[Dovecot] Static userdb with LDAP passdb but without "allow_all_users=yes"?
Andreas Ntaflos
daff at dword.org
Wed Dec 1 03:56:31 EET 2010
On Friday 26 November 2010 17:30:55 Timo Sirainen wrote:
> On Thu, 2010-11-25 at 19:31 +0100, Andreas Ntaflos wrote:
> > Is it possible to have a static user database along with an LDAP
> > password database and *not* be forced to set "allow_all_users=yes"
> > for the userdb?
>
> Yes.
>
> > dovecot: auth: Error: static(not-a-user at test01.example.com): passdb
> > doesn't support lookups, can't verify user's existence
>
> Set auth_debug=yes and see what it logs. passdb ldap should support
> it, as long as you don't set auth_bind=yes. I just verified that it
> works:
Thanks for the hint! I always forget how useful mail_debug and
auth_debug can be. It turns out that the problem was indeed that I had
passwd and pam as additional user and password databases. The order in
which they are declared in dovecot.conf matters of course and when the
PAM passdb is the last entry the problem appears.
The workaround is obviously to not set PAM as the last entry. But this
also means that any user from the LDAP/static user database that tries
to log in has to go through PAM first and fail. On a busy server with
lots of LDAP/static users and few system users this would waste quite a
few resources and clutter up /var/log/auth.log pretty badly.
Is there a way around that?
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://dovecot.org/pipermail/dovecot/attachments/20101201/fede923c/attachment.bin
More information about the dovecot
mailing list