[Dovecot] v1.1 alpha1: can't pop/imap login with LDAP

Katsu Yamamoto yamamoto at marino.co.jp
Wed Jul 25 05:30:48 EEST 2007


Hi,

We recentlty upgraded our dovecot from v1.0.2 to v1.1ahpha1 under CentOS 4.4.
Also, we are using Postfix 2.4.3 and OpenLDAP 2.3.35.
We've been using LDAP for our POP/IAMP user authentication, however after
upgrading to v1.1alpha1, LDAP authentication does't seem to be working
properly.

We re-examined the source code, and made a few modification.

We are suspecting that...

(1) db-ldap.c is not handling value properly??
(2) userdb-ldap.c is not allocating memory for userdb_reply??

The modification we made are following:

*** src/auth/db-ldap.c.orig     Thu Jul 12 10:42:49 2007
--- src/auth/db-ldap.c  Tue Jul 24 20:20:31 2007
***************
*** 55,60 ****
--- 55,62 ----
        BerElement *ber;

        string_t *var, *debug;
+
+         int value_index;
  };

  #define DEF_STR(name) DEF_STRUCT_STR(name, ldap_settings)
***************
*** 764,769 ****
--- 766,772 ----
        ctx->vals = ldap_get_values(ctx->conn->ld, ctx->entry,
                                    ctx->attr);
        ctx->value = ctx->vals[0];
+       ctx->value_index = 0;
  }

  static void
***************
*** 797,804 ****
                        db_ldap_result_change_attr(ctx);
                } else {
                        /* continuing existing attribute */
!                       if (ctx->value != NULL)
!                               ctx->value++;
                }

                if (ctx->value != NULL) {
--- 800,806 ----
                        db_ldap_result_change_attr(ctx);
                } else {
                        /* continuing existing attribute */
!                       ctx->value = ctx->vals[++ctx->value_index];
                }

                if (ctx->value != NULL) {

*** src/auth/userdb-ldap.c.orig Thu Jul 12 10:42:49 2007
--- src/auth/userdb-ldap.c      Tue Jul 24 20:33:45 2007
***************
*** 37,42 ****
--- 37,44 ----
        struct db_ldap_result_iterate_context *ldap_iter;
        const char *name, *const *values;

+       auth_request_init_userdb_reply(auth_request);
+
        ldap_iter = db_ldap_result_iterate_init(conn, entry, auth_request,
                                                conn->user_attr_map);
        while (db_ldap_result_iterate_next_all(ldap_iter, &name, &values)) {

With the modification, LDAP authentication is working without any problem,
at least for our system.
However we are not sure whether the above modification affect other
functions of dovecot.
Is there an official patch to fix the problem already released? And
somehow we missed it?
If there is no patch, then will there be any to be released sometime in
near future?

By the way, our dovecot configuration is:
-----
protocols: imap pop3
listen(default): *:40143
listen(imap): *:40143
listen(pop3): *:40110
ssl_disable: yes
disable_plaintext_auth: no
login_dir: /opt/mrn/mss/var/run/dovecot/login
login_executable(default): /opt/mrn/mss/libexec/dovecot/imap-login
login_executable(imap): /opt/mrn/mss/libexec/dovecot/imap-login
login_executable(pop3): /opt/mrn/mss/libexec/dovecot/pop3-login
mail_location: maildir:~/mail
mmap_disable: yes
mail_executable(default): /opt/mrn/mss/libexec/dovecot/imap
mail_executable(imap): /opt/mrn/mss/libexec/dovecot/imap
mail_executable(pop3): /opt/mrn/mss/libexec/dovecot/pop3
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(pop3): quota
mail_plugin_dir(default): /opt/mrn/mss/lib/dovecot/imap
mail_plugin_dir(imap): /opt/mrn/mss/lib/dovecot/imap
mail_plugin_dir(pop3): /opt/mrn/mss/lib/dovecot/pop3
auth default:
  mechanisms: plain login cram-md5 apop
  username_translation: %@
  verbose: yes
  debug: yes
  passdb:
    driver: ldap
    args: /opt/mrn/mss/etc/dovecot-ldap.conf
  userdb:
    driver: prefetch
  userdb:
    driver: ldap
    args: /opt/mrn/mss/etc/dovecot-ldap.conf
  socket:
    type: listen
    master:
      path: /opt/mrn/mss/var/run/dovecot/auth-master
      mode: 384
      user: mssmail
      group: mssmail
plugin:
  quota: maildir:ignore=Trash
-----

And our dovecot-ldap.conf is:
-----
hosts =localhost:40389
dn =cn=Manager,o=internet,c=jp
dnpass = ********
auth_bind = no
ldap_version = 3
base = ou=mail,o=internet,c=jp
user_attrs =
mail=user,uidNumber=uid,gidNumber=gid,homeDirectory=home,mailQuota=quota=maildir:ignore=Trash:storage
user_filter = (&(objectClass=mailAccount)(mail=%u))
pass_attrs =
mail=user,userPassword=password,uidNumber=userdb_uid,gidNumber=userdb_gid,homeDirectory=userdb_home,mailQuota=userdb_quota=maildir:igno\
re=Trash:storage
pass_filter = (&(objectClass=mailAccount)(mail=%u))
default_pass_scheme = PLAIN
-----

Thanks in advance,

-- 
Katsu Yamamoto
Marino Ltd., Yokohama, JAPAN




More information about the dovecot mailing list