[Dovecot] trying to combine static userdb with LDAP passdb with per-user userdb_mail and userdb_home
Hello, dovecot users.I'm trying to cope with following problem I have single computer which will be going to be final destination for several virtual domains. Domains are stored in LDAP catalog. Dovecot will be working together with Postfix MTA running on same computer.
I'm a bit confused how to achieve following thing: I want Postfix to use Dovecot LMTP server for mail delivery. All my mail is located under /var/vmail partition. I designed my own ldap schema and according to dovecot documentation that user should always has home and mail directory i added separate attributes for user home and mail. My typical user that is stored in LDAP has homeDirectory (which stores value like /var/vmail/domain.com/j/joe) and mailMessageStore (which stores value like /var/vmail/domain.com/j/joe/Maildir). All data under /var/vmail is owned by Postfix MTA user (which is called `postfix', uid=89). After reading dovecot documentation I understand that my setup needs to combine static userdb with LDAP passdb. But i also want dovecot to be able to deliver mail for local system users (that are stored in /etc/passwd). For system users i want to store their mail in $HOME/Mail. So i set mail_location = ~/Mail (which turns into /home/user/Mail), but for virtual (which are stored in LDAP) users i want to set mail (or maybe i should write here userdb_mail) to LDAP value mailMessageStore. Seems to me that LMTP server needs separate userdb query to fetch mail_location from LDAP.
Setting mail_location = /var/vmail/%d/%n1/%u solves my problem, but I want dovecot to dynamically fetch maildir location from LDAP. Maybe in near future I would also store mail somewhere else not only under /var/vmail. And dovecot will fetch this information from LDAP.
Here is excerpt from dovecot log when user tries to login: Apr 11 13:32:29 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Apr 11 13:32:29 auth: Debug: auth client connected (pid=14748) Apr 11 13:32:29 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=172.20.21.26 rip=172.20.20.216 lport=143 rport=1227 resp=<hidden> Apr 11 13:32:29 auth: Debug: ldap(joe@domain.com,172.20.20.216): pass search: base=pdomain=domain.com,ou=mail,dc=org,dc=ru scope=onelevel filter=(&(objectClass=mailAccount)(uid=joe)(accountStatus=TRUE)) fields=mail,userPassword,mailQuota,homeDirectory,mailMessageStore Apr 11 13:32:29 auth: Debug: ldap(joe@domain.com,172.20.20.216): result: mail(user)=joe@domain.com mailQuota(userdb_quota_rule=*:bytes=%$)=1073741824 mailMessageStore(userdb_mail)=/var/vmail/domain.com/p/joe/Maildir homeDirectory(userdb_home)=/var/vmail/domain.com/p/joe userPassword(password)=<hidden> Apr 11 13:32:29 auth: Debug: client out: OK 1 user=joe@domain.com Apr 11 13:32:29 auth: Debug: master in: REQUEST 2814377985 14748 1 5e00190b4fbfd1a4b8a50e13fa6562b1 Apr 11 13:32:29 auth: Debug: master out: USER 2814377985 joe@domain.com uid=89 gid=89 Apr 11 13:32:29 imap-login: Info: Login: user=<joe@domain.com>, method=PLAIN, rip=172.20.20.216, lip=172.20.21.26, mpid=14750 Apr 11 13:32:29 imap: Debug: Loading modules from directory: /usr/lib64/dovecot Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_trash_plugin.so Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_autocreate_plugin.so Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_expire_plugin.so Apr 11 13:32:29 imap(joe@domain.com): Debug: Effective uid=89, gid=89, home= Apr 11 13:32:29 imap(joe@domain.com): Debug: Quota root: name=User quota backend=maildir args= Apr 11 13:32:29 imap(joe@domain.com): Debug: Quota rule: root=User quota mailbox=* bytes=1073741824 messages=0 Apr 11 13:32:29 imap(joe@domain.com): Debug: Quota warning: bytes=1020054732 (95%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 95 joe@domain.com domain.com Apr 11 13:32:29 imap(joe@domain.com): Debug: Quota warning: bytes=966367641 (90%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 90 joe@domain.com domain.com Apr 11 13:32:29 imap(joe@domain.com): Debug: Quota warning: bytes=858993459 (80%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 80 joe@domain.com domain.com Apr 11 13:32:29 imap(joe@domain.com): Error: user joe@domain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Mail Apr 11 13:32:29 imap(joe@domain.com): Error: Invalid user settings. Refer to server log for more information.
