LDAP Filters as defined for dovecot UserDB and passDB
Aki Tuomi
aki.tuomi at dovecot.fi
Fri Nov 3 08:42:36 EET 2017
Check your userdb, is it using same config file?
Aki
On 02.11.2017 23:59, Will Merkens wrote:
> I have pretty much everything working fine.
>
> I have run into one issue with the filters that I am unsure where this a filter is being set.
>
> Dovecot 2.2.32 (dfbe293d4)
>
> I have setup dovecot-ldap.conf.ext to control my LDAP query's
>
> My current layout used filters based on looking at the posixAccount attributes
>
> user_filter = (&(objectClass=posixAccount)(uid=%u))
>
> If I connect to a a ldap account that has no posixAccount attributes set I was getting a failure in the logs
>
> Nov 02 14:15:48 mail2 dovecot[28715]: auth: Debug: ldap(sales,192.168.123.39,<fd5mpwVddrvAqHsn>): user search: base=ou=People,dc=userful,dc=ca scope=subtree
> filter=(&(objectClass=posixAccount)(uid=sales)) fields=mail,user_filter
> Nov 02 14:15:48 mail2 dovecot[28715]: auth: Debug: ldap(sales,192.168.123.39,<fd5mpwVddrvAqHsn>): no fields returned by the server
> Nov 02 14:15:48 mail2 dovecot[28715]: auth: ldap(sales,192.168.123.39,<fd5mpwVddrvAqHsn>): unknown user
> Nov 02 14:15:48 mail2 dovecot[28715]: auth: Error: ldap(sales,192.168.123.39,<fd5mpwVddrvAqHsn>): user not found from userdb
>
> I changed the filters thinking I needed to look at the attributes seen by one of these accounts, I used the apache studio to find out what was visible.
>
> >From that I saw inetOrgPerson could be used. So I changed the filters.
>
> user_filter = (&(objectClass=inetOrgPerson)(uid=%u))
> pass_filter = (&(objectClass=inetOrgPerson)(uid=%n))
> iterate_filter = (objectClass=inetOrgPerson)
>
> Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: client in: AUTH 1 PLAIN service=imap secured
> session=Y0GBzgVdlorAqHsn lip=192.168.123.236
> Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales at userful.com,192.168.123.39,<Y0GBzgVdlorAqHsn>): bind search:
> base=ou=People,dc=userful,dc=ca filter=(&(objectClass=inetOrgPerson)(uid=sales))
> Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales at userful.com,192.168.123.39,<Y0GBzgVdlorAqHsn>): result: uid=sales; uid unused
> Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales at userful.com,192.168.123.39,<Y0GBzgVdlorAqHsn>): username changed sales at userful.com
> -> sales
> Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): result: uid=sales
> Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: ldap(sales at userful.com,192.168.123.39,<Y0GBzgVdlorAqHsn>): username changed sales at userful.com -> sales
> Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: client passdb out: OK 1 user=sales original_user=sales at userful.com
>
> so far so good but then I get
>
> Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: master in: REQUEST 3851550721 29049 1 519189df600c24c010b57158ac01c867
> session_pid=29073 request_auth_token
> Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): user search: base=ou=People,dc=userful,dc=ca
> scope=subtree filter=(&(objectClass=posixAccount)(uid=sales)) fields=mail,user_filter
> Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug: ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): no fields returned by the server
> Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): unknown user
> Nov 02 14:26:44 mail2 dovecot[29047]: auth: Error: ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): user not found from userdb
>
> The question then is where did it get filter=(&(objectClass=posixAccount) from since I changed the filters to inetOrgPerson
>
> I grep the dovecot settings directory and all My filters are in the one file. The file that hold the ldap settings
>
>
>
>
>
More information about the dovecot
mailing list