[Dovecot] trying to combine static userdb with LDAP passdb with per-user userdb_mail and userdb_home

Igor Zinovik zinovik.igor at gmail.com
Tue Apr 12 10:31:41 EEST 2011 

I solved my problem doing this:
/etc/dovecot/dovecot.conf
...
mail_uid = 89
mail_gid = 89

userdb {
  driver = prefetch;
}

passdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf
}


/etc/dovecot/dovecot-ldap.conf
pass_filter = (&(objectClass=mailAccount)(uid=%n)(accountStatus=TRUE))

pass_attrs = mail=userdb_user,\
             userPassword=password,\
             mailQuota=userdb_quota_rule=*:bytes=%$,\
             homeDirectory=userdb_home,\
             mailMessageStore=userdb_mail

Setting mail_uid and mail_gid to numeric values of postfix user i
achieved my goal.

On Apr 11, Igor Zinovik wrote: 
> I'm trying to cope with following problem I have single computer which
> will be going to be final destination for several virtual domains.
> Domains are stored in LDAP catalog.  Dovecot will be working together
> with Postfix MTA running on same computer.
> 
> I'm a bit confused how to achieve following thing: I want Postfix to use
> Dovecot LMTP server for mail delivery.  All my mail is located under
> /var/vmail partition.  I designed my own ldap schema and according to
> dovecot documentation that user should always has home and mail directory
> i added separate attributes for user home and mail.  My typical user
> that is stored in LDAP has homeDirectory (which stores value like
> /var/vmail/domain.com/j/joe) and mailMessageStore (which stores value
> like /var/vmail/domain.com/j/joe/Maildir).  All data under /var/vmail is
> owned by Postfix MTA user (which is called `postfix', uid=89).  After
> reading dovecot documentation I understand that my setup needs to
> combine static userdb with LDAP passdb.  But i also want dovecot to be
> able to deliver mail for local system users (that are stored in
> /etc/passwd).  For system users i want to store their mail in
> $HOME/Mail.  So i set mail_location = ~/Mail (which turns into
> /home/user/Mail),  but for virtual (which are stored in LDAP) users i
> want to set mail (or maybe i should write here userdb_mail) to LDAP
> value mailMessageStore.  Seems to me that LMTP server needs separate
> userdb query to fetch mail_location from LDAP.
> 
> Setting mail_location = /var/vmail/%d/%n1/%u solves my problem, but I
> want dovecot to dynamically fetch maildir location from LDAP.  Maybe in
> near future I would also store mail somewhere else not only under
> /var/vmail.  And dovecot will fetch this information from LDAP.
> 
> Here is excerpt from dovecot log when user tries to login:
> Apr 11 13:32:29 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
> Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
> Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so
> Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so
> Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
> Apr 11 13:32:29 auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so
> Apr 11 13:32:29 auth: Debug: auth client connected (pid=14748)
> Apr 11 13:32:29 auth: Debug: client in: AUTH    1       PLAIN   service=imap    lip=172.20.21.26        rip=172.20.20.216 lport=143        rport=1227      resp=<hidden>
> Apr 11 13:32:29 auth: Debug: ldap(joe at domain.com,172.20.20.216): pass search: base=pdomain=domain.com,ou=mail,dc=org,dc=ru scope=onelevel filter=(&(objectClass=mailAccount)(uid=joe)(accountStatus=TRUE)) fields=mail,userPassword,mailQuota,homeDirectory,mailMessageStore
