[Dovecot] connection Dovecot to samba4
Hello,
I am trying to setup samba4/openchange and dovecot. Does anyone has experiences concering dovecot connecting to samba4 ??
I tried the following:
/etc/dovecot.conf:
protocols = imap sieve mail_location = maildir:/data/mail/%d/%n/Maildir mail_access_groups = vmail mail_privileged_group = vmail first_valid_uid = 110 last_valid_uid = 110 first_valid_gid = 115 last_valid_gid = 115 log_path = /var/log/dovecot log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Welcome to domain.local.
service imap { inet_listener { port=143 } }
protocol lda { log_path = /var/log/mail/dovecot-deliver.log auth_socket_path = /var/run/dovecot/auth-master postmaster_address = postmaster@domain.local mail_plugins = sieve }
service managesieve { inet_listener { port=12000 } }
auth_verbose = yes auth_debug = yes
service auth { unix_listener /var/spool/postfix/private/auth { group = vmail mode = 0660 user = postfix } }
#service auth-userdb { # user = vmail # } #user = root #}
passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf driver = ldap }
userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf driver = ldap }
plugin { sieve = /data/mail/%d/%n/sieverc sieve_storage=/data/mail/%d/%n/sieve sieve_max_redirects = 20 }
debug_log_path = /var/log/dovecot-debug.log
dict { }
/etc/dovecot/dovecot-ldap-passdb.conf
hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
/etc/dovecot/dovecot-ldap-userdb.conf:
hosts = localhost dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password ldap_version = 3 base = cn=Users,DC=domain,DC=local
#user_attrs = user_attrs=uid=5000,=gid=5000,=home=/data/mail/%d/%n,mail=/data/mail/%d/%u/Maildir user_filter = (&(objectClass=person)(cn=%u)(mail=*)) iterate_attrs = cn=user iterate_filter = (objectClass=person)
When I try to login with useraccountadministrator I get the following error messages:
2013-12-16 11:28:29 auth: Info: ldap(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): unknown user 2013-12-16 11:28:29 auth: Error: userdb(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): user not found from userdb ldap 2013-12-16 11:28:29 imap: Error: Authenticated user not found from userdb, auth lookup id=783810561 (client-pid=3809 client-id=1) 2013-12-16 11:28:29 imap-login: Info: Internal login failure (pid=3809 id=1) (internal failure, 1 succesful auths): user=<ldap>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3810, secured, session=<N3HjRaTtdAB/AAAB>
Can someone tell me what I am doing wrong, or is there way to test to dovecot ldap connection string ??
Cheers,
- Pascal
-- Pascal den Bekker
Linux System Administrator
Affinitas GmbH | Kohlfurter Straße 41/43 | 10999 Berlin | Germany email: pascal_den.bekker@affinitas.de | tel: +49 30 868 000 140 www.edarling.de | www.shopaman.de
Geschäftsführer: Lukas Brosseder, David Khalil, Michael Schrezenmaier
Eingetragen beim Amtsgericht Berlin-Charlottenburg, HRB 115958
On 2013-12-16 5:51 AM, Pascal den Bekker <pascal_den.bekker@affinitas.de> wrote:
I am trying to setup samba4/openchange and dovecot. Does anyone has experiences concering dovecot connecting to samba4 ??
Have you heard of SOGo?
It is a full blown integrated solution exactly like what you are trying to do yourself...
It would probably be a lot easier using their packages, and you can ask questions on their support forums/lists...
Hey Marcus,
well.. I am trying to that :-).. But somehow dovecot doesnt connect to samba4 :-)
Cheers,
- Pascal
On 12/16/2013 02:29 PM, Charles Marcus wrote:
On 2013-12-16 5:51 AM, Pascal den Bekker <pascal_den.bekker@affinitas.de> wrote:
I am trying to setup samba4/openchange and dovecot. Does anyone has experiences concering dovecot connecting to samba4 ??
Have you heard of SOGo?
It is a full blown integrated solution exactly like what you are trying to do yourself...
It would probably be a lot easier using their packages, and you can ask questions on their support forums/lists...
-- Pascal den Bekker
Linux System Administrator
Affinitas GmbH | Kohlfurter Straße 41/43 | 10999 Berlin | Germany email: pascal_den.bekker@affinitas.de | tel: +49 30 868 000 140 www.edarling.de | www.shopaman.de
Geschäftsführer: Lukas Brosseder, David Khalil, Michael Schrezenmaier
Eingetragen beim Amtsgericht Berlin-Charlottenburg, HRB 115958
Hi,
Added a few corrections to your config below. Hope it works.
achim~
Am 16.12.2013 11:51, schrieb Pascal den Bekker:
Hello,
I am trying to setup samba4/openchange and dovecot. Does anyone has experiences concering dovecot connecting to samba4 ??
