[Dovecot] Using auth_bind_userdn causes uid to be improper case
I'm having a problem with dovecot-1.0-1.1.rc15.fc6 + LDAP + auth_bind_userdb.
I have the following /etc/dovecot.conf:
mail_location = maildir:/var/spool/mail/%u/ protocols = imap pop3 mail_log_prefix = "%Us(%u):%i:%h " first_valid_uid = 5001 first_valid_gid = 5001 protocol imap { } protocol pop3 { } protocol lda { postmaster_address = postmaster@example.com } auth_verbose = yes auth_debug = yes auth default { mechanisms = plain userdb ldap { args = /etc/dovecot-ldap.conf } passdb ldap { args = /etc/dovecot-ldap.conf } user = root } dict { } plugin { }
and /etc/dovecot-ldap.conf:
hosts = driveable.example.com base = dc=example,dc=com #dn = cn=Directory Manager #dnpass = password auth_bind_userdn = uid=%u, ou=People, dc=example, dc=com uris = ldap://127.0.0.1 user_attrs = mail user_filter = uid=%u user_global_uid = 5001 user_global_gid = 5001 pass_filter = uid=%u
The problem is that if we have an entry in LDAP, User Name, with the uid UName, postfix stores the users mail in /var/spool/mail/UName
If I log into dovecot using uname (LDAP uid isn't case sensitive) than dovecot tries to look in /var/spool/mail/uname, similarly if I log in with unAME dovecot will look in /var/spool/unAME.
However, if instead of using auth_bind_userdn = uid=%u, ou=People, dc=example, dc=com
I bind with
dn = cn=Directory Manager dnpass = password
than it correctly looks in /var/spool/UName regardless of the case used when logging in.
It seems like when I log in with auth_bind_userdn %u is being left as the value I logged in with rather than being reloaded from LDAP. I was wondering if I have made some mistake in the configuration files to cause this behaviour or if something else is going on?
thanks, Aaron
Aaron Luchko wrote:
I'm having a problem with dovecot-1.0-1.1.rc15.fc6 + LDAP + auth_bind_userdb.
No offense to you Aaron, but I have been noticing this a lot lately...
There have been numerous changes in dovecot in the last few weeks and months, all of which have been intended to fix numerous bugs for different things.
It really doesn't make sense, under these conditions, to report bugs unless the bug report is against the LATEST VERSION.
Please, update to rc24 and see if this fixes it...
I'm sure Timo has his hands full getting the 1.0 release ready, and I think he would appreciate it if everyone would make sure that the latest version doesn't already fix their problem before reporting.
Thanks,
--
Best regards,
Charles
On Fri, 2007-03-02 at 16:01 -0500, Charles Marcus wrote:
Aaron Luchko wrote:
I'm having a problem with dovecot-1.0-1.1.rc15.fc6 + LDAP + auth_bind_userdb.
No offense to you Aaron, but I have been noticing this a lot lately...
There have been numerous changes in dovecot in the last few weeks and months, all of which have been intended to fix numerous bugs for different things.
It really doesn't make sense, under these conditions, to report bugs unless the bug report is against the LATEST VERSION.
Please, update to rc24 and see if this fixes it...
I'm sure Timo has his hands full getting the 1.0 release ready, and I think he would appreciate it if everyone would make sure that the latest version doesn't already fix their problem before reporting.
Sorry, the dovecot-1.0-1.1.rc15.fc6 was the latest in Fedora Core 6, it didn't occur to me there might be a more recent stable release outside of FC6. Besides, if it was a configuration error on my part (which it usually is, and apparently was as I just read Timo's email) than building and installing manually would just introduce an additional point of failure and complicate any debugging (perhaps suggesting a bug for what was in fact an install error).
/me erases the rc25 sources he downloaded.
thanks, Aaron
On 2.3.2007, at 22.49, Aaron Luchko wrote:
It seems like when I log in with auth_bind_userdn %u is being left as the value I logged in with rather than being reloaded from LDAP. I was wondering if I have made some mistake in the configuration files to cause this behaviour or if something else is going on?
That's kind of the point of auth_bind_userdn. It avoids one LDAP
lookup which would get the uid from LDAP. It might be possible to
also do this later by adding uid=user in user_attrs, but I'm not sure
about this. You could however use eg. %Lu in the auth_bind_userdn to
make the username always lowercase.
On Fri, 2007-03-02 at 23:27 +0200, Timo Sirainen wrote:
On 2.3.2007, at 22.49, Aaron Luchko wrote:
It seems like when I log in with auth_bind_userdn %u is being left as the value I logged in with rather than being reloaded from LDAP. I was wondering if I have made some mistake in the configuration files to cause this behaviour or if something else is going on?
That's kind of the point of auth_bind_userdn. It avoids one LDAP
lookup which would get the uid from LDAP. It might be possible to
also do this later by adding uid=user in user_attrs, but I'm not sure
about this. You could however use eg. %Lu in the auth_bind_userdn to
make the username always lowercase.
user_attrs = mail, uid=user
Didn't make any difference but
mail_location = maildir:/var/spool/mail/%Lu/
Did make everything lowercase (now I just need to find a way to have postfix cast the result_attribute to lower case as well...).
thanks for the help.
Aaron
participants (3)
-
Aaron Luchko
-
Charles Marcus
-
Timo Sirainen