with an LDAP user. Login phase is successful and mail box is the issue. I created a mail user without including LDAP and that user works fine.

Issue comes only with LDAP users.

*Anushka Bandara* Research Engineer Lanka Software Foundation +94715846018

Attachments:

attachment.html (text/html — 960 bytes)

Show replies by date

Anushka Bandara

18 Mar 18 Mar

7:02 a.m.

Here is my doveconf -n

# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf

# Pigeonhole version 0.4.21 (92477967)

# OS: Linux 4.9.125-linuxkit x86_64 Ubuntu 18.04.2 LTS overlay

auth_cache_size = 10 M

auth_mechanisms = plain login

auth_username_format = %n

disable_plaintext_auth = no

imap_idle_notify_interval = 4 mins

listen = *

log_path = /var/log/dovecot.log

login_greeting = Dovecot ready.

mail_attribute_dict = file:%h/Maildir/dovecot-attributes

mail_gid = 5000

mail_location = maildir:/var/mail/vhosts/%d/%n

mail_plugins = " mail_crypt quota"

mail_privileged_group = vmail

mail_uid = 5000

managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve

namespace inbox {

inbox = yes

location =

mailbox Archive {

auto = subscribe

special_use = \Archive

}

mailbox Drafts {

auto = subscribe

special_use = \Drafts

}

mailbox Junk {

auto = subscribe

special_use = \Junk

}

mailbox Sent {

auto = subscribe

special_use = \Sent

}

mailbox "Sent Messages" {

special_use = \Sent

}

mailbox Spam {

auto = subscribe

special_use = \Junk

}

mailbox Trash {

auto = subscribe

special_use = \Trash

}

prefix =

}

passdb {

args = /etc/dovecot/dovecot-ldap.conf.ext

driver = ldap

}

plugin {

imapsieve_mailbox1_before = file:/var/mail/sieve/global/learn-spam.sieve

imapsieve_mailbox1_causes = COPY

imapsieve_mailbox1_name = Spam

imapsieve_mailbox2_before = file:/var/mail/sieve/global/learn-ham.sieve

imapsieve_mailbox2_causes = COPY

imapsieve_mailbox2_from = Spam

imapsieve_mailbox2_name = *

mail_crypt_curve = prime256v1

mail_crypt_save_version = 2

quota = maildir:User quota

quota_exceeded_message = Benutzer %u hat das Speichervolumen überschritten. / User %u has exhausted allowed storage space.

sieve = file:/var/mail/sieve/%d/%n/scripts;active=/var/mail/sieve/%d/%n/active-script.sieve

sieve_before = /var/mail/sieve/global/spam-global.sieve

sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment

sieve_pipe_bin_dir = /usr/bin

sieve_plugins = sieve_imapsieve sieve_extprograms

}

protocols = imap lmtp sieve

service auth-worker {

user = vmail

}

service auth {

unix_listener /var/spool/postfix/private/auth {

group = postfix

mode = 0666

user = postfix

}

unix_listener auth-userdb {

mode = 0600

user = vmail

}

user = dovecot

}

service imap-login {

inet_listener imap {

port = 143

}

inet_listener imaps {

port = 993

ssl = yes

}

service lmtp {

unix_listener /var/spool/postfix/private/dovecot-lmtp {

group = postfix

mode = 0600

user = postfix

}

service pop3-login {

inet_listener pop3 {

port = 0

}

inet_listener pop3s {

port = 995

ssl = yes

}

ssl = required

ssl_cert =

ssl_key = # hidden, use -P to show it

userdb {

args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n

driver = static

}

protocol lmtp {

mail_plugins = " mail_crypt quota sieve"

postmaster_address = postmaster@copper.opensource.lk

}

protocol lda {

mail_plugins = " mail_crypt quota"

postmaster_address = postmaster@copper.opensource.lk

}

protocol imap {

imap_client_workarounds = tb-extra-mailbox-sep

mail_max_userip_connections = 20

mail_plugins = " mail_crypt quota imap_quota imap_sieve"

}

protocol pop3 {

mail_max_userip_connections = 20

mail_plugins = " mail_crypt quota"

pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

pop3_uidl_format = %08Xu%08Xv

}

On Mon, Mar 18, 2019 at 10:17 AM Anushka Bandara anushkab@opensource.lk wrote:

...

