[Dovecot] lmtp -- save failed to INBOX: BUG: Unknown internal error

Jan-Frode Myklebust janfrode at tanso.net
Thu Sep 8 16:21:52 EEST 2011 

On Thu, Sep 08, 2011 at 04:03:58PM +0300, Timo Sirainen wrote:
> 
> It shouldn't be behaving like that.. Are you saying that all "unknown
> user" failures are logged as those errors?

Seems so yes.

> 
> I get without auth_bind_userdn:
> 
> Sep 08 15:56:08 auth: Info: ldap(foo,127.0.0.1): unknown user
> 
> With auth_bind_userdn:
> 
> Sep 08 16:00:12 auth: Info: ldap(foo,127.0.0.1): invalid credentials
> 
> So the "No such object" isn't expected.. Maybe different LDAP servers
> work in different ways?.. 

We're using centos directory server - aka - red hat directory server -
aka - 389ds. With:

	auth_verbose = yes
	auth_verbose_passwords = sha1 (which doesn't work)
	userdb {
	  args = /etc/dovecot/dovecot-ldap.conf.ext
	  driver = ldap
	}

	hosts = ldapm1.example.net:389 ldapm2.example.net:389
	auth_bind = yes
	auth_bind_userdn = uid=%n,ou=people,o=%d,o=ISP,o=example,c=NO
	base = ou=people,o=%d,o=ISP,o=example,c=NO
	deref = never
	scope = onelevel
	user_attrs = mailMessageStore=home, mailLocation=mail, mailQuota=mailQuota=quota_rule=*:storage=%$
	user_filter = (&(objectClass=examplePerson)(uid=%n))

Could maybe also be the user_filter or auth_bind_userdn that's turning
it into an error ?


> Yours appears to give out the difference
> between "user doesn't exist" and "wrong password"? Does the attached
> patch change these to "unknown user" messages?

> diff -r 8de8752b2e94 src/auth/passdb-ldap.c
> --- a/src/auth/passdb-ldap.c	Thu Sep 08 13:41:20 2011 +0300
> +++ b/src/auth/passdb-ldap.c	Thu Sep 08 16:03:21 2011 +0300
> @@ -157,6 +157,10 @@
>  			}
>  			auth_request_log_info(auth_request, "ldap", "%s", str);
>  			passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH;
> +		} else if (ret == LDAP_NO_SUCH_OBJECT) {
> +			passdb_result = PASSDB_RESULT_USER_UNKNOWN;
> +			auth_request_log_info(auth_request, "ldap",
> +					      "unknown user");
>  		} else {
>  			auth_request_log_error(auth_request, "ldap",
>  					       "ldap_bind() failed: %s",


I've done a bit too many unscheduled changes today... will see if I can
sneak this in tomorrow :-)


  -jf

More information about the dovecot mailing list