[Dovecot] LDAP and prefetch
Jorgen Lundman
lundman at lundman.net
Tue Apr 4 06:40:18 EEST 2006
Thanks to a similar email, we discovered an userdb passwd definition still
active, which would clear out the prefetch data.
Having ONLY passwd for ldap, and userdb prefetch makes it work correctly.
Lund
Jorgen Lundman wrote:
>
>
> SunOS pop01.unix 5.10 Generic_118844-26 i86pc i386 i86pc
> dovecot-1.0.beta3
>
>
> It is most likely something I am doing wrong, but could someone take a
> look at why I can not get LDAP prefetch to work?
>
> If I define things like this:
>
> dovecot.conf:
> ----------------------------------------------
> passdb ldap {
> args = /usr/local/etc/dovecot-ldap.conf
> }
>
> userdb ldap {
> args = /usr/local/etc/dovecot-ldap.conf
> }
> ----------------------------------------------
>
>
>
> dovecot-ldap.conf:
> ----------------------------------------------
> base = uid=%n, o=%d, ou=mail, dc=example, dc=com
> user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
> user_filter = (&(objectClass=posixAccount)(mail=%u))
> pass_attrs =
> mail=user,userPassword=password,homeDirectory=userdb_home,uidNumber
> =userdb_uid,gidNumber=userdb_gid
> pass_filter = (&(objectClass=posixAccount)(mail=%u))
> ----------------------------------------------
>
> This works correctly. Queries LDAP twice, but retrieves home, uid, gid
> and mail correctly. Authenticates well.
>
>
> If I replace the userdb line in dovecot.conf with:
> ----------------------------------------------
> userdb prefetch {
> }
> ----------------------------------------------
>
> It does no longer work. The passdb query is still correct, and it is
> followed by a second "empty" ldap query (as seen from snoop) with the
> following errors:
>
> Mar 20 15:58:06 pop01.unix dovecot: [ID 474965 mail.info] Dovecot
> v1.0.beta3 starting up
> Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error]
> auth(default): prefetch(fred at uranus.com,172.20.12.12): userdb_uid not
> returned
> Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error]
> auth(default): prefetch(fred at uranus.com,172.20.12.12): userdb_gid not
> returned
> Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error]
> auth(default): userdb(fred at uranus.com,172.20.12.12): user not found from
> userdb
> Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.info] pop3-login:
> Internal login failure: user=<fred at uranus.com>, method=PLAIN,
> rip=172.20.12.12, lip=172.20.12.8
>
>
> Snoop of failing lookup:
>
> LDAP: Operation *[APPL 3: Search Request]
> LDAP: [Base Object]
> LDAP: uid=fred, o=uranus.com, ou=mail,
> LDAP: dc=example, dc=com
> [snip]
> LDAP: And *[0]
> LDAP: Equality Match *[3]
> LDAP: [Attr Descr]
> LDAP: objectClass
> LDAP: [Value]
> LDAP: posixAccount
> LDAP: *[3]
> LDAP: [OctetString]
> LDAP: mail
> LDAP: [OctetString]
> LDAP: fred at uranus.com
> LDAP: *[Sequence]
> LDAP: [OctetString]
> LDAP: mail
> LDAP: [OctetString]
> LDAP: userPassword
> LDAP: [OctetString]
> LDAP: homeDirectory
> LDAP: [OctetString]
> LDAP: uidNumber
> LDAP: [OctetString]
> LDAP: gidNumber
> [snip]
> LDAP: Operation *[APPL 4: Search ResEntry]
> LDAP: [Object Name]
> LDAP: uid=fred,o=uranus.com,ou=mail,dc
> LDAP: =example,dc=com
> LDAP: *[Partial Attributes]
> LDAP: *[Attribute]
> LDAP: [Type]
> LDAP: uidNumber
> LDAP: *[Vals]
> LDAP: [Value]
> LDAP: 105
> LDAP: *[Attribute]
> LDAP: [Type]
> LDAP: gidNumber
> LDAP: *[Vals]
> LDAP: [Value]
> LDAP: 200
> LDAP: *[Attribute]
> LDAP: [Type]
> LDAP: homeDirectory
> LDAP: *[Vals]
> LDAP: [Value]
> LDAP: /export/nfs/mail/com/s/u/ur
> LDAP: anus/fred/
> LDAP: *[Attribute]
> LDAP: [Type]
> LDAP: userPassword
> LDAP: *[Vals]
> LDAP: [Value]
> LDAP: {crypt}QAa3SPeYrDARs (its "test", no
> leak fun here)
> LDAP: *[Attribute]
> LDAP: [Type]
> LDAP: mail
> LDAP: *[Vals]
> LDAP: [Value]
> LDAP: fred at uranus.com
> [snip]
> TCP: Destination port = 389 (LDAP)
> LDAP: ----- LDAP: -----
> LDAP:
> LDAP: ""
> LDAP:
> TCP: Destination port = 389 (LDAP)
> LDAP: ----- LDAP: -----
> LDAP:
> LDAP: ""
> LDAP:
>
> Please advice!
>
>
> Lund
>
--
Jorgen Lundman | <lundman at lundman.net>
Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell)
Japan | +81 (0)3 -3375-1767 (home)
More information about the dovecot
mailing list