Here is my ldap query: pass_filter = (&(objectClass=mailAccount)(uid=%n)(accountStatus=TRUE))
# ldap_attr = dovecot_variable
pass_attrs = mail=user, userPassword=password, mailQuota=userdb_quota_rule=*:bytes=%$,
homeDirectory=userdb_home, mailMessageStore=userdb_mail
What is the best way to do in my situation? Should i just add two
attributes to each LDAP user like mailuid and mailgid and set both these
variables to postfix'. Or maybe i should just forget about mail for local system users and just user prefetch' userdb. I'm just mazed
about dovecot userdb and passdb queries. It so powerful but also so
hard to understand.
I would appreciate any help, since I peck dovecot authentication and userdb-passdb queries like woodpecker starting from last week.
Do I understand right that dovecot during userdb fetches Unix UID which will be used to access data on disk? I just want postfix (uid=89) to allow to do this.
Here is `dovecot -n' output: # 2.0.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-238.1.1.1.el5 x86_64 CentOS release 5.5 (Final) auth_debug = yes auth_failure_delay = 3 secs auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 last_valid_gid = 89 last_valid_uid = 89 listen = * log_path = /var/log/dovecot login_greeting = Dovecot ready to serve. mail_debug = yes mail_fsync = always mail_location = maildir:~/Mail mail_nfs_index = yes mail_nfs_storage = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags mmap_disable = yes passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin/autocreate = &BBoEPgRABDcEOAQ9BDA- plugin/autocreate2 = &BCEEPwQwBDw- plugin/autosubscribe = &BBoEPgRABDcEOAQ9BDA- plugin/autosubscribe2 = &BCEEPwQwBDw- plugin/expire = &BBoEPgRABDcEOAQ9BDA- 7 &BCEEPwQwBDw- 30 plugin/login_executable = /usr/libexec/dovecot/managesieve-login plugin/mail_executable = /usr/libexec/dovecot/managesieve plugin/quota = maildir:User quota plugin/quota_rule = *:storage=1GB plugin/quota_warning = storage=95%% /usr/libexec/dovecot/quota-warning.sh 95 %u %d plugin/quota_warning2 = storage=90%% /usr/libexec/dovecot/quota-warning.sh 90 %u %d plugin/quota_warning3 = storage=80%% /usr/libexec/dovecot/quota-warning.sh 80 %u %d plugin/sieve_dir = /var/vmail/%d/%1n/%n/.dovecot.sieve plugin/sieve_extensions = +imapflags plugin/sieve_storage = /var/vmail/%d/%1n/%n/sieve protocols = pop3 imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { executable = /usr/libexec/dovecot/imap-login inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 1 } service imap { executable = /usr/libexec/dovecot/imap } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service managesieve-login { executable = /usr/libexec/dovecot/managesieve-login inet_listener sieve { port = 4190 } service_count = 1 } service managesieve { executable = /usr/libexec/dovecot/managesieve } service pop3-login { executable = /usr/libexec/dovecot/pop3-login inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } service_count = 1 } service pop3 { executable = /usr/libexec/dovecot/pop3 } service quota-warning { executable = script /usr/libexec/dovecot/quota-warning.sh user = dovecot } ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { args = uid=postfix gid=postfix driver = static } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep mail_plugin_dir = /usr/lib64/dovecot mail_plugins = autocreate expire quota imap_quota trash } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_lock_session = yes pop3_uidl_format = %08Xu%08Xv } protocol lmtp { info_log_path = /var/log/dovecot-lmtp-info.log log_path = /var/log/dovecot-lmtp.log mail_plugins = quota sieve }
Here is my typical LDAP user: dn: uid=joe,pdomain=domain.com,ou=mail,dc=org,dc=ru objectClass: top objectClass: uidObject objectClass: mailAccount accountStatus: TRUE mail: joe@domain.com mailQuota: 1073741824 mailMessageStore: /var/vmail/domain.com/j/joe/Maildir mailOwnerFirstName: Joe mailOwnerLastName: User registerPersonFirstName: Joe registerPersonLastName: User registerDate: 1301665769 homeDirectory: /var/vmail/domain.com/j/joe uid: joe userPassword: {SSHA}FvxQwgDycssHhfoMTtkzogZ0Nh43PpHL
I solved my problem doing this: /etc/dovecot/dovecot.conf ... mail_uid = 89 mail_gid = 89
userdb { driver = prefetch; }
passdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf }
/etc/dovecot/dovecot-ldap.conf pass_filter = (&(objectClass=mailAccount)(uid=%n)(accountStatus=TRUE))
pass_attrs = mail=userdb_user,
userPassword=password,
mailQuota=userdb_quota_rule=*:bytes=%$,
homeDirectory=userdb_home,
mailMessageStore=userdb_mail
Setting mail_uid and mail_gid to numeric values of postfix user i achieved my goal.
