authenticate LDAP to email server

newer
replication - remove/delete in...

older
cram-md5 cache problem

robert k Wild

25 Jun 2015 25 Jun '15

1:36 p.m.

hi all,

first things first my version and config -

# 2.0.9: /etc/dovecot/dovecot.conf

# OS: Linux 2.6.32-504.el6.x86_64 x86_64 CentOS release 6.6 (Final)

auth_mechanisms = plain login

mail_location = maildir:~/Maildir

mbox_write_locks = fcntl

passdb {

driver = pam

}

protocols = imap pop3

service auth {

unix_listener /var/spool/postfix/private/auth {

group = postfix

mode = 0666

user = postfix

}

ssl_cert =

ssl_key =

userdb {

driver = passwd

}

i have installed dovecot+postfix email server and a

LDAP server, if i create users on the LDAP server can dovecot pick up

the usernames and create a mailbox for the individual users

as atm

if i want to create an email address for users i add the user to the

email server and make a directory for the users mailbox and have to

chmod and chown

also just another question, can i set up mail groups on dovecot?

cheers

rob

-- Regards,

Robert K Wild.

Show replies by date

Daniel Tröder

25 Jun 25 Jun

11:19 p.m.

Am 25.06.2015 um 22:36 schrieb robert k Wild:

...

hi all,

first things first my version and config -

# 2.0.9: /etc/dovecot/dovecot.conf

# OS: Linux 2.6.32-504.el6.x86_64 x86_64 CentOS release 6.6 (Final)

auth_mechanisms = plain login

mail_location = maildir:~/Maildir

mbox_write_locks = fcntl

passdb {

driver = pam

}

protocols = imap pop3

service auth {

unix_listener /var/spool/postfix/private/auth {
group = postfix

mode = 0666

user = postfix
}

}

ssl_cert =
ssl_key =
userdb {

driver = passwd

}

i have installed dovecot+postfix email server and a

LDAP server, if i create users on the LDAP server can dovecot pick up

the usernames and create a mailbox for the individual users

as atm

if i want to create an email address for users i add the user to the

email server and make a directory for the users mailbox and have to

chmod and chown

also just another question, can i set up mail groups on dovecot?

cheers

rob

Hi Rob,

all you need to do is figure out what the attribute in your LDAP tree is, that holds the email address. Then configure uris, dn, dnpass, [tls*], base, scope, user_attrs, user_filter, iterate_attrs and iterate_filter in /etc/dovecot/dovecot-ldap.conf.ext and uncomment the include line in /etc/dovecot/conf.d/10-auth.conf

http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb

Good luck Daniel

Robert Wild

26 Jun 26 Jun

12:27 a.m.

That's great thanks,

One thing tho I did a "ls /etc/dovecot" and I don't see a dovecot-ldap.conf

Do I need to create that file or install it via yum?

Thanks again for your help, very much appreciated

Rob

Sent from my Windows Phone

-----Original Message----- From: "Daniel Tröder" troeder@univention.de Sent: ‎26/‎06/‎2015 07:20 To: "dovecot@dovecot.org" dovecot@dovecot.org Subject: Re: authenticate LDAP to email server

Am 25.06.2015 um 22:36 schrieb robert k Wild:

...

hi all,

first things first my version and config -

# 2.0.9: /etc/dovecot/dovecot.conf

# OS: Linux 2.6.32-504.el6.x86_64 x86_64 CentOS release 6.6 (Final)

auth_mechanisms = plain login

mail_location = maildir:~/Maildir

mbox_write_locks = fcntl

passdb {

driver = pam

}

protocols = imap pop3

service auth {

unix_listener /var/spool/postfix/private/auth {
group = postfix

mode = 0666

user = postfix
}

}

ssl_cert =
ssl_key =
userdb {

driver = passwd

}

i have installed dovecot+postfix email server and a

LDAP server, if i create users on the LDAP server can dovecot pick up

the usernames and create a mailbox for the individual users

as atm

if i want to create an email address for users i add the user to the

email server and make a directory for the users mailbox and have to

chmod and chown

also just another question, can i set up mail groups on dovecot?

cheers

rob

Hi Rob,

http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb

Good luck Daniel

Daniel Tröder

12:35 a.m.