> Apr 11 13:32:29 auth: Debug: ldap(joe at domain.com,172.20.20.216): result: mail(user)=joe at domain.com mailQuota(userdb_quota_rule=*:bytes=%$)=1073741824 mailMessageStore(userdb_mail)=/var/vmail/domain.com/p/joe/Maildir homeDirectory(userdb_home)=/var/vmail/domain.com/p/joe userPassword(password)=<hidden>
> Apr 11 13:32:29 auth: Debug: client out: OK     1       user=joe at domain.com
> Apr 11 13:32:29 auth: Debug: master in: REQUEST 2814377985      14748   1       5e00190b4fbfd1a4b8a50e13fa6562b1
> Apr 11 13:32:29 auth: Debug: master out: USER   2814377985      joe at domain.com      uid=89  gid=89
> Apr 11 13:32:29 imap-login: Info: Login: user=<joe at domain.com>, method=PLAIN, rip=172.20.20.216, lip=172.20.21.26, mpid=14750
> Apr 11 13:32:29 imap: Debug: Loading modules from directory: /usr/lib64/dovecot
> Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
> Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so
> Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_trash_plugin.so
> Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_autocreate_plugin.so
> Apr 11 13:32:29 imap: Debug: Module loaded: /usr/lib64/dovecot/lib20_expire_plugin.so
> Apr 11 13:32:29 imap(joe at domain.com): Debug: Effective uid=89, gid=89, home=
> Apr 11 13:32:29 imap(joe at domain.com): Debug: Quota root: name=User quota backend=maildir args=
> Apr 11 13:32:29 imap(joe at domain.com): Debug: Quota rule: root=User quota mailbox=* bytes=1073741824 messages=0
> Apr 11 13:32:29 imap(joe at domain.com): Debug: Quota warning: bytes=1020054732 (95%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 95 joe at domain.com domain.com
> Apr 11 13:32:29 imap(joe at domain.com): Debug: Quota warning: bytes=966367641 (90%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 90 joe at domain.com domain.com
> Apr 11 13:32:29 imap(joe at domain.com): Debug: Quota warning: bytes=858993459 (80%) messages=0 reverse=no command=/usr/libexec/dovecot/quota-warning.sh 80 joe at domain.com domain.com
> Apr 11 13:32:29 imap(joe at domain.com): Error: user joe at domain.com: Initialization failed: Initializing mail storage from mail_location setting failed: Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Mail
> Apr 11 13:32:29 imap(joe at domain.com): Error: Invalid user settings. Refer to server log for more information.
> 
> Here is my ldap query:
> pass_filter = (&(objectClass=mailAccount)(uid=%n)(accountStatus=TRUE))
> 
> # ldap_attr = dovecot_variable
> pass_attrs = mail=user, userPassword=password, mailQuota=userdb_quota_rule=*:bytes=%$,\
>              homeDirectory=userdb_home, mailMessageStore=userdb_mail 
> 
> What is the best way to do in my situation?  Should i just add two
> attributes to each LDAP user like mailuid and mailgid and set both these
> variables to `postfix'.  Or maybe i should just forget about mail for
> local system users and just user `prefetch' userdb.  I'm just mazed
> about dovecot userdb and passdb queries.  It so powerful but also so
> hard to understand.
> 
> I would appreciate any help, since I peck dovecot authentication and
> userdb-passdb queries like woodpecker starting from last week.
> 
> Do I understand right that dovecot during userdb fetches Unix UID which
> will be used to access data on disk?  I just want postfix (uid=89) to
> allow to do this.
> 
> Here is `dovecot -n' output:
> # 2.0.11: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.18-238.1.1.1.el5 x86_64 CentOS release 5.5 (Final) 
> auth_debug = yes
> auth_failure_delay = 3 secs
> auth_mechanisms = plain login
> auth_verbose = yes
> base_dir = /var/run/dovecot/
> disable_plaintext_auth = no
> first_valid_gid = 89
> first_valid_uid = 89
> last_valid_gid = 89
> last_valid_uid = 89
