Dovecot with LDAP/AD has problem with uid/gid

Luca Bertoncello lucabert at lucabert.de
Sat Apr 2 11:23:33 UTC 2016 

Hi list!

I have a Server connected to an AD and I need to configure Dovecot to
authenticate the users against the AD (with password and GSSAPI).

Now I'm trying to connect Dovecot to the AD with password.
The authentication works, but I always got this error:

Apr  2 13:03:49 mail dovecot: pop3-login: Login: user=<lucabert>, method=PLAIN, rip=192.168.50.1, lip=192.168.50.3, mpid=3508, session=<ZWJDc34vDgDAqDIB>
Apr  2 13:03:49 mail dovecot: pop3(lucabert): Error: stat(/var/spool/mail/lucabert/tmp) failed: Permission denied (euid=10001(lucabert) egid=10000(domain users) missing +x perm: /var/spool/mail/lucabert, dir owned by 1005:8 mode=0700)
Apr  2 13:03:49 mail dovecot: pop3(lucabert): Error: Couldn't open INBOX: Internal error occurred. Refer to server log for more information. [2016-04-02 13:03:49]

My configuration:

# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-83-generic x86_64 Ubuntu 14.04.4 LTS nfs
auth_gssapi_hostname = mail.cch.intra
auth_mechanisms = plain login cram-md5 gssapi
auth_use_winbind = yes
auth_username_chars = 
disable_plaintext_auth = no
login_greeting = mail.cch.intra ready.
mail_fsync = always
mail_gid = 8
mail_location = maildir:/var/spool/mail/%Ln
mail_nfs_index = yes
mail_uid = 1005
mmap_disable = yes
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocols = " imap pop3"
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
  driver = passwd
}
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
  override_fields = uid=1005 gid=8 euid=1005
}
userdb {
  args = uid=1005 gid=8 home=/var/spool/mail/%n allow_all_users=yes
  driver = passwd-file
  override_fields = uid=1005 gid=8 euid=1005
}

auth-ldap.conf.ext:

passdb {
  driver = ldap

  # Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
  args = /etc/dovecot/dovecot-ldap.conf.ext
}

userdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf.ext

  # Default fields can be used to specify defaults that LDAP may override
  #default_fields = home=/home/virtual/%u
  override_fields = uid=1005 gid=8 euid=1005
}

and in my /etc/dovecot/dovecot-ldap.conf.ext I have:

user_attrs = \
  =uid=1005, \
  =gid=8, \
  =quota_rule=*:bytes=%{ldap:quotaBytes}, \
  =home=/var/spool/mail/%{ldap:sAMAccountName}, \
  =mail=maildir:/var/spool/mail/%{ldap:sAMAccountName}/Maildir

But it seems that all these settings for uid/gid will be ignored/overwritten...
Of course the Mailboxes have user 1005 and group 8.

Can someone help me?

Thanks
Luca Bertoncello
(lucabert at lucabert.de)

More information about the dovecot mailing list