[Dovecot] dovecot-auth: sockbuf.c:91: ber_sockbuf_ctrl: Assertion `( (sb)->sb_opts.lbo_valid == 0x3 )' failed.

Maciej Paczesny maciunio2 at gmail.com
Mon Jan 28 14:46:52 EET 2008 

2008/1/28, Maciej Paczesny <maciunio2 at gmail.com>:
> Hello,
>
> I'm almost sure that all topics and problems mentioned below were
> separately posted to this list already. But after spending 4 days on
> searching, I did'n find a compilation similar to my case. So maybe
> some of you guys, are able to answer to help me solve this:
>
> 1. I'd like to use userdb and passdb of Dovetcot to work with Windows AD.
> 2. I have to use them both because I'd like to use LDA to serve for my Postfix.
> 3. I DO NOT want tou use any external programs (ie PAM) to talk to AD server.
> 4. I was able to make my system partially running - I CAN bind to AD
> database, and confirm user/password.
> 5. I want to get follownig attributes: home directory (OK, I could put
> it statically), uid/gid (OK, it could be static too) and MAIL QUOTA
> (my users have different values - no 'statics').
>
> To help you on this subject, here are my configs/data:
> OS =>
> Gentoo Linux
>
> uname -a =>
> 2.6.15-gentoo-r7 #1 SMP PREEMPT Tue Mar 21 18:08:57 CET 2006 i686
> Intel(R) Xeon(TM) CPU 2.40GHz GenuineIntel GNU/Linux
>
> dovecot --version =>
> 1.1.beta14
>
> dovecot -n =>
> protocols: imaps
> ssl_listen: *:993
> ssl_cert_file: /etc/ssl/dovecot/newcert.pem
> ssl_key_file: /etc/ssl/dovecot/newkey.pem
> ssl_parameters_regenerate: 0
> ssl_cipher_list: ALL:!LOW:!SSLv2
> disable_plaintext_auth: no
> verbose_ssl: yes
> login_dir: /var/run/dovecot/login
> login_executable: /usr/libexec/dovecot/imap-login
> verbose_proctitle: yes
> mail_uid: 5000
> mail_gid: 5000
> mail_location: maildir:~/.Maildir/
> mail_debug: yes
> mail_executable: /usr/libexec/dovecot/var
> mail_plugins: quota imap_quota
> auth default:
>   mechanisms: login plain
>   username_format: %Lu
>   verbose: yes
>   debug: yes
>   debug_passwords: yes
>   passdb:
>     driver: ldap
>     args: /etc/dovecot/dovecot-ldap.conf
>   userdb:
>     driver: ldap
>     args: /etc/dovecot/dovecot-ldap.conf
>   socket:
>     type: listen
>     client:
>       path: /var/spool/postfix/private/auth
>       mode: 438
>       user: postfix
>       group: postfix
>     master:
>       path: /var/run/dovecot/auth-master
>       mode: 384
>       user: vmail
>       group: vmail
> plugin:
>   quota: maildir:storage=10240000000:ignore=Trash
>   sieve: /var/vmail/lpr/%u/.Maildir/.dovecot.sieve
>
>  grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf
> hosts = 10.10.10.8:3268
> uris = ldap://10.10.10.8:3268
> dn = lpr\Administrator
> dnpass = ***
> auth_bind = yes
> auth_bind_userdn = lpr\%u
> base = dc=lpr,dc=com,dc=pl
> ldap_version = 3
> user_attrs = uidNumber=uid,gidNumber=gid,postOfficeBox=home,carLicense=quota
> user_filter = (&(cn=%u))
> pass_attrs = cn=user,userPasword=password
> pass_filter = (&(cn=%u))
>
> Windows AD =>
> Windows 2003 R2 PL
>
> -----------------------
> Logs:
>
> Jan 28 00:37:40 gentoo dovecot: auth(default): client in: AUTH  1
>  PLAIN   service=imap    secured lip=10.10.10.2  rip=10.10.10.29
> Jan 28 00:37:40 gentoo dovecot: auth(default): client out: CONT 1
> Jan 28 00:37:40 gentoo dovecot: auth(default): client in: CONT  1
>  AG1wYWN6ZXNueQBOZGYxNjEzODI=
> Jan 28 00:37:40 gentoo dovecot: auth(default): client out: OK   1       user=xxx
> Jan 28 00:37:40 gentoo dovecot: auth(default): master in: REQUEST
>  1       16026   1
> Jan 28 00:37:40 gentoo dovecot: auth(default): ldap(xxx,10.10.10.29):
> user search: base=dc=lpr,dc=com,dc=pl scope=subtree filter=(&(cn=xxx))
> fields=uidNumber,gidNumber,postOfficeBox,carLicense
> Jan 28 00:37:40 gentoo dovecot: auth(default): master out: USER 1       xxx