Hi Team,

I have enabled LDAP authentication with webmail client and it works successfully. But I found an error with LDAP user's mail. Email is not loaded when I log with an LDAP user. Login phase is successful and mail box is the issue. I created a mail user without including LDAP and that user works fine.

Issue comes only with LDAP users.

*Anushka Bandara* Research Engineer Lanka Software Foundation +94715846018

Aki Tuomi

8:59 a.m.

To be honest, I can't really understand your issue. Can you explain what you did, what you expected to happen and what happened instead? Also include any relevant log lines.

Aki

On 18.3.2019 7.02, Anushka Bandara via dovecot wrote:

...

Here is my doveconf -n

# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf

# Pigeonhole version 0.4.21 (92477967)

# OS: Linux 4.9.125-linuxkit x86_64 Ubuntu 18.04.2 LTS overlay

auth_cache_size = 10 M

auth_mechanisms = plain login

auth_username_format = %n

disable_plaintext_auth = no

imap_idle_notify_interval = 4 mins

listen = *

log_path = /var/log/dovecot.log

login_greeting = Dovecot ready.

mail_attribute_dict = file:%h/Maildir/dovecot-attributes

mail_gid = 5000

mail_location = maildir:/var/mail/vhosts/%d/%n

mail_plugins = " mail_crypt quota"

mail_privileged_group = vmail

mail_uid = 5000

managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve

namespace inbox {

inbox = yes

location =

mailbox Archive {

auto = subscribe

special_use = \Archive

}

mailbox Drafts {

auto = subscribe

special_use = \Drafts

}

mailbox Junk {

auto = subscribe

special_use = \Junk

}

mailbox Sent {

auto = subscribe

special_use = \Sent

}

mailbox "Sent Messages" {

special_use = \Sent

}

mailbox Spam {

auto = subscribe

special_use = \Junk

}

mailbox Trash {

auto = subscribe

special_use = \Trash

}

prefix =

}

passdb {

args = /etc/dovecot/dovecot-ldap.conf.ext

driver = ldap

}

plugin {

imapsieve_mailbox1_before = file:/var/mail/sieve/global/learn-spam.sieve

imapsieve_mailbox1_causes = COPY

imapsieve_mailbox1_name = Spam

imapsieve_mailbox2_before = file:/var/mail/sieve/global/learn-ham.sieve

imapsieve_mailbox2_causes = COPY

imapsieve_mailbox2_from = Spam

imapsieve_mailbox2_name = *

mail_crypt_curve = prime256v1

mail_crypt_save_version = 2

quota = maildir:User quota

quota_exceeded_message = Benutzer %u hat das Speichervolumen überschritten. / User %u has exhausted allowed storage space.

sieve = file:/var/mail/sieve/%d/%n/scripts;active=/var/mail/sieve/%d/%n/active-script.sieve

sieve_before = /var/mail/sieve/global/spam-global.sieve

sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment

sieve_pipe_bin_dir = /usr/bin

sieve_plugins = sieve_imapsieve sieve_extprograms

}

protocols = imap lmtp sieve

service auth-worker {

user = vmail

}

service auth {

unix_listener /var/spool/postfix/private/auth {

group = postfix

mode = 0666

user = postfix

}

unix_listener auth-userdb {

mode = 0600

user = vmail

}

user = dovecot

}

service imap-login {

inet_listener imap {

port = 143

}

inet_listener imaps {

port = 993

ssl = yes

}

}

service lmtp {

unix_listener /var/spool/postfix/private/dovecot-lmtp {

group = postfix

mode = 0600

user = postfix

}

}

service pop3-login {

inet_listener pop3 {

port = 0

}

inet_listener pop3s {

port = 995

ssl = yes

}

}

ssl = required

ssl_cert = http://mail.copper.opensource.lk/.fullchain.pem

ssl_key = # hidden, use -P to show it

userdb {

args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n

driver = static

}

protocol lmtp {

mail_plugins = " mail_crypt quota sieve"

postmaster_address = postmaster@copper.opensource.lk mailto:postmaster@copper.opensource.lk

