System users lookup via PAM: strip the domain name?

Larry Rosenman larryrtx at gmail.com
Thu Jul 13 04:27:47 EEST 2017 

I have a need for the following:

Real system users in /etc/{passwd,shadow} (actually PAM on FreeBSD) wirhOUT @domain in /etc/passwd

Virtual Users in SQL (with full user at domain in the DB)

 

When I have auth_username_format = %Ln I can’t auth the Virtual Users, and if I have auth_username_format = %Lu I can’t auth System users. 

 

Is there a compromise somewhere?

 

Current doveconf –n with %Ln

thebighonker.lerctr.org /usr/local/etc/dovecot/conf.d $ doveconf -n

# 2.2.31 (65cde28): /usr/local/etc/dovecot/dovecot.conf

# Pigeonhole version 0.4.19 (e5c7051)

# OS: FreeBSD 11.1-PRERELEASE amd64

auth_debug = yes

auth_debug_passwords = yes

auth_mechanisms = plain login

auth_realms = lerctr.org thebighonker.lerctr.org tbh.lerctr.org jonesonair.com jonesonair.net

auth_username_format = %Ln

default_vsz_limit = 1 G

deliver_log_format = msgid=%m: %$ (subject=%s from=%f size=%w)

doveadm_password =  # hidden, use -P to show it

lda_mailbox_autocreate = yes

listen = 192.147.25.65, ::

lmtp_save_to_detail_mailbox = yes

login_access_sockets = tcpwrap

mail_attribute_dict = file:%h/mail/.imap/dovecot-mail-attributes

mail_location = mbox:~/mail:INBOX=~/mail/INBOX

mail_log_prefix = "%s(%u/%p): "

mail_plugins = " fts fts_solr notify stats virtual"

mail_privileged_group = mail

mail_server_admin = mailto:ler at lerctr.org

mail_server_comment = LERCTR Mail Server

mailbox_list_index = yes

managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds editheader mboxmetadata servermetadata imapsieve vnd.dovecot.imapsieve

namespace archive {

  hidden = no

  list = no

  location = mbox:~/MAIL-ARCHIVE

  prefix = ARCHIVE/

  separator = /

}

namespace inbox {

  inbox = yes

  location =

  mailbox Drafts {

    special_use = \Drafts

  }

  mailbox INBOX {

    auto = create

  }

  mailbox SENT {

    special_use = \Sent

  }

  mailbox SPAM {

    special_use = \Junk

  }

  mailbox "Sent Messages" {

    special_use = \Sent

  }

  mailbox Trash {

    special_use = \Trash

  }

  mailbox virtual/Flagged {

    special_use = \Flagged

  }

  mailbox virtual/all {

    special_use = \All

  }

  prefix =

}

namespace virtual {

  hidden = no

  list = yes

  location = virtual:~/MAIL-VIRTUAL:INDEX=MEMORY

  prefix = Virtual/

  separator = /

}

passdb {

  args = /usr/local/etc/dovecot/dovecot-sql.conf.ext

  driver = sql

}

passdb {

  args = failure_show_msg=yes session=yes max_requests=20

  driver = pam

}

plugin {

  fts = solr

  fts_autoindex = yes

  fts_solr = url=http://thebighonker.lerctr.org:8983/solr/dovecot/

  fts_tika = http://localhost:9998/tika/

  imapsieve_mailbox1_before = file:/usr/local/share/dovecot-pigeonhole/sieve/report-spam.sieve

  imapsieve_mailbox1_causes = COPY

  imapsieve_mailbox1_name = SPAM

  imapsieve_mailbox2_before = file:/usr/local/share/dovecot-pigeonhole/sieve/report-ham.sieve

  imapsieve_mailbox2_causes = COPY

  imapsieve_mailbox2_from = SPAM

  imapsieve_mailbox2_name = *

  imapsieve_url = sieve://thebighonker.lerctr.org

  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append

  mail_log_fields = uid box msgid size from subject vsize flags

  recipient_delimiter = +

  sieve = ~/.dovecot.sieve

  sieve_dir = ~/sieve

  sieve_execute_bin_dir = /usr/local/share/dovecot-pigeonhole/sieve

  sieve_extensions = +editheader +vacation-seconds +mboxmetadata +servermetadata

  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute

  sieve_pipe_bin_dir = /usr/local/share/dovecot-pigeonhole/sieve

  sieve_plugins = sieve_imapsieve sieve_extprograms

  stats_command_min_time = 1 mins

  stats_domain_min_time = 12 hours

  stats_ip_min_time = 12 hours

  stats_memory_limit = 16 M

  stats_refresh = 5s

  stats_session_min_time = 15 mins

  stats_track_cmds = yes

  stats_user_min_time = 1 hours

}

protocols = imap pop3 lmtp sieve

service auth {

  unix_listener auth-client {

    mode = 0666

  }

  unix_listener auth-master {

    mode = 0666

  }

}

service doveadm {

  inet_listener http {

    port = 8080

    ssl = yes

  }

}

service indexer-worker {

  drop_priv_before_exec = yes

}

service managesieve-login {

  inet_listener sieve {

    port = 4190

  }

  inet_listener sieve_deprecated {

    port = 2000

  }

}

service stats {

  chroot = empty

  client_limit = 0

  drop_priv_before_exec = no

  executable = stats

  extra_groups =

  fifo_listener stats-mail {

    group =

    mode = 0666

    user =

  }

  fifo_listener stats-user {

    group =

    mode = 0666

    user =

  }

  group =

  idle_kill = 4294967295 secs

  privileged_group =

  process_limit = 1

  process_min_avail = 0

  protocol =

  service_count = 0

  type =

  unix_listener stats {

    group =

    mode = 0666

    user =

  }

  user = $default_internal_user

  vsz_limit = 18446744073709551615 B

}

service tcpwrap {

  unix_listener login/tcpwrap {

    group = $default_login_user

    mode = 0600

    user = $default_login_user

  }

}

ssl_cert = </home/ler/letsencrypt-home/lerctr.org/fullchain.cer

ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+AESGCM:EECDH:EDH+AESGCM:EDH+aRSA:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!LOW:!RC4:!MD5:!EXP:!PSK:!SRP:!DSS

ssl_key =  # hidden, use -P to show it

ssl_protocols = !SSLv2 !SSLv3

userdb {

  args = /usr/local/etc/dovecot/dovecot-sql.conf.ext

  driver = sql

}

userdb {

  driver = passwd

}

verbose_proctitle = yes

protocol lmtp {

  mail_plugins = " fts fts_solr notify stats virtual sieve mail_log"

}

protocol lda {

  mail_plugins = " fts fts_solr notify stats virtual sieve mail_log"

}

protocol pop3 {

  mail_plugins = " fts fts_solr notify stats virtual mail_log"

}

protocol !doveadm {

  mail_plugins = " fts fts_solr notify stats virtual mail_log"

}

protocol imap {

  imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags

  imap_logout_format = in=%i out=%o fhc=%{fetch_hdr_count} fhb=%{fetch_hdr_bytes} fbc=%{fetch_body_count} fbb=%{fetch_body_bytes} del=%{deleted} exp=%{expunged} trash=%{trashed}

  imap_metadata = yes

  mail_max_userip_connections = 50

  mail_plugins = " fts fts_solr notify stats virtual mail_log imap_sieve imap_stats stats"

}

thebighonker.lerctr.org /usr/local/etc/dovecot/conf.d $

 

-- 

Larry Rosenman                     http://www.lerctr.org/~ler

Phone: +1 214-642-9640                 E-Mail: larryrtx at gmail.com

US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281

More information about the dovecot mailing list