I tried the following:
/etc/dovecot.conf:
protocols = imap sieve mail_location = maildir:/data/mail/%d/%n/Maildir mail_access_groups = vmail mail_privileged_group = vmail first_valid_uid = 110 last_valid_uid = 110 last_valid_uid = 5000 first_valid_gid = 115 last_valid_gid = 115 last_valid_gid = 5000
Your vmail user/group seems to have the uid/gid 5000 so it must be in the valid range.
log_path = /var/log/dovecot log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Welcome to domain.local.
service imap { inet_listener { port=143 } }
protocol lda { log_path = /var/log/mail/dovecot-deliver.log auth_socket_path = /var/run/dovecot/auth-master postmaster_address = postmaster@domain.local mail_plugins = sieve }
service managesieve { inet_listener { port=12000 } }
auth_verbose = yes auth_debug = yes
service auth { unix_listener /var/spool/postfix/private/auth { group = vmail mode = 0660 user = postfix } }
#service auth-userdb { # user = vmail # } #user = root #}
passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf driver = ldap }
userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf driver = ldap }
plugin { sieve = /data/mail/%d/%n/sieverc sieve_storage=/data/mail/%d/%n/sieve sieve_max_redirects = 20 }
debug_log_path = /var/log/dovecot-debug.log
dict { }
/etc/dovecot/dovecot-ldap-passdb.conf
hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
hosts = localhost auth_bind = yes dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password #auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) user_attrs=uid=5000
This way dovecot connects as user ldap does the user lookup according to pass_filter and uses the resulting dn for authetification. If you create users via the Windows Remote Management tools the dn for an user normaly uses the Full Name as cn and not the user id which is stored as sAMAccountName.
/etc/dovecot/dovecot-ldap-userdb.conf:
hosts = localhost dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password ldap_version = 3 base = cn=Users,DC=domain,DC=local
#user_attrs = user_attrs=uid=5000,=gid=5000,=home=/data/mail/%d/%n,mail=/data/mail/%d/%u/Maildir
user_filter = (&(objectClass=person)(cn=%u)(mail=*)) iterate_attrs = cn=user iterate_filter = (objectClass=person) user_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) iterate_attrs = sAMAccountName=user
When I try to login with useraccountadministrator I get the following error messages:
2013-12-16 11:28:29 auth: Info: ldap(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): unknown user 2013-12-16 11:28:29 auth: Error: userdb(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): user not found from userdb ldap 2013-12-16 11:28:29 imap: Error: Authenticated user not found from userdb, auth lookup id=783810561 (client-pid=3809 client-id=1) 2013-12-16 11:28:29 imap-login: Info: Internal login failure (pid=3809 id=1) (internal failure, 1 succesful auths): user=<ldap>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3810, secured, session=<N3HjRaTtdAB/AAAB>
Can someone tell me what I am doing wrong, or is there way to test to dovecot ldap connection string ??
Cheers,
- Pascal
Hey Achim,
thank you for your help :-) Unfortunately it did not work :-(
I changed the lines in the dovecot config you sent me.. When I try to login into the sogo gui, im getting the following error message:
2013-12-16 16:10:07 auth: Info: ldap(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): unknown user 2013-12-16 16:10:07 auth: Error: userdb(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): user not found from userdb ldap 2013-12-16 16:10:07 imap: Error: Authenticated user not found from userdb, auth lookup id=4126670849 (client-pid=5503 client-id=1) 2013-12-16 16:10:07 imap-login: Info: Internal login failure (pid=5503 id=1) (internal failure, 1 succesful auths): user=<administrator>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5504, secured, session=<DBQZNajtqQB/AAAB>
When I look in samba4:
samba-tool user list Administrator krbtgt Guest ldap
The user seems to be there..:-(
Cheers,
- Pascal
On 12/16/2013 03:37 PM, Achim Gottinger wrote:
Hi,
Added a few corrections to your config below. Hope it works.
achim~
Am 16.12.2013 11:51, schrieb Pascal den Bekker:
Hello,
I am trying to setup samba4/openchange and dovecot. Does anyone has experiences concering dovecot connecting to samba4 ??