}

protocol lda {

mail_plugins = " mail_crypt quota"

postmaster_address = postmaster@copper.opensource.lk mailto:postmaster@copper.opensource.lk

}

protocol imap {

imap_client_workarounds = tb-extra-mailbox-sep

mail_max_userip_connections = 20

mail_plugins = " mail_crypt quota imap_quota imap_sieve"

}

protocol pop3 {

mail_max_userip_connections = 20

mail_plugins = " mail_crypt quota"

pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

pop3_uidl_format = %08Xu%08Xv

}

On Mon, Mar 18, 2019 at 10:17 AM Anushka Bandara mailto:anushkab@opensource.lk> wrote:
Hi Team,

I have enabled LDAP authentication with webmail client and it
works successfully. But I found an error with LDAP user's mail.
Email is not loaded when I log with an LDAP user. Login phase is
successful and mail box is the issue. I created a mail user
without including LDAP and that user works fine. 

Issue comes only with LDAP users.

*Anushka Bandara*
Research Engineer
Lanka Software Foundation
+94715846018

Dmitry Donskih

12:15 p.m.

I suggest you try adding extra attributes to LDAP replies:

https://wiki.dovecot.org/AuthDatabase/LDAP/Userdb#Attribute_templates_.28v2....

Primarily, define "mail=" explicitly.

And then compare auth userdb outputs in logs for both LDAP and non-LDAP.

Hope this helps.

18.03.2019 12:25, Anushka Uditha Bandara wrote:

...

Hi,
Here is my "/etc/dovecot/dovecot-ldap.conf.ext". I couldn't find a fix.

hosts = ldap dn = cn=ro,dc=mail,dc=mail,dc=lk dnpass = roadmin auth_bind = yes auth_bind_userdn = uid=%n,ou=Users,dc=mai,dc=mail,dc=lk ldap_version = 3 base = ou=Users,dc=mail,dc=mail,dc=lk deref = never scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(cn=%n)) pass_attrs = mail=user,userPassword=password pass_filter = (&(objectclass=inetOrgPerson)(uid=%n))

tls_ca_cert_file = /etc/letsencrypt/live/mail.lsf.mail.lk/.fullchain.pem http://mail.lsf.mail.lk/.fullchain.pem tls_ca_cert_dir = /etc/letsencrypt/live/mail.lsf.mail.lk/ http://mail.lsf.mail.lk/ tls_cipher_suite = SECURE256:-VERS-SSL3.0 tls_cert_file =/etc/letsencrypt/live/mail.lsf.mail.lk/.fullchain.pem http://mail.lsf.mail.lk/.fullchain.pem tls_key_file =/etc/letsencrypt/live/mail.lsf.mail.lk/.privkey.pem http://mail.lsf.mail.lk/.privkey.pem tls_require_cert = try debug_level = -1

Dmitry Donskih

10:28 a.m.

A problem with your /etc/dovecot/dovecot-ldap.conf.ext ? Can you attach it?

Try: auth_verbose = yes auth_verbose_passwords = no auth_debug = yes auth_debug_passwords = no

and compare those strings in logs for LDAP and non-LDAP logins:

auth: Debug: master userdb out: USER 47054849 support@example.com home=... mail=maildir:....

18.03.2019 7:47, Anushka Bandara via dovecot пишет:

...

Hi Team,

I have enabled LDAP authentication with webmail client and it works successfully. But I found an error with LDAP user's mail. Email is not loaded when I log with an LDAP user. Login phase is successful and mail box is the issue. I created a mail user without including LDAP and that user works fine.

Issue comes only with LDAP users.

*Anushka Bandara* Research Engineer Lanka Software Foundation +94715846018

2074

Age (days ago)

2074

Last active (days ago)

List overview

4 comments

3 participants

participants (3)

Aki Tuomi
Anushka Bandara
Dmitry Donskih

LDAP users issue

Anushka Bandara

Anushka Bandara

Aki Tuomi

Dmitry Donskih

Dmitry Donskih

tags

participants (3)