> listen = *
> log_path = /var/log/dovecot
> login_greeting = Dovecot ready to serve.
> mail_debug = yes
> mail_fsync = always
> mail_location = maildir:~/Mail
> mail_nfs_index = yes
> mail_nfs_storage = yes
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags
> mmap_disable = yes
> passdb {
>   args = /etc/dovecot/dovecot-ldap.conf
>   driver = ldap
> }
> plugin/autocreate = &BBoEPgRABDcEOAQ9BDA-
> plugin/autocreate2 = &BCEEPwQwBDw-
> plugin/autosubscribe = &BBoEPgRABDcEOAQ9BDA-
> plugin/autosubscribe2 = &BCEEPwQwBDw-
> plugin/expire = &BBoEPgRABDcEOAQ9BDA- 7 &BCEEPwQwBDw- 30
> plugin/login_executable = /usr/libexec/dovecot/managesieve-login
> plugin/mail_executable = /usr/libexec/dovecot/managesieve
> plugin/quota = maildir:User quota
> plugin/quota_rule = *:storage=1GB
> plugin/quota_warning = storage=95%% /usr/libexec/dovecot/quota-warning.sh 95 %u %d
> plugin/quota_warning2 = storage=90%% /usr/libexec/dovecot/quota-warning.sh 90 %u %d
> plugin/quota_warning3 = storage=80%% /usr/libexec/dovecot/quota-warning.sh 80 %u %d
> plugin/sieve_dir = /var/vmail/%d/%1n/%n/.dovecot.sieve
> plugin/sieve_extensions = +imapflags
> plugin/sieve_storage = /var/vmail/%d/%1n/%n/sieve
> protocols = pop3 imap lmtp sieve
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     group = postfix
>     mode = 0660
>     user = postfix
>   }
> }
> service imap-login {
>   executable = /usr/libexec/dovecot/imap-login
>   inet_listener imap {
>     port = 143
>   }
>   inet_listener imaps {
>     port = 993
>     ssl = yes
>   }
>   service_count = 1
> }
> service imap {
>   executable = /usr/libexec/dovecot/imap
> }
> service lmtp {
>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>     group = postfix
>     mode = 0666
>     user = postfix
>   }
> }
> service managesieve-login {
>   executable = /usr/libexec/dovecot/managesieve-login
>   inet_listener sieve {
>     port = 4190
>   }
>   service_count = 1
> }
> service managesieve {
>   executable = /usr/libexec/dovecot/managesieve
> }
> service pop3-login {
>   executable = /usr/libexec/dovecot/pop3-login
>   inet_listener pop3 {
>     port = 110
>   }
>   inet_listener pop3s {
>     port = 995
>     ssl = yes
>   }
>   service_count = 1
> }
> service pop3 {
>   executable = /usr/libexec/dovecot/pop3
> }
> service quota-warning {
>   executable = script /usr/libexec/dovecot/quota-warning.sh
>   user = dovecot
> }
> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
> ssl_key = </etc/pki/dovecot/private/dovecot.pem
> userdb {
>   args = uid=postfix gid=postfix
>   driver = static
> }
> protocol imap {
>   imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
>   mail_plugin_dir = /usr/lib64/dovecot
>   mail_plugins = autocreate expire quota imap_quota trash
> }
> protocol pop3 {
>   pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
>   pop3_lock_session = yes
>   pop3_uidl_format = %08Xu%08Xv
> }
> protocol lmtp {
>   info_log_path = /var/log/dovecot-lmtp-info.log
>   log_path = /var/log/dovecot-lmtp.log
>   mail_plugins = quota sieve
> }
> 
> Here is my typical LDAP user:
> dn: uid=joe,pdomain=domain.com,ou=mail,dc=org,dc=ru
> objectClass: top
> objectClass: uidObject
> objectClass: mailAccount
> accountStatus: TRUE
> mail: joe at domain.com
> mailQuota: 1073741824
> mailMessageStore: /var/vmail/domain.com/j/joe/Maildir
> mailOwnerFirstName: Joe
> mailOwnerLastName: User
> registerPersonFirstName: Joe
> registerPersonLastName: User
> registerDate: 1301665769
> homeDirectory: /var/vmail/domain.com/j/joe
> uid: joe
> userPassword: {SSHA}FvxQwgDycssHhfoMTtkzogZ0Nh43PpHL

More information about the dovecot mailing list