Am 26.06.2015 um 09:27 schrieb Robert Wild:

...

That's great thanks,

One thing tho I did a "ls /etc/dovecot" and I don't see a dovecot-ldap.conf

Do I need to create that file or install it via yum?

Thanks again for your help, very much appreciated

Rob

Sent from my Windows Phone Hi Rob,

please don't top-post. On mailinglists it is custom, to write replies below the previous post.

I don't use Fedora/CentOS/RH, so I don't really know, but in Debian* there is the LDAP part in a separate package. Maybe it is so in your case too.....

I just looked at https://apps.fedoraproject.org/packages/dovecot/contents and it seems its all in 1 package, and you'll just have to copy it from /usr/share/doc/dovecot/example-config/ to /etc/dovecot.

Greetings Daniel

...

-----Original Message----- From: "Daniel Tröder" troeder@univention.de Sent: ‎26/‎06/‎2015 07:20 To: "dovecot@dovecot.org" dovecot@dovecot.org Subject: Re: authenticate LDAP to email server

Am 25.06.2015 um 22:36 schrieb robert k Wild:

...
hi all,

first things first my version and config -

# 2.0.9: /etc/dovecot/dovecot.conf

# OS: Linux 2.6.32-504.el6.x86_64 x86_64 CentOS release 6.6 (Final)

auth_mechanisms = plain login

mail_location = maildir:~/Maildir

mbox_write_locks = fcntl

passdb {

driver = pam

}

protocols = imap pop3

service auth {

unix_listener /var/spool/postfix/private/auth {
group = postfix

mode = 0666

user = postfix
}

}

ssl_cert =
ssl_key =
userdb {

driver = passwd

}

i have installed dovecot+postfix email server and a

LDAP server, if i create users on the LDAP server can dovecot pick up

the usernames and create a mailbox for the individual users

as atm

if i want to create an email address for users i add the user to the

email server and make a directory for the users mailbox and have to

chmod and chown

also just another question, can i set up mail groups on dovecot?

cheers

rob
Hi Rob,

all you need to do is figure out what the attribute in your LDAP tree is, that holds the email address. Then configure uris, dn, dnpass, [tls*], base, scope, user_attrs, user_filter, iterate_attrs and iterate_filter in /etc/dovecot/dovecot-ldap.conf.ext and uncomment the include line in /etc/dovecot/conf.d/10-auth.conf

http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb

Good luck Daniel

-- Daniel Tröder Open Source Software Engineer

Univention GmbH be open Mary-Somerville-Str.1 28359 Bremen Tel.: +49 421 22232-91 Fax : +49 421 22232-99

troeder@univention.de http://www.univention.de

Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876

Robert Wild

10:39 a.m.

Sorry for top posting, don't mean to, looks like my outlook mobile client does it by default

Ok great thanks Daniel for this, also do you know if I have to change/edit the config files for postfix/openldap as well or just for dovecot

Thank you

Rob

Sent from my Windows Phone

-----Original Message----- From: "Daniel Tröder" troeder@univention.de Sent: ‎26/‎06/‎2015 08:35 To: "dovecot@dovecot.org" dovecot@dovecot.org Subject: Re: authenticate LDAP to email server

Am 26.06.2015 um 09:27 schrieb Robert Wild:

...

That's great thanks,

One thing tho I did a "ls /etc/dovecot" and I don't see a dovecot-ldap.conf

Do I need to create that file or install it via yum?

Thanks again for your help, very much appreciated

Rob

Sent from my Windows Phone Hi Rob,

please don't top-post. On mailinglists it is custom, to write replies below the previous post.

I don't use Fedora/CentOS/RH, so I don't really know, but in Debian* there is the LDAP part in a separate package. Maybe it is so in your case too.....

Greetings Daniel

...

