limit sharing ability to certain users
Aki Tuomi
aki.tuomi at dovecot.fi
Tue Aug 7 12:35:03 EEST 2018
Ah. You probably need to change ldap userdb so that you add
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf
result_success = continue-ok
}
so that the next one is processed.
you can use 'doveadm user test at onnet.ch' to verify that the attributes are read for this user, and with another username that they are not.
Aki
On 07.08.2018 12:23, Simeon Ott wrote:
> … attached the dovecot -n, linked files, debug log lines during a
> standard client login
>
> root at buserver:/etc/dovecot/conf.d# doveconf -n
> # 2.2.13: /etc/dovecot/dovecot.conf
> # OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11
> auth_debug = yes
> auth_debug_passwords = yes
> auth_mechanisms = plain login
> auth_verbose = yes
> auth_verbose_passwords = plain
> debug_log_path = syslog
> disable_plaintext_auth = no
> info_log_path = syslog
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
> mail_debug = yes
> mail_gid = 5000
> mail_location = maildir:~/Maildir
> mail_plugins = zlib quota acl
> mail_uid = 5000
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date ihave
> namespace {
> hidden = no
> ignore_on_failure = no
> inbox = no
> list = children
> location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:CONTROL=%h/shared/%%u
> prefix = shared/%%u/
> separator = /
> subscriptions = yes
> type = shared
> }
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
> }
> mailbox Sent {
> auto = subscribe
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Spam {
> auto = subscribe
> special_use = \Junk
> }
> mailbox Trash {
> auto = subscribe
> special_use = \Trash
> }
> prefix =
> separator = /
> type = private
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf
> driver = ldap
> }
> plugin {
> acl = vfile
> acl_shared_dict = file:/var/spool/postfix/virtual/shared-mailboxes
> quota = maildir:User quota
> quota_exceeded_message = 4.2.2 Mailbox full
> quota_rule = *:storage=1G
> quota_rule2 = INBOX.Trash:storage=+100M
> quota_rule3 = INBOX.Spam:ignore
> quota_warning = storage=95%% quota-warning 95 %u
> sieve = ~/.dovecot.sieve
> sieve_before = /var/lib/dovecot/sieve/default.sieve
> sieve_dir = ~/sieve
> sieve_max_actions = 32
> sieve_max_redirects = 4
> sieve_max_script_size = 1M
> sieve_quota_max_scripts = 0
> sieve_quota_max_storage = 0
> }
> protocols = " imap lmtp sieve pop3"
> service auth {
> group = dovecot
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0666
> user = postfix
> }
> unix_listener auth-master {
> group = vmail
> mode = 0666
> user = vmail
> }
> unix_listener auth-userdb {
> group = vmail
> mode = 0666
> user = vmail
> }
> user = dovecot
> }
> service lmtp {
> unix_listener lmtp {
> mode = 0666
> }
> }
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> }
> inet_listener sieve_deprecated {
> port = 2000
> }
> process_min_avail = 0
> service_count = 1
> vsz_limit = 64 M
> }
> ssl = no
> userdb {
> args = /etc/dovecot/dovecot-ldap.conf
> driver = ldap
> }
> userdb {
> args = username_format=%Lu /etc/dovecot/share.passwd
> driver = passwd-file
> }
> protocol lmtp {
> mail_plugins = zlib quota acl sieve
> }
> protocol lda {
> auth_socket_path = /var/run/dovecot/auth-master
> deliver_log_format = msgid=%m: %$
> mail_plugins = zlib quota acl sieve
> postmaster_address = postmaster at onnet.ch <mailto:postmaster at onnet.ch>
> }
> protocol imap {
> mail_plugins = zlib quota acl imap_quota imap_acl
> }
> protocol sieve {