Two domains - same user names filter

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Tue Jun 6 16:16:28 EEST 2017 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 6 Jun 2017, Sandbox wrote:

> Its weird, when i sat up (&(uid=%n)(mail=*@%{domain1.com})) as user_filter:
                                             ^^^^^^^^^^
https://wiki2.dovecot.org/Variables?highlight=%28domain%29

The variable is named domain.

> auth: Debug: auth client connected (pid=14697)
> auth: Debug: client in: AUTH    1       PLAIN   service=imap    secured
> session=3Ej8PkdRAgDAqAG3        lip=192.168.34.10       rip=192.168.34.18
>    lport=143       rport=59394
> auth: Debug: client passdb out: CONT    1
> auth: Debug: client in: CONT<hidden>
> auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): pass search:
> base=ou=People,dc=domain1,dc=com scope=subtree filter=(uid=testuser1)
> fields=uid,userPassword
> auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): result: uid=
> testuser1 userPassword=<hidden>; uid,userPassword unused
> auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): result: uid=
> testuser1 userPassword=<hidden>
> auth: Debug: client passdb out: OK      1       user=testuser1 %n=testuser1
> auth: Debug: master in: REQUEST 3018063873      14697   1
> 3f04b57a81e1750e279d4dfec2e35414        session_pid=14699
> request_auth_token
> auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): user search:
> base=ou=People,dc=domain1,dc=com scope=subtree filter=(&(uid=testuser
> 1)(mail=*@domain1.com})) fields=uid
           ^^^^^^^^^^^^^^^


> auth: Debug: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): no fields
> returned by the server
> auth: Info: ldap(testuser1,192.168.34.18,<3Ej8PkdRAgDAqAG3>): unknown user
> auth: Debug: master userdb out: NOTFOUND        3018063873
> imap-login: Info: Internal login failure (pid=14697 id=1) (internal
> failure, 1 successful auths): user=<testuser1>, method=PLAIN,
> rip=192.168.34.18, lip=192.168.34.10, mpid=14699, TLS,
> session=<3Ej8PkdRAgDAqAG3>
>
> As I understand the filter should give back this result: "testuser1" when
> the mail record is *@domain1.com.
>
> and when i sat up the "old" method (uid=%n)
>
> auth: Debug: auth client connected (pid=14739)
> auth: Debug: client in: AUTH    1       PLAIN   service=imap    secured
> session=6v9kQkdREADAqAG3        lip=192.168.34.10       rip=192.168.34.18
>    lport=143       rport=59408
> auth: Debug: client passdb out: CONT    1
> auth: Debug: client in: CONT<hidden>
> auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): pass search:
> base=ou=People,dc=domain1,dc=com scope=subtree filter=(uid=testuser1)
> fields=uid,userPassword
> auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result:
> uid=testuser1 userPassword=<hidden>; uid,userPassword unused
> auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result:
> uid=testuser1 userPassword=<hidden>
> auth: Debug: client passdb out: OK      1       user=testuser1 %n=testuser1
> auth: Debug: master in: REQUEST 2349465601      14739   1
> 30535968cbadc3948ed4578ae769de33        session_pid=14741
> request_auth_token
> auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): user search:
> base=ou=People,dc=domain1,dc=com scope=subtree filter=(uid=testuser1)
> fields=uid
> auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result:
> uid=testuser1; uid unused
> auth: Debug: ldap(testuser1,192.168.34.18,<6v9kQkdREADAqAG3>): result:
> uid=testuser1
> auth: Debug: master userdb out: USER    2349465601      testuser1
>   auth_token=5f171ed4c66480dcc89a21709b062753c151aede
> imap-login: Info: Login: user=<testuser1>, method=PLAIN, rip=192.168.34.18,
> lip=192.168.34.10, mpid=14741, TLS, session=<6v9kQkdREADAqAG3>
>
> btw, its Dovecot 2.2.18 (Ubuntu 16.04 LTS)
>
> Robert
>
>
> 2017-06-03 18:18 GMT+02:00 Sami Ketola <sami.ketola at dovecot.fi>:
>
>>
>>> On 2 Jun 2017, at 11.40, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>>>
>>> Dovecot 2.2.29+ has feature called username_filter for passdb blocks,
>> which lets you specify usernames the passdb block is to be used. This could
>> simplify your config somewhat. See https://wiki.dovecot.org/
>> PasswordDatabase
>>
>>
>> Small mistake. That feature is in 2.2.30+
>>
>> Sami
>>
>>
>

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBWTarLHz1H7kL/d9rAQIIWAgAoWPAG/Q86Yt0CH1Zn1KdlXsTpk5NHc02
4snBpPo5nptJ9ZqUsuvQaGVu7iYqOZV4fJjONJAaPOrOkhxvGSa0twOlgF/+uNxs
FJt5xn13OjuTKKOX24GTXxStVqQp0uOysGMlV3aFJudOCFig584IBtZa4Xdmky8Q
GV2LHspK0go04YSZ7O8kSIJHcjEHsgOiO2OPl6jJo5rR7StVvzXIHOqeOLVeMWdS
VDYDKxBcKf83HUgRJE0FU1zfR3UTrV/nwSTi232xgQ5XXhjY1fHZGirceaEleZkH
T7Y6rzblph29eu4+xGcxEtJe0MQ5H03qP2lahGFj8IMzo9F5y1eB0w==
=hDv0
-----END PGP SIGNATURE-----

More information about the dovecot mailing list