-----Original Message----- From: "Daniel Tröder" troeder@univention.de Sent: ‎26/‎06/‎2015 07:20 To: "dovecot@dovecot.org" dovecot@dovecot.org Subject: Re: authenticate LDAP to email server

Am 25.06.2015 um 22:36 schrieb robert k Wild:

...
hi all,

first things first my version and config -

# 2.0.9: /etc/dovecot/dovecot.conf

# OS: Linux 2.6.32-504.el6.x86_64 x86_64 CentOS release 6.6 (Final)

auth_mechanisms = plain login

mail_location = maildir:~/Maildir

mbox_write_locks = fcntl

passdb {

driver = pam

}

protocols = imap pop3

service auth {

unix_listener /var/spool/postfix/private/auth {
group = postfix

mode = 0666

user = postfix
}

}

ssl_cert =
ssl_key =
userdb {

driver = passwd

}

i have installed dovecot+postfix email server and a

LDAP server, if i create users on the LDAP server can dovecot pick up

the usernames and create a mailbox for the individual users

as atm

if i want to create an email address for users i add the user to the

email server and make a directory for the users mailbox and have to

chmod and chown

also just another question, can i set up mail groups on dovecot?

cheers

rob
Hi Rob,

all you need to do is figure out what the attribute in your LDAP tree is, that holds the email address. Then configure uris, dn, dnpass, [tls*], base, scope, user_attrs, user_filter, iterate_attrs and iterate_filter in /etc/dovecot/dovecot-ldap.conf.ext and uncomment the include line in /etc/dovecot/conf.d/10-auth.conf

http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb

Good luck Daniel

-- Daniel Tröder Open Source Software Engineer

Univention GmbH be open Mary-Somerville-Str.1 28359 Bremen Tel.: +49 421 22232-91 Fax : +49 421 22232-99

troeder@univention.de http://www.univention.de

Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876

robert k Wild

3:36 p.m.

i have made a file "/etc/dovecot/dovecot-ldap.conf.ext"

hosts = 10.10.1.3 base = dc=robina,dc=private ldap_version = 3 auth_bind = yes auth_bind_userdn = cn=%u,cn=home,ou=robina_users,dc=robina,dc=private pass_attrs = uid=user pass_filter = (&(objectClass=posixAccount)(uid=%u))

i have also uncommented out the "include" line in the file10-auth.conf

tried testing it by doing a telnet on my local host but it cant find my user, any suggestions

many thanks

rob

On 26 June 2015 at 18:39, Robert Wild robertkwild@gmail.com wrote:

...

Sorry for top posting, don't mean to, looks like my outlook mobile client does it by default

Ok great thanks Daniel for this, also do you know if I have to change/edit the config files for postfix/openldap as well or just for dovecot

Thank you

Rob

Sent from my Windows Phone

From: Daniel Tröder troeder@univention.de Sent: ‎26/‎06/‎2015 08:35 To: dovecot@dovecot.org

Subject: Re: authenticate LDAP to email server

Am 26.06.2015 um 09:27 schrieb Robert Wild:

...
That's great thanks,

One thing tho I did a "ls /etc/dovecot" and I don't see a dovecot-ldap.conf

Do I need to create that file or install it via yum?

Thanks again for your help, very much appreciated

Rob

Sent from my Windows Phone Hi Rob,

please don't top-post. On mailinglists it is custom, to write replies below the previous post.

I don't use Fedora/CentOS/RH, so I don't really know, but in Debian* there is the LDAP part in a separate package. Maybe it is so in your case too.....

I just looked at https://apps.fedoraproject.org/packages/dovecot/contents and it seems its all in 1 package, and you'll just have to copy it from /usr/share/doc/dovecot/example-config/ to /etc/dovecot.

