[Dovecot] LDAP and prefetch
Adam M. Dunn
adunn at hgsc.bcm.tmc.edu
Tue Apr 4 18:32:52 EEST 2006
Lund,
I had the same issue, and solved it doing exactly what you did by NOT
using prefetch, although I would prefer to. Help me understand a little
better what you're saying. I also want to use multiple passdb mechanisms.
Does your findings mean I basically can't do a prefetch with multiple
mechanisms? I check both LDAP first, followed by /etc/passwd.
~Adam
On Tue, 4 Apr 2006, Jorgen Lundman wrote:
>
> Thanks to a similar email, we discovered an userdb passwd definition still
> active, which would clear out the prefetch data.
>
> Having ONLY passwd for ldap, and userdb prefetch makes it work correctly.
>
> Lund
>
>
> Jorgen Lundman wrote:
> >
> >
> > SunOS pop01.unix 5.10 Generic_118844-26 i86pc i386 i86pc
> > dovecot-1.0.beta3
> >
> >
> > It is most likely something I am doing wrong, but could someone take a
> > look at why I can not get LDAP prefetch to work?
> >
> > If I define things like this:
> >
> > dovecot.conf:
> > ----------------------------------------------
> > passdb ldap {
> > args = /usr/local/etc/dovecot-ldap.conf
> > }
> >
> > userdb ldap {
> > args = /usr/local/etc/dovecot-ldap.conf
> > }
> > ----------------------------------------------
> >
> >
> >
> > dovecot-ldap.conf:
> > ----------------------------------------------
> > base = uid=%n, o=%d, ou=mail, dc=example, dc=com
> > user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
> > user_filter = (&(objectClass=posixAccount)(mail=%u))
> > pass_attrs =
> > mail=user,userPassword=password,homeDirectory=userdb_home,uidNumber
> > =userdb_uid,gidNumber=userdb_gid
> > pass_filter = (&(objectClass=posixAccount)(mail=%u))
> > ----------------------------------------------
> >
> > This works correctly. Queries LDAP twice, but retrieves home, uid, gid
> > and mail correctly. Authenticates well.
> >
> >
> > If I replace the userdb line in dovecot.conf with:
> > ----------------------------------------------
> > userdb prefetch {
> > }
> > ----------------------------------------------
> >
> > It does no longer work. The passdb query is still correct, and it is
> > followed by a second "empty" ldap query (as seen from snoop) with the
> > following errors:
> >
> > Mar 20 15:58:06 pop01.unix dovecot: [ID 474965 mail.info] Dovecot
> > v1.0.beta3 starting up
> > Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error]
> > auth(default): prefetch(fred at uranus.com,172.20.12.12): userdb_uid not
> > returned
> > Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error]
> > auth(default): prefetch(fred at uranus.com,172.20.12.12): userdb_gid not
> > returned
> > Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error]
> > auth(default): userdb(fred at uranus.com,172.20.12.12): user not found from
> > userdb
> > Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.info] pop3-login:
> > Internal login failure: user=<fred at uranus.com>, method=PLAIN,
> > rip=172.20.12.12, lip=172.20.12.8
> >
> >
> > Snoop of failing lookup:
> >
> > LDAP: Operation *[APPL 3: Search Request]
> > LDAP: [Base Object]
> > LDAP: uid=fred, o=uranus.com, ou=mail,
> > LDAP: dc=example, dc=com
> > [snip]
> > LDAP: And *[0]
> > LDAP: Equality Match *[3]
> > LDAP: [Attr Descr]
> > LDAP: objectClass
> > LDAP: [Value]
> > LDAP: posixAccount
> > LDAP: *[3]
> > LDAP: [OctetString]
> > LDAP: mail
> > LDAP: [OctetString]
> > LDAP: fred at uranus.com
> > LDAP: *[Sequence]
> > LDAP: [OctetString]
> > LDAP: mail
> > LDAP: [OctetString]
> > LDAP: userPassword
> > LDAP: [OctetString]
> > LDAP: homeDirectory
> > LDAP: [OctetString]
> > LDAP: uidNumber
> > LDAP: [OctetString]
> > LDAP: gidNumber
> > [snip]
> > LDAP: Operation *[APPL 4: Search ResEntry]
> > LDAP: [Object Name]
> > LDAP: uid=fred,o=uranus.com,ou=mail,dc
> > LDAP: =example,dc=com
> > LDAP: *[Partial Attributes]
> > LDAP: *[Attribute]
> > LDAP: [Type]
> > LDAP: uidNumber
> > LDAP: *[Vals]
> > LDAP: [Value]
> > LDAP: 105
> > LDAP: *[Attribute]
> > LDAP: [Type]
> > LDAP: gidNumber
> > LDAP: *[Vals]
> > LDAP: [Value]
> > LDAP: 200
> > LDAP: *[Attribute]
> > LDAP: [Type]
> > LDAP: homeDirectory
> > LDAP: *[Vals]
> > LDAP: [Value]
> > LDAP: /export/nfs/mail/com/s/u/ur
> > LDAP: anus/fred/
> > LDAP: *[Attribute]
> > LDAP: [Type]
> > LDAP: userPassword
> > LDAP: *[Vals]
> > LDAP: [Value]
> > LDAP: {crypt}QAa3SPeYrDARs (its "test", no
> > leak fun here)
> > LDAP: *[Attribute]
> > LDAP: [Type]
> > LDAP: mail
> > LDAP: *[Vals]
> > LDAP: [Value]
> > LDAP: fred at uranus.com
> > [snip]
> > TCP: Destination port = 389 (LDAP)
> > LDAP: ----- LDAP: -----
> > LDAP:
> > LDAP: ""
> > LDAP:
> > TCP: Destination port = 389 (LDAP)
> > LDAP: ----- LDAP: -----
> > LDAP:
> > LDAP: ""
> > LDAP:
> >
> > Please advice!
> >
> >
> > Lund
> >
>
> --
> Jorgen Lundman | <lundman at lundman.net>
> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work)
> Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell)
> Japan | +81 (0)3 -3375-1767 (home)
>
>
More information about the dovecot
mailing list