[Dovecot] Dovecot + Windows AD + Postfix + quota
Hello, I'm almost sure that all topics and problems mentioned below were separately posted to this list already. But after spending 4 days on searching, I did'n find a compilation similar to my case. So maybe some of you guys, are able to answer to help me solve this: 1. I'd like to use userdb and passdb of Dovetcot to work with Windows AD. 2. I have to use them both because I'd like to use LDA to serve for my Postfix. 3. I DO NOT want tou use any external programs (ie PAM) to talk to AD server. 4. I was able to make my system partially running - I CAN bind to AD database, and confirm user/password. 5. I want to get follownig attributes: home directory (OK, I could put it statically), uid/gid (OK, it could be static too) and MAIL QUOTA (my users have different values - no 'statics'). To help you on this subject, here are my configs/data: OS => Gentoo Linux uname -a => 2.6.15-gentoo-r7 #1 SMP PREEMPT Tue Mar 21 18:08:57 CET 2006 i686 Intel(R) Xeon(TM) CPU 2.40GHz GenuineIntel GNU/Linux dovecot --version => 1.1.beta14 dovecot -n => protocols: imaps ssl_listen: *:993 ssl_cert_file: /etc/ssl/dovecot/newcert.pem ssl_key_file: /etc/ssl/dovecot/newkey.pem ssl_parameters_regenerate: 0 ssl_cipher_list: ALL:!LOW:!SSLv2 disable_plaintext_auth: no verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login verbose_proctitle: yes mail_uid: 5000 mail_gid: 5000 mail_location: maildir:~/.Maildir/ mail_debug: yes mail_executable: /usr/libexec/dovecot/var mail_plugins: quota imap_quota auth default: mechanisms: login plain username_format: %Lu verbose: yes debug: yes debug_passwords: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 438 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: quota: maildir:storage=10240000000:ignore=Trash sieve: /var/vmail/lpr/%u/.Maildir/.dovecot.sieve grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf hosts = 10.10.10.8:3268 uris = ldap://10.10.10.8:3268 dn = lpr\Administrator dnpass = *** auth_bind = yes auth_bind_userdn = lpr\%u base = dc=lpr,dc=com,dc=pl ldap_version = 3 user_attrs = uidNumber=uid,gidNumber=gid,postOfficeBox=home,carLicense=quota user_filter = (&(cn=%u)) pass_attrs = cn=user,userPasword=password pass_filter = (&(cn=%u)) Windows AD => Windows 2003 R2 PL ----------------------- Logs: Jan 28 00:37:40 gentoo dovecot: auth(default): client in: AUTH 1 PLAIN service=imap secured lip=10.10.10.2 rip=10.10.10.29 Jan 28 00:37:40 gentoo dovecot: auth(default): client out: CONT 1 Jan 28 00:37:40 gentoo dovecot: auth(default): client in: CONT 1 AG1wYWN6ZXNueQBOZGYxNjEzODI= Jan 28 00:37:40 gentoo dovecot: auth(default): client out: OK 1 user=xxx Jan 28 00:37:40 gentoo dovecot: auth(default): master in: REQUEST 1 16026 1 Jan 28 00:37:40 gentoo dovecot: auth(default): ldap(xxx,10.10.10.29): user search: base=dc=lpr,dc=com,dc=pl scope=subtree filter=(&(cn=xxx)) fields=uidNumber,gidNumber,postOfficeBox,carLicense Jan 28 00:37:40 gentoo dovecot: auth(default): master out: USER 1 xxx Jan 28 00:37:40 gentoo dovecot: imap-login: Login: user=<xxx>, method=PLAIN, rip=10.10.10.29, lip=10.10.10.2, TLS Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Loading modules from directory: /usr/lib/dovecot/imap Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Module loaded: /usr/lib/dovecot/imap/lib10_quota_plugin.so Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Module loaded: /usr/lib/dovecot/imap/lib11_imap_quota_plugin.so Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Effective uid=5000, gid=5000, home= Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Quota root: name=storage=10240000000 backend=maildir args=ignore=Trash Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): Namespace: type=private, prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): maildir: data=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir/ Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): maildir++: root=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir, index=, control=, inbox=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): mkdir(/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir/cur) failed: Permission denied the second case is that i receive following errors in log file: Jan 28 00:47:31 gentoo dovecot: auth(default): client in: AUTH 1 PLAIN service=imap secured lip=10.10.10.2 rip=10.10.10.29 Jan 28 00:47:31 gentoo dovecot: auth(default): client out: CONT 1 Jan 28 00:47:31 gentoo dovecot: auth(default): client in: CONT 1 AG1wYCN6ZXNuew9OZGYxxAEzODIe= Jan 28 00:47:31 gentoo dovecot: auth(default): client out: OK 1 user=xxx Jan 28 00:47:31 gentoo dovecot: auth(default): master in: REQUEST 1 16170 1 Jan 28 00:47:31 gentoo dovecot: auth(default): prefetch(xxx,10.10.10.29): passdb didn't return userdb entries Jan 28 00:47:31 gentoo dovecot: auth(default): userdb(xxx,10.10.10.29): user not found from userdb Jan 28 00:47:31 gentoo dovecot: auth(default): master out: NOTFOUND 1 when i use prefetch driver and with change like this one below to ldap.conf file: pass_attrs = uid=user, userPassword=password, postOfficeBox=userdb_home, uidNumber=userdb_uid, gidNumber=userdb_gid, carLicense=userdb_quota (and, yes, i know about the home directory path. it is easy to make it real and working (change mail_location) - it is not a problem.) the case and question is: how can i get a QUOTA (in my case - carLicense) attribute from AD/LDAP? is it shown somewhere? how can it be verified? the value "storage=10240000000 " is a static one written in config and the same for all users. is there any kind of manual on how to make AD and Dovecot running and returning uid, gid, home, quota etc attributes without PAM? Regards, -- Maciej Paczesny maciunio2@gmail.com ***Gdyby nie wymyślono elektryczności, siedziałbym przed kompem przy świeczkach***
On Mon, 2008-01-28 at 00:52 +0100, Maciej Paczesny wrote:
user_attrs = uidNumber=uid,gidNumber=gid,postOfficeBox=home,carLicense=quota
It appears none of these fields exists in LDAP:
Jan 28 00:37:40 gentoo dovecot: auth(default): ldap(xxx,10.10.10.29): user search: base=dc=lpr,dc=com,dc=pl scope=subtree filter=(&(cn=xxx)) fields=uidNumber,gidNumber,postOfficeBox,carLicense Jan 28 00:37:40 gentoo dovecot: auth(default): master out: USER 1 xxx
If any fields were returned, they would have been in this "master out" line. I guess I should make LDAP log clearly what it received from LDAP server though..
On Thu, 2008-01-31 at 17:02 +0200, Timo Sirainen wrote:
I guess I should make LDAP log clearly what it received from LDAP server though..
Actually it does that already. Only if the server returns no fields it doesn't log anything. Fixes that now: http://hg.dovecot.org/dovecot/rev/ace71babd1ec
participants (2)
-
Maciej Paczesny
-
Timo Sirainen