Greetings Daniel

...
-----Original Message----- From: "Daniel Tröder" troeder@univention.de Sent: ‎26/‎06/‎2015 07:20 To: "dovecot@dovecot.org" dovecot@dovecot.org Subject: Re: authenticate LDAP to email server

Am 25.06.2015 um 22:36 schrieb robert k Wild:

...
hi all,

first things first my version and config -

# 2.0.9: /etc/dovecot/dovecot.conf

# OS: Linux 2.6.32-504.el6.x86_64 x86_64 CentOS release 6.6 (Final)

auth_mechanisms = plain login

mail_location = maildir:~/Maildir

mbox_write_locks = fcntl

passdb {

driver = pam

}

protocols = imap pop3

service auth {

unix_listener /var/spool/postfix/private/auth {
group = postfix

mode = 0666

user = postfix
}

}

ssl_cert =
ssl_key =
userdb {

driver = passwd

}

i have installed dovecot+ postfix email server and a

LDAP server, if i create users on the LDAP server can dovecot pick up

the usernames and create a mailbox for the individual users

as atm

if i want to create an email address for users i add the user to the

email server and make a directory for the users mailbox and have to

chmod and chown

also just another question, can i set up mail groups on dovecot?

cheers

rob
Hi Rob,

all you need to do is figure out what the attribute in your LDAP tree is, that holds the email address. Then configure uris, dn, dnpass, [tls*], base, scope, user_attrs, user_filter, iterate_attrs and iterate_filter in /etc/dovecot/dovecot-ldap.conf.ext and uncomment the include line in /etc/dovecot/conf.d/10-auth.conf

http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb

Good luck Daniel
-- Daniel Tröder Open Source Software Engineer

Univention GmbH be open Mary-Somerville-Str.1 28359 Bremen Tel.: +49 421 22232-91 Fax : +49 421 22232-99

troeder@univention.de http://www.univention.de

Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876

-- Regards,

Robert K Wild.

Alexander Dalloz

27 Jun 27 Jun

6:15 a.m.

Am 27.06.2015 um 00:36 schrieb robert k Wild:

...

i have made a file "/etc/dovecot/dovecot-ldap.conf.ext"

hosts = 10.10.1.3 base = dc=robina,dc=private ldap_version = 3 auth_bind = yes auth_bind_userdn = cn=%u,cn=home,ou=robina_users,dc=robina,dc=private pass_attrs = uid=user pass_filter = (&(objectClass=posixAccount)(uid=%u))

Why do you ignore the documentation?

http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds

"If you're using DN template, pass_attrs and pass_filter settings are completely ignored. That means you can't make passdb return any extra fields. You should also set auth_username_format = %Lu in dovecot.conf to normalize the username by lowercasing it. "

...

i have also uncommented out the "include" line in the file10-auth.conf

tried testing it by doing a telnet on my local host but it cant find my user, any suggestions

many thanks

rob

And please stop top-posting with full quotation of preovious content. This is a mailing list. The histtory of the thread is archived.

Alexander

robert k Wild

28 Jun 28 Jun

10:50 a.m.

i edited "dovecot-ldap.conf.ext" and added the lines

hosts = 10.10.1.3 auth_bind = yes auth_bind_userdn = cn=%u,cn=home,ou=robina_users,dc=robina,dc=private

i then edited "dovecot.conf" and added this line in

auth_username_format = %Lu

i edited "10-auth.conf" i unhashed the following line

!include auth-ldap.conf.ext - which contains my userdb and passwddb file

but when i try to create a new email account using thunderbird it cant find the settings for my email account

any help please

rob

Alexander Dalloz

12:16 p.m.

Am 28.06.2015 um 19:50 schrieb robert k Wild:

...

i edited "dovecot-ldap.conf.ext" and added the lines

hosts = 10.10.1.3 auth_bind = yes auth_bind_userdn = cn=%u,cn=home,ou=robina_users,dc=robina,dc=private

i then edited "dovecot.conf" and added this line in

auth_username_format = %Lu

i edited "10-auth.conf" i unhashed the following line

!include auth-ldap.conf.ext - which contains my userdb and passwddb file

but when i try to create a new email account using thunderbird it cant find the settings for my email account

any help please

rob

What is being logged when you try to login?

Alexander

Daniel Tröder

1:11 p.m.

Am 28.06.2015 um 21:16 schrieb Alexander Dalloz:

...