I tried the following:
/etc/dovecot.conf:
protocols = imap sieve mail_location = maildir:/data/mail/%d/%n/Maildir mail_access_groups = vmail mail_privileged_group = vmail first_valid_uid = 110 last_valid_uid = 110 last_valid_uid = 5000 first_valid_gid = 115 last_valid_gid = 115 last_valid_gid = 5000
Your vmail user/group seems to have the uid/gid 5000 so it must be in the valid range.
log_path = /var/log/dovecot log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Welcome to domain.local.
service imap { inet_listener { port=143 } }
protocol lda { log_path = /var/log/mail/dovecot-deliver.log auth_socket_path = /var/run/dovecot/auth-master postmaster_address = postmaster@domain.local mail_plugins = sieve }
service managesieve { inet_listener { port=12000 } }
auth_verbose = yes auth_debug = yes
service auth { unix_listener /var/spool/postfix/private/auth { group = vmail mode = 0660 user = postfix } }
#service auth-userdb { # user = vmail # } #user = root #}
passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf driver = ldap }
userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf driver = ldap }
plugin { sieve = /data/mail/%d/%n/sieverc sieve_storage=/data/mail/%d/%n/sieve sieve_max_redirects = 20 }
debug_log_path = /var/log/dovecot-debug.log
dict { }
/etc/dovecot/dovecot-ldap-passdb.conf
hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
hosts = localhost auth_bind = yes dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password #auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) user_attrs=uid=5000
This way dovecot connects as user ldap does the user lookup according to pass_filter and uses the resulting dn for authetification. If you create users via the Windows Remote Management tools the dn for an user normaly uses the Full Name as cn and not the user id which is stored as sAMAccountName.
/etc/dovecot/dovecot-ldap-userdb.conf:
hosts = localhost dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password ldap_version = 3 base = cn=Users,DC=domain,DC=local
#user_attrs = user_attrs=uid=5000,=gid=5000,=home=/data/mail/%d/%n,mail=/data/mail/%d/%u/Maildir
user_filter = (&(objectClass=person)(cn=%u)(mail=*)) iterate_attrs = cn=user iterate_filter = (objectClass=person) user_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) iterate_attrs = sAMAccountName=user
When I try to login with useraccountadministrator I get the following error messages:
2013-12-16 11:28:29 auth: Info: ldap(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): unknown user 2013-12-16 11:28:29 auth: Error: userdb(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): user not found from userdb ldap 2013-12-16 11:28:29 imap: Error: Authenticated user not found from userdb, auth lookup id=783810561 (client-pid=3809 client-id=1) 2013-12-16 11:28:29 imap-login: Info: Internal login failure (pid=3809 id=1) (internal failure, 1 succesful auths): user=<ldap>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3810, secured, session=<N3HjRaTtdAB/AAAB>
Can someone tell me what I am doing wrong, or is there way to test to dovecot ldap connection string ??
Cheers,
- Pascal
-- Pascal den Bekker
Linux System Administrator
Affinitas GmbH | Kohlfurter Straße 41/43 | 10999 Berlin | Germany email: pascal_den.bekker@affinitas.de | tel: +49 30 868 000 140 www.edarling.de | www.shopaman.de
Geschäftsführer: Lukas Brosseder, David Khalil, Michael Schrezenmaier
Eingetragen beim Amtsgericht Berlin-Charlottenburg, HRB 115958
16.12.2013 16:14, Pascal den Bekker:
I changed the lines in the dovecot config you sent me.. When I try to login into the sogo gui, im getting the following error message:
2013-12-16 16:10:07 auth: Info: ldap(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): unknown user 2013-12-16 16:10:07 auth: Error: userdb(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): user not found from userdb ldap 2013-12-16 16:10:07 imap: Error: Authenticated user not found from userdb, auth lookup id=4126670849 (client-pid=5503 client-id=1) 2013-12-16 16:10:07 imap-login: Info: Internal login failure (pid=5503 id=1) (internal failure, 1 succesful auths): user=<administrator>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5504, secured, session=<DBQZNajtqQB/AAAB>
When I look in samba4:
samba-tool user list Administrator krbtgt Guest ldap
The user seems to be there..:-(
Administrator is not the same as administrator - at least in the Unix part of the world...
Regards, Christian
-- No signature available.