On Apr 11, Igor Zinovik wrote:
I'm trying to cope with following problem I have single computer which will be going to be final destination for several virtual domains. Domains are stored in LDAP catalog. Dovecot will be working together with Postfix MTA running on same computer.
I'm a bit confused how to achieve following thing: I want Postfix to use Dovecot LMTP server for mail delivery. All my mail is located under /var/vmail partition. I designed my own ldap schema and according to dovecot documentation that user should always has home and mail directory i added separate attributes for user home and mail. My typical user that is stored in LDAP has homeDirectory (which stores value like /var/vmail/domain.com/j/joe) and mailMessageStore (which stores value like /var/vmail/domain.com/j/joe/Maildir). All data under /var/vmail is owned by Postfix MTA user (which is called `postfix', uid=89). After reading dovecot documentation I understand that my setup needs to combine static userdb with LDAP passdb. But i also want dovecot to be able to deliver mail for local system users (that are stored in /etc/passwd). For system users i want to store their mail in $HOME/Mail. So i set mail_location = ~/Mail (which turns into /home/user/Mail), but for virtual (which are stored in LDAP) users i want to set mail (or maybe i should write here userdb_mail) to LDAP value mailMessageStore. Seems to me that LMTP server needs separate userdb query to fetch mail_location from LDAP.
Setting mail_location = /var/vmail/%d/%n1/%u solves my problem, but I want dovecot to dynamically fetch maildir location from LDAP. Maybe in near future I would also store mail somewhere else not only under /var/vmail. And dovecot will fetch this information from LDAP.
Here is excerpt from dovecot log when user tries to login: Apr 11 13:32:29 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so Apr 11 13:32:29 auth: Debug: auth client connected (pid=14748) Apr 11 13:32:29 auth: Debug: client in: AUTH 1 PLAIN service=imap lip=172.20.21.26 rip=172.20.20.216 lport=143 rport=1227 resp=<hidden> Apr 11 13:32:29 auth: Debug: ldap(joe@domain.com,172.20.20.216): pass search: base=pdomain=domain.com,ou=mail,dc=org,dc=ru scope=onelevel filter=(&(objectClass=mailAccount)(uid=joe)(accountStatus=TRUE)) fields=mail,userPassword,mailQuota,homeDirectory,mailMessageStore Apr 11 13:32:29 auth: Debug: ldap(joe@domain.com,172.20.20.216): result: mail(user)=joe@domain.com mailQuota(userdb_quota_rule=*:bytes=%$)=1073741824 mailMessageStore(userdb_mail)=/var/vmail/domain.com/p/joe/Maildir homeDirectory(userdb_home)=/var/vmail/domain.com/p/joe userPassword(password)=<hidden> Apr 11 13:32:29 auth: Debug: client out: OK 1 user=joe@domain.com Apr 11 13:32:29 auth: Debug: master in: REQUEST 2814377985 14748 1 5e00190b4fbfd1a4b8a50e13fa6562b1 Apr 11 13:32:29 auth: Debug: master out: USER 2814377985 joe@domain.com uid=89 gid=89 Apr 11 13:32:29 imap-login: Info: Login: user=<joe@domain.com>, method=PLAIN, rip=172.20.20.216, lip=172.20.21.26, mpid=14750 Apr 11 13:32:29 imap: Debug: Loading modules from directory: /usr/lib64/dovecot Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_trash_plugin.so Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_autocreate_plugin.so Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_expire_plugin.so Apr 11 13:32:29 imap(joe@domain.com): Debug: Effective uid=89, gid=89, home= Apr 11 13:32:29 imap(joe@domain.com): Debug: Quota root: name=User quota backend=maildir args= Apr 11 13:32:29 imap(joe@domain.com): Debug: Quota rule: root=User quota mailbox=* bytes=1073741824 messages=0 Apr 11 13:32:29 imap(joe@domain.com): Debug: Quota warning: bytes=1020054732 (95%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 95 joe@domain.com domain.com Apr 11 13:32:29 imap(joe@domain.com): Debug: Quota warning: bytes=966367641 (90%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 90 joe@domain.com domain.com Apr 11 13:32:29 imap(joe@domain.com): Debug: Quota warning: bytes=858993459 (80%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 80 joe@domain.com domain.com Apr 11 13:32:29 imap(joe@domain.com): Error: user joe@domain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Mail Apr 11 13:32:29 imap(joe@domain.com): Error: Invalid user settings. Refer to server log for more information.
