LDAP and dovecot

dovecot at outputservices.com dovecot at outputservices.com
Thu Sep 18 20:06:35 UTC 2014 

At my company I have users who are now becoming remote and using their mobile devices for email. I use Solaris 10 10/09 s10x_u8wos_08a X86 as an operating system and I now need a more secure email solution than the generic sendmail / imap solution.

I want to use dovecot and postfix because I have read good reports on these products for ease of setup and use. I need to use both with SSL certificates and username / passwords for both receiving and sending emails.

I am having difficulty getting dovecot to work with my ldap password solution. I have read all the documentation, there is a lot of it, and find it confusing. But I have tried very hard to get the solution to work.

I have not compiled postfix because I want to use the dovecot authentication solution it mentions. Therefore I need to get dovecot to work first.

I have dovecot 2.2.10 & postfix 2.11.1 with openldap 2.4.33.

I have tested dovecot with /etc/passwd /etc/shadow password authentication and password flat files. Those work, but not what I need. I need to use ldap so the users only have to set one password.

Below is the information I have. 

I have created self signed SSL certificates for testing purposes. We will get real SSL certificates once everything is operational.

*********

I compiled dovecot with the following command:

./configure --prefix=/usr/local/tools/dovecot --with-ssl=openssl --with-solr --with-zlib --with-bzlib --with-ldap=yes

-------------------------------------------
dovecot -n
# 2.2.10: /usr/local/tools/dovecot/etc/dovecot/dovecot.conf
# OS: SunOS 5.10 i86pc  
base_dir = /dovecot/var/run/dovecot
log_path = /dovecot/log/log
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_debug = yes
mail_location = mbox:~/posta:INBOX=/var/mail/%u:LAYOUT=maildir++:INDEX=~/posta/index:CONTROL=~/posta/control
passdb {
  args = /dovecot/etc/dovecot/tests/ldap.settings
  driver = ldap
}
protocols = imap
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
  }
}
ssl_cert = </dovecot/certs/dovecot.pem
ssl_key = </dovecot/certs/dovecot.key
ssl_prefer_server_ciphers = yes
userdb {
  args = /dovecot/etc/dovecot/tests/ldap.settings
  driver = ldap
}
protocol imap {
  imap_client_workarounds = tb-extra-mailbox-sep
}
-------------------------------------------

/dovecot/etc/dovecot/tests/ldap.settings
hosts = ldap.outputservices.com
tls = no
ldap_version = 3
base = dc=ldap,dc=outputservices,dc=com
-------------------------------------------

If I use ldap for passwords:
2014-09-18 09:44:23 master: Info: Dovecot v2.2.10 starting up for imap
2014-09-18 09:44:33 auth: Fatal: LDAP: Buggy LDAP library returned wrong fd: 1
2014-09-18 09:44:33 master: Error: service(auth): command startup failed, throttling for 2 secs
2014-09-18 09:44:33 imap-login: Info: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>
, rip=137.106.101.127, lip=137.106.76.215, TLS handshaking, session=<d1Nt3FgD1wCJamV/>
2014-09-18 09:44:48 master: Warning: Killed with signal 15 (by pid=18992 uid=0 code=kill)
-------------------------------------------

If I use a flat file for passwords:
2014-09-18 09:42:23 master: Info: Dovecot v2.2.10 starting up for imap
2014-09-18 09:43:05 imap-login: Info: Login: user=<dave>, method=PLAIN, rip=137.106.101.127, lip=137.106.76.215, mpid=16769, TLS, se
ssion=<vAny1VgDywCJamV/>
2014-09-18 09:43:05 imap(dave): Debug: Effective uid=6010, gid=131, home=/export/home/sun/dave
2014-09-18 09:43:05 imap(dave): Debug: maildir++: root=/export/home/sun/dave/posta, index=/export/home/sun/dave/posta/index, indexpv
t=, control=/export/home/sun/dave/posta/control, inbox=/var/mail/dave, alt=
2014-09-18 09:43:10 imap(dave): Info: Disconnected: Logged out in=223 out=1122
2014-09-18 09:43:22 master: Warning: Killed with signal 15 (by pid=17115 uid=0 code=kill)
-------------------------------------------

If I use /etc/passwd /etc/shadow for passwords:
2014-09-18 09:39:56 master: Info: Dovecot v2.2.10 starting up for imap
2014-09-18 09:40:14 imap-login: Info: Login: user=<dave>, method=PLAIN, rip=137.106.101.127, lip=137.106.76.215, mpid=13053, TLS, se
ssion=<uaT5zFgDwACJamV/>
2014-09-18 09:40:14 imap(dave): Debug: Effective uid=6010, gid=131, home=/export/home/sun/dave
2014-09-18 09:40:14 imap(dave): Debug: maildir++: root=/export/home/sun/dave/posta, index=/export/home/sun/dave/posta/index, indexpv
t=, control=/export/home/sun/dave/posta/control, inbox=/var/mail/dave, alt=
2014-09-18 09:41:01 imap(dave): Info: Disconnected: Logged out in=219 out=1118
2014-09-18 09:41:33 master: Warning: Killed with signal 15 (by pid=14765 uid=0 code=kill)
-------------------------------------------

I am using openldap 2.4.33. I compiled it using the following command:

  ./configure --enable-crypt --enable-ldap --enable-perl  --prefix=/usr/local/openldap

In the slapd.conf file I have placed the following:

access to attrs=userPassword
        by dn="cn=dovecot,dc=ldap,dc=outputservices,dc=com" read
        by anonymous auth
        by self write
        by * none
-------------------------------------------

In the ldap database I have the following dovecot user information:

dn: uid=dovecot,ou=People,dc=ldap,dc=outputservices,dc=com
uid: dovecot
cn: Dovecot Email User
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
uidNumber: 505
gidNumber: 505
homeDirectory: /tmp
structuralObjectClass: account
entryUUID: f85d1e02-13e3-1033-9c4a-b7d2075f7ecd
creatorsName: cn=admin,dc=ldap,dc=outputservices,dc=com
createTimestamp: 20140117165553Z
loginShell: /bin/tcsh
entryCSN: 20140725160856.481921Z#000000#000#000000
modifiersName: cn=admin,dc=ldap,dc=outputservices,dc=com
modifyTimestamp: 20140725160856Z
-------------------------------------------

In the /etc/passwd file I have the following information:

dovecot:x:505:505:Dovecot IMAP Server:/tmp:/bin/false
dovenull:x:506:506:Dovecot IMAP Server:/tmp:/bin/false
-------------------------------------------

I need assistance on this and also once I get dovecot running with ldap, I could use proper assistance with the postfix solution also. I want to stop solaris versions of sendmail and use dovecot & postfix. I am also a little confused on the mail_location setting. We use thunderbird as an email client and it sets the "local folders" just fine. But with imap it puts the Sent, Trash, Draft folders in the users "home" directory. With dovecot I have to put them in a different folder, I called it posta for now. It then makes them . Files. (.Sent, .Trash ?)

More information about the dovecot mailing list