> Jan 28 00:37:40 gentoo dovecot: imap-login: Login: user=<xxx>,
> method=PLAIN, rip=10.10.10.29, lip=10.10.10.2, TLS
> Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Loading modules from
> directory: /usr/lib/dovecot/imap
> Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Module loaded:
> /usr/lib/dovecot/imap/lib10_quota_plugin.so
> Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Module loaded:
> /usr/lib/dovecot/imap/lib11_imap_quota_plugin.so
> Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Effective uid=5000, gid=5000, home=
> Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Quota root:
> name=storage=10240000000 backend=maildir args=ignore=Trash
>
> Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): Namespace: type=private,
> prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes,
> subscriptions=yes
> Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): maildir:
> data=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir/
> Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): maildir++:
> root=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir, index=,
> control=, inbox=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir
> Jan 28 00:37:41 gentoo dovecot: IMAP(xxx):
> mkdir(/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir/cur)
> failed: Permission denied
>
>
>
> the second case is that i receive following errors in log file:
> Jan 28 00:47:31 gentoo dovecot: auth(default): client in: AUTH  1
>  PLAIN   service=imap    secured lip=10.10.10.2  rip=10.10.10.29
> Jan 28 00:47:31 gentoo dovecot: auth(default): client out: CONT 1
> Jan 28 00:47:31 gentoo dovecot: auth(default): client in: CONT  1
>  AG1wYCN6ZXNuew9OZGYxxAEzODIe=
> Jan 28 00:47:31 gentoo dovecot: auth(default): client out: OK   1       user=xxx
> Jan 28 00:47:31 gentoo dovecot: auth(default): master in: REQUEST
>  1       16170   1
> Jan 28 00:47:31 gentoo dovecot: auth(default):
> prefetch(xxx,10.10.10.29): passdb didn't return userdb entries
> Jan 28 00:47:31 gentoo dovecot: auth(default):
> userdb(xxx,10.10.10.29): user not found from userdb
> Jan 28 00:47:31 gentoo dovecot: auth(default): master out: NOTFOUND     1
>
> when i use prefetch driver and with change like this one below to
> ldap.conf file:
> pass_attrs = uid=user, userPassword=password,
> postOfficeBox=userdb_home, uidNumber=userdb_uid, gidNumber=userdb_gid,
> carLicense=userdb_quota
>
>
> (and, yes, i know about the home directory path. it is easy to make it
> real and working (change mail_location) - it is not a problem.)
>
> the case and question is: how can i get a QUOTA (in my case -
> carLicense) attribute from AD/LDAP? is it shown somewhere? how can it
> be verified? the value "storage=10240000000 " is a static one written
> in config and the same for all users.
> is there any kind of manual on how to make AD and Dovecot running and
> returning uid, gid, home, quota etc attributes without PAM?
>

ok, I did manage to step ahead a bit.
using passdb and userdb gives me some progress - sniffit gives me the
proof that i'm receiving proper data from AD LDAP. but there is
another problem:

Jan 28 13:11:13 gentoo dovecot: imap-login: file
client-authenticate.c: line 200 (sasl_callback): assertion failed:
(!client->destroyed || reply == SASL_SERVER_REPLY_CLIENT_ERROR ||
reply == SASL_SERVER_REPLY_MASTER_FAILED)
[...]
Jan 28 13:36:50 gentoo dovecot: auth(default): dovecot-auth:
sockbuf.c:91: ber_sockbuf_ctrl: Assertion `( (sb)->sb_opts.lbo_valid
== 0x3 )' failed.

it seems that Dovecot cannot insert received data into the environment
variables (???)


-- 
Maciej Paczesny
maciunio2 at gmail.com
***Gdyby nie wymyślono elektryczności,
siedziałbym przed kompem przy świeczkach***

More information about the dovecot mailing list