[Dovecot] Custom Mail Directory for some users
Hi list,
I'm new on this mailing list and I'm kind of stucked at the moment.
I managed to get Postfix and Dovecot working together with Amavis, OpenLDAP und SASL on Ubuntu Linux Release "Dapper Drake". The Dovecot version shipped with Dapper is 1.0-beta3 (at least, that's what the package database tells me), I also tried this with a Debian Backport of version 1.0-rc15.
And here is my problem: A customer of mine needs usernames different from the mail address for his third party software to work. In other words, I need the ability to login with the username foo to get access to the mailbox bar@example.com. So I tried to override the mail_location property for this user with a separate mailDirectory attribute in my LDAP tree.
Speaking in dovecot.conf words:
mail_location = maildir:/var/spool/dovecot/mail/%d/%n
auth default { machanisms = plain passdb ldap { args = /etc/dovecot/dovecot-ldap.com }
userdb ldap { args = /etc/dovecot/dovecot-ldap.com }
userdb static { args = uid=vmail gid=vmail
user = dovecot }
and dovecot-ldap.conf:
hosts = localhost dn = cn=admin,dc=ekits,dc=de dnpass = secret auth_bind = yes
ldap_version = 3 base = ou=mailsystem,dc=ekits,dc=de scope = subtree
user_attrs = mailDirectory=mail user_filter = (&(objectClass=ekitsMailAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=ekitsMailAccount)(uid=%u))
user_global_uid = vmail user_global_gid = vmail
a typical ldap entry looks something like this:
dn: cn=Patrick Kranz,o=EK IT-Solutions,ou=mailsystem,dc=ekits,dc=de ekitsMailDestination: patrick@ekits.de objectClass: ekitsMailAccount objectClass: top cn: Patrick Kranz structuralObjectClass: ekitsMailAccount entryUUID: b4ebb9e8-6d8d-102b-9dc9-9edb870845a4 creatorsName: cn=admin,dc=ekits,dc=de createTimestamp: 20070323132526Z userPassword:: YVBhc3M= mailDirectory: maildir:/var/spool/dovecot/mail/ekits.de/blubb uid: patrick
As far as I can interpret the log of slapd, dovecot doesn't even ask for the attribute "mailDirectory". I also tried this with userdb prefetch. With this it did actually ask for the attribute but it still had no effect. With this configuration dovecot creates the directory /var/spool/spool/dovecot/mail/patrick if I login with the uid patrick but I wanted access to /var/spool/dovecot/mail/ekits.de/blubb
If anybody has any clue what I did wrong or if I have a conceptional misunderstanding, I would appreciate every help. Thanks in advance.
Greetings, Patrick
On Mon, 2007-03-26 at 20:44 +0200, Patrick Kranz wrote:
Hi list,
I'm new on this mailing list and I'm kind of stucked at the moment.
I managed to get Postfix and Dovecot working together with Amavis, OpenLDAP und SASL on Ubuntu Linux Release "Dapper Drake". The Dovecot version shipped with Dapper is 1.0-beta3 (at least, that's what the package database tells me), I also tried this with a Debian Backport of version 1.0-rc15.
I'd of course recommend the latest RC :)
userdb ldap { args = /etc/dovecot/dovecot-ldap.com }
userdb static { args = uid=vmail gid=vmail
If the users exist in the ldap, the static userdb is useless here. userdb static i
user_attrs = mailDirectory=mail
Looks OK for rc15. I don't remember if beta3 supported this format.
mailDirectory: maildir:/var/spool/dovecot/mail/ekits.de/blubb
Still ok.
As far as I can interpret the log of slapd, dovecot doesn't even ask for the attribute "mailDirectory".
Set auth_debug=yes and show the logs.
I also tried this with userdb prefetch. With this it did actually ask for the attribute but it still had no effect. With this configuration dovecot creates the directory /var/spool/spool/dovecot/mail/patrick if I login with the uid patrick but I wanted access to /var/spool/dovecot/mail/ekits.de/blubb
If anybody has any clue what I did wrong or if I have a conceptional misunderstanding, I would appreciate every help.
All the settings you showed above looked correct, so there's something else that's wrong. Could you show "dovecot -n" output instead of the copy&pasted dovecot.conf? That shows what Dovecot is really seeing in the configuration. For example if the static userdb is actually before ldap userdb, the ldap is never used at all.
Also a better way to implement aliases is to change the username instead of the mail directory. You can do this with something like:
pass_filter = (&(objectClass=ekitsMailAccount)(|(uid=%u)(userAlias=%u)))
Because pass_attrs contains uid=user, the username is always changed to uid's contents no matter how the filter lookup matched.
Hi Timo and thanks for the quick answer!
Timo Sirainen schrieb:
On Mon, 2007-03-26 at 20:44 +0200, Patrick Kranz wrote:
Hi list,
I'm new on this mailing list and I'm kind of stucked at the moment.
I managed to get Postfix and Dovecot working together with Amavis, OpenLDAP und SASL on Ubuntu Linux Release "Dapper Drake". The Dovecot version shipped with Dapper is 1.0-beta3 (at least, that's what the package database tells me), I also tried this with a Debian Backport of version 1.0-rc15.
I'd of course recommend the latest RC :)
I also would prefer this but I also like the comfort of a package management system, so I don't have to compile from scratch for every new version, especially not on a live system that isn't mine ;)
userdb ldap { args = /etc/dovecot/dovecot-ldap.com }
userdb static { args = uid=vmail gid=vmail
If the users exist in the ldap, the static userdb is useless here. userdb static i
Now that you mention it :) Especially because I gain the wanted effect with user_global_uid/gid in the dovevot-ldap.conf.... But this seemed to be the source of all problems because it was exactly as you said. Removing the static userdb made dovecot look up my attributes in LDAP and everything worked :) I also think I'm gonna stick with your suggestion regarding the pass_filter. It seems less error-prone and that's exactly what I need for this customer :) Thanks very much for your quick help!
Have a nice evening, Patrick
Hi,
is there a way to have different LDAP searches for different Attributes? Probably one for user and password and one for the email directory?
At the moment i have on LDAP object for a user and a few objects under it for different informations for this user. One of this objects holds the email directory.
Mfg. Stefan Klatt
-- CaC, Computer and Communication Inhaber Stefan Klatt Triftstrasse 9 60528 Frankfurt Germany
Tel.: +49-(0)172-6807809 Tel.: +49-(0)69-67808-900 Email: stefan.klatt@cac-netzwerk.de
participants (3)
-
Patrick Kranz
-
Stefan Klatt
-
Timo Sirainen