Am 16.12.2013 16:14, schrieb Pascal den Bekker:
Hey Achim,
thank you for your help :-) Unfortunately it did not work :-(
I changed the lines in the dovecot config you sent me.. When I try to login into the sogo gui, im getting the following error message:
2013-12-16 16:10:07 auth: Info: ldap(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): unknown user 2013-12-16 16:10:07 auth: Error: userdb(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): user not found from userdb ldap 2013-12-16 16:10:07 imap: Error: Authenticated user not found from userdb, auth lookup id=4126670849 (client-pid=5503 client-id=1) 2013-12-16 16:10:07 imap-login: Info: Internal login failure (pid=5503 id=1) (internal failure, 1 succesful auths): user=<administrator>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5504, secured, session=<DBQZNajtqQB/AAAB>
When I look in samba4:
samba-tool user list Administrator krbtgt Guest ldap
The user seems to be there..:-(
Cheers,
- Pascal
On 12/16/2013 03:37 PM, Achim Gottinger wrote:
Hi,
Added a few corrections to your config below. Hope it works.
achim~
Am 16.12.2013 11:51, schrieb Pascal den Bekker:
Hello,
I am trying to setup samba4/openchange and dovecot. Does anyone has experiences concering dovecot connecting to samba4 ??
I tried the following:
/etc/dovecot.conf:
protocols = imap sieve mail_location = maildir:/data/mail/%d/%n/Maildir mail_access_groups = vmail mail_privileged_group = vmail first_valid_uid = 110 last_valid_uid = 110 last_valid_uid = 5000 first_valid_gid = 115 last_valid_gid = 115 last_valid_gid = 5000
Your vmail user/group seems to have the uid/gid 5000 so it must be in the valid range.
log_path = /var/log/dovecot log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Welcome to domain.local.
service imap { inet_listener { port=143 } }
protocol lda { log_path = /var/log/mail/dovecot-deliver.log auth_socket_path = /var/run/dovecot/auth-master postmaster_address = postmaster@domain.local mail_plugins = sieve }
service managesieve { inet_listener { port=12000 } }
auth_verbose = yes auth_debug = yes
service auth { unix_listener /var/spool/postfix/private/auth { group = vmail mode = 0660 user = postfix } }
#service auth-userdb { # user = vmail # } #user = root #}
passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf driver = ldap }
userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf driver = ldap }
plugin { sieve = /data/mail/%d/%n/sieverc sieve_storage=/data/mail/%d/%n/sieve sieve_max_redirects = 20 }
debug_log_path = /var/log/dovecot-debug.log
dict { }
/etc/dovecot/dovecot-ldap-passdb.conf
hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
hosts = localhost auth_bind = yes dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password #auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local ldap_version = 3 base = cn=Users,dc=domain,dc=local pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) user_attrs=uid=5000
This way dovecot connects as user ldap does the user lookup according to pass_filter and uses the resulting dn for authetification. If you create users via the Windows Remote Management tools the dn for an user normaly uses the Full Name as cn and not the user id which is stored as sAMAccountName.
/etc/dovecot/dovecot-ldap-userdb.conf:
hosts = localhost dn = cn=ldap,cn=Users,DC=domain,DC=local dnpass = password ldap_version = 3 base = cn=Users,DC=domain,DC=local
#user_attrs = user_attrs=uid=5000,=gid=5000,=home=/data/mail/%d/%n,mail=/data/mail/%d/%u/Maildir
user_filter = (&(objectClass=person)(cn=%u)(mail=*)) iterate_attrs = cn=user iterate_filter = (objectClass=person) user_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*)) iterate_attrs = sAMAccountName=user
When I try to login with useraccountadministrator I get the following error messages:
2013-12-16 11:28:29 auth: Info: ldap(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): unknown user 2013-12-16 11:28:29 auth: Error: userdb(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): user not found from userdb ldap 2013-12-16 11:28:29 imap: Error: Authenticated user not found from userdb, auth lookup id=783810561 (client-pid=3809 client-id=1) 2013-12-16 11:28:29 imap-login: Info: Internal login failure (pid=3809 id=1) (internal failure, 1 succesful auths): user=<ldap>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3810, secured, session=<N3HjRaTtdAB/AAAB>
Can someone tell me what I am doing wrong, or is there way to test to dovecot ldap connection string ??
Cheers,
- Pascal
I'd test it with an different user than Administrator, and make sure the user has an E-Mail adress assigned.
participants (4)
-
Achim Gottinger
-
Charles Marcus
-
Christian Schmidt
-
Pascal den Bekker