Here is my ldap query: pass_filter = (&(objectClass=mailAccount)(uid=%n)(accountStatus=TRUE))
# ldap_attr = dovecot_variable pass_attrs = mail=user, userPassword=password, mailQuota=userdb_quota_rule=*:bytes=%$,
homeDirectory=userdb_home, mailMessageStore=userdb_mailWhat is the best way to do in my situation? Should i just add two attributes to each LDAP user like mailuid and mailgid and set both these variables to
postfix'. Or maybe i should just forget about mail for local system users and just userprefetch' userdb. I'm just mazed about dovecot userdb and passdb queries. It so powerful but also so hard to understand.I would appreciate any help, since I peck dovecot authentication and userdb-passdb queries like woodpecker starting from last week.
Do I understand right that dovecot during userdb fetches Unix UID which will be used to access data on disk? I just want postfix (uid=89) to allow to do this.
Here is `dovecot -n' output: # 2.0.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-238.1.1.1.el5 x86_64 CentOS release 5.5 (Final) auth_debug = yes auth_failure_delay = 3 secs auth_mechanisms = plain login auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 last_valid_gid = 89 last_valid_uid = 89 listen = * log_path = /var/log/dovecot login_greeting = Dovecot ready to serve. mail_debug = yes mail_fsync = always mail_location = maildir:~/Mail mail_nfs_index = yes mail_nfs_storage = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags mmap_disable = yes passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin/autocreate = &BBoEPgRABDcEOAQ9BDA- plugin/autocreate2 = &BCEEPwQwBDw- plugin/autosubscribe = &BBoEPgRABDcEOAQ9BDA- plugin/autosubscribe2 = &BCEEPwQwBDw- plugin/expire = &BBoEPgRABDcEOAQ9BDA- 7 &BCEEPwQwBDw- 30 plugin/login_executable = /usr/libexec/dovecot/managesieve-login plugin/mail_executable = /usr/libexec/dovecot/managesieve plugin/quota = maildir:User quota plugin/quota_rule = *:storage=1GB plugin/quota_warning = storage=95%% /usr/libexec/dovecot/quota-warning.sh 95 %u %d plugin/quota_warning2 = storage=90%% /usr/libexec/dovecot/quota-warning.sh 90 %u %d plugin/quota_warning3 = storage=80%% /usr/libexec/dovecot/quota-warning.sh 80 %u %d plugin/sieve_dir = /var/vmail/%d/%1n/%n/.dovecot.sieve plugin/sieve_extensions = +imapflags plugin/sieve_storage = /var/vmail/%d/%1n/%n/sieve protocols = pop3 imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { executable = /usr/libexec/dovecot/imap-login inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } service_count = 1 } service imap { executable = /usr/libexec/dovecot/imap } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service managesieve-login { executable = /usr/libexec/dovecot/managesieve-login inet_listener sieve { port = 4190 } service_count = 1 } service managesieve { executable = /usr/libexec/dovecot/managesieve } service pop3-login { executable = /usr/libexec/dovecot/pop3-login inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } service_count = 1 } service pop3 { executable = /usr/libexec/dovecot/pop3 } service quota-warning { executable = script /usr/libexec/dovecot/quota-warning.sh user = dovecot } ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { args = uid=postfix gid=postfix driver = static } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep mail_plugin_dir = /usr/lib64/dovecot mail_plugins = autocreate expire quota imap_quota trash } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_lock_session = yes pop3_uidl_format = %08Xu%08Xv } protocol lmtp { info_log_path = /var/log/dovecot-lmtp-info.log log_path = /var/log/dovecot-lmtp.log mail_plugins = quota sieve }
Here is my typical LDAP user: dn: uid=joe,pdomain=domain.com,ou=mail,dc=org,dc=ru objectClass: top objectClass: uidObject objectClass: mailAccount accountStatus: TRUE mail: joe@domain.com mailQuota: 1073741824 mailMessageStore: /var/vmail/domain.com/j/joe/Maildir mailOwnerFirstName: Joe mailOwnerLastName: User registerPersonFirstName: Joe registerPersonLastName: User registerDate: 1301665769 homeDirectory: /var/vmail/domain.com/j/joe uid: joe userPassword: {SSHA}FvxQwgDycssHhfoMTtkzogZ0Nh43PpHL
participants (1)
-
Igor Zinovik