[Dovecot] LDAP and prefetch

Jorgen Lundman lundman at lundman.net
Wed Mar 22 02:32:12 EET 2006



SunOS pop01.unix 5.10 Generic_118844-26 i86pc i386 i86pc
dovecot-1.0.beta3


It is most likely something I am doing wrong, but could someone take a look at 
why I can not get LDAP prefetch to work?

If I define things like this:

dovecot.conf:
----------------------------------------------
  passdb ldap {
     args = /usr/local/etc/dovecot-ldap.conf
   }

  userdb ldap {
     args = /usr/local/etc/dovecot-ldap.conf
   }
----------------------------------------------



dovecot-ldap.conf:
----------------------------------------------
base = uid=%n, o=%d, ou=mail, dc=example, dc=com
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=posixAccount)(mail=%u))
pass_attrs = mail=user,userPassword=password,homeDirectory=userdb_home,uidNumber
=userdb_uid,gidNumber=userdb_gid
pass_filter = (&(objectClass=posixAccount)(mail=%u))
----------------------------------------------

This works correctly. Queries LDAP twice, but retrieves home, uid, gid and mail 
correctly. Authenticates well.


If I replace the userdb line in dovecot.conf with:
----------------------------------------------
    userdb prefetch {
   }
----------------------------------------------

It does no longer work. The passdb query is still correct, and it is followed by 
a second "empty" ldap query (as seen from snoop) with the following errors:

Mar 20 15:58:06 pop01.unix dovecot: [ID 474965 mail.info] Dovecot v1.0.beta3 
starting up
Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default): 
prefetch(fred at uranus.com,172.20.12.12): userdb_uid not returned
Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default): 
prefetch(fred at uranus.com,172.20.12.12): userdb_gid not returned
Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default): 
userdb(fred at uranus.com,172.20.12.12): user not found from userdb
Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.info] pop3-login: Internal 
login failure: user=<fred at uranus.com>, method=PLAIN, rip=172.20.12.12, 
lip=172.20.12.8


Snoop of failing lookup:

LDAP:      Operation *[APPL 3: Search Request]
LDAP:          [Base Object]
LDAP:              uid=fred, o=uranus.com, ou=mail,
LDAP:               dc=example, dc=com
[snip]
LDAP:         And *[0]
LDAP:            Equality Match *[3]
LDAP:                [Attr Descr]
LDAP:                      objectClass
LDAP:                [Value]
LDAP:                      posixAccount
LDAP:            *[3]
LDAP:                [OctetString]
LDAP:                      mail
LDAP:                [OctetString]
LDAP:                      fred at uranus.com
LDAP:         *[Sequence]
LDAP:             [OctetString]
LDAP:                  mail
LDAP:             [OctetString]
LDAP:                  userPassword
LDAP:             [OctetString]
LDAP:                  homeDirectory
LDAP:             [OctetString]
LDAP:                  uidNumber
LDAP:             [OctetString]
LDAP:                  gidNumber
[snip]
LDAP:      Operation *[APPL 4: Search ResEntry]
LDAP:          [Object Name]
LDAP:              uid=fred,o=uranus.com,ou=mail,dc
LDAP:              =example,dc=com
LDAP:         *[Partial Attributes]
LDAP:            *[Attribute]
LDAP:                [Type]
LDAP:                      uidNumber
LDAP:               *[Vals]
LDAP:                     [Value]
LDAP:                          105
LDAP:            *[Attribute]
LDAP:                [Type]
LDAP:                      gidNumber
LDAP:               *[Vals]
LDAP:                     [Value]
LDAP:                          200
LDAP:            *[Attribute]
LDAP:                [Type]
LDAP:                      homeDirectory
LDAP:               *[Vals]
LDAP:                     [Value]
LDAP:                          /export/nfs/mail/com/s/u/ur
LDAP:                          anus/fred/
LDAP:            *[Attribute]
LDAP:                [Type]
LDAP:                      userPassword
LDAP:               *[Vals]
LDAP:                     [Value]
LDAP:                          {crypt}QAa3SPeYrDARs  (its "test", no leak fun here)
LDAP:            *[Attribute]
LDAP:                [Type]
LDAP:                      mail
LDAP:               *[Vals]
LDAP:                     [Value]
LDAP:                          fred at uranus.com
[snip]
TCP:  Destination port = 389 (LDAP)
LDAP:  ----- LDAP:   -----
LDAP:
LDAP:  ""
LDAP:
TCP:  Destination port = 389 (LDAP)
LDAP:  ----- LDAP:   -----
LDAP:
LDAP:  ""
LDAP:

Please advice!


Lund

-- 
Jorgen Lundman       | <lundman at lundman.net>
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo    | +81 (0)90-5578-8500          (cell)
Japan                | +81 (0)3 -3375-1767          (home)


More information about the dovecot mailing list