Am 28.06.2015 um 19:50 schrieb robert k Wild:

...
i edited "dovecot-ldap.conf.ext" and added the lines

hosts = 10.10.1.3 auth_bind = yes auth_bind_userdn = cn=%u,cn=home,ou=robina_users,dc=robina,dc=private

i then edited "dovecot.conf" and added this line in

auth_username_format = %Lu

i edited "10-auth.conf" i unhashed the following line

!include auth-ldap.conf.ext - which contains my userdb and passwddb file

but when i try to create a new email account using thunderbird it cant find the settings for my email account

any help please

rob

What is being logged when you try to login?

Alexander Please edit /etc/dovecot/conf.d/10-logging.conf and enable: auth_verbose = yes auth_verbose_passwords = plain auth_debug = yes auth_debug_passwords = yes mail_debug = yes

Then you'll get a very detailed account in the logfiles about what's going on.

robert k Wild

2:25 p.m.

i have enabled logging, how can i run a test to get some results.

i have tried to add a mail account through thunderbird using my ldap user but i am not getting any error logs in the /var/log/dovecot.log file

any help on how i can produce logs to show you guys

thanks

rob

robert k Wild

2:49 p.m.

got something

when i did a telnet localhost 143, i got this

Jun 28 23:16:46 post dovecot: auth: Fatal: LDAP: No base given Jun 28 23:16:46 post dovecot: master: Error: service(auth): command startup failed, throttling Jun 28 23:17:21 post dovecot: imap-login: Error: Timeout waiting for handshake from auth server. my pid=2284, input bytes=0 Jun 28 23:17:46 post dovecot: imap-login: Disconnected: Inactivity (no auth attempts): rip=::1, lip=::1, secured Jun 28 23:17:46 post dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 28 23:17:46 post dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jun 28 23:17:46 post dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Jun 28 23:17:46 post dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Jun 28 23:17:46 post dovecot: auth: Fatal: LDAP: No base given Jun 28 23:17:46 post dovecot: master: Error: service(auth): command startup failed, throttling

robert k Wild

3:56 p.m.

success, i want to take this time in thanking all of you, thanks so much, much appreciated!!!

Jun 29 00:10:12 post dovecot: imap(rwild): Disconnected: Too many invalid IMAP commands. bytes=50/12 91 Jun 29 00:10:31 post dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 29 00:10:31 post dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jun 29 00:10:31 post dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.s o Jun 29 00:10:31 post dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Jun 29 00:10:31 post dovecot: auth: Debug: auth client connected (pid=7350) Jun 29 00:10:46 post dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#

011lip=::1#011rip=::1#011lport=143#011rport=42899#011resp=AHJ3aWxkAGthcm8xOTg0 Jun 29 00:10:46 post dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Jun 29 00:10:46 post dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Jun 29 00:10:46 post dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.s o Jun 29 00:10:46 post dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Jun 29 00:10:46 post dovecot: auth: Debug: pam(rwild,::1): lookup service=dovecot Jun 29 00:10:46 post dovecot: auth: Debug: pam(rwild,::1): #1/1 style=1 msg=Password: Jun 29 00:10:46 post dovecot: auth: Debug: client out: OK#0111#011user=rwild Jun 29 00:10:46 post dovecot: auth: Debug: master in: REQUEST#0113883401217#0117350#0111#0115b2e6643

70256436b6db653a8a21ac68 Jun 29 00:10:46 post dovecot: auth: Debug: passwd(rwild,::1): lookup Jun 29 00:10:46 post dovecot: auth: Debug: master out: USER#0113883401217#011rwild#011system_groups_

user=rwild#011uid=1000#011gid=500#011home=/ldap/home/rwild Jun 29 00:10:46 post dovecot: imap-login: Login: user=<rwild>, method=PLAIN, rip=::1, lip=::1, mpid= 7393, secured Jun 29 00:10:46 post dovecot: imap(rwild): Debug: Effective uid=1000, gid=500, home=/ldap/home/rwild Jun 29 00:10:46 post dovecot: imap(rwild): Debug: maildir++: root=/ldap/home/rwild/Maildir, index=,

control=, inbox=/ldap/home/rwild/Maildir

3393

Age (days ago)

3396

Last active (days ago)

List overview

12 comments

4 participants

participants (4)

Alexander Dalloz
Daniel Tröder
robert k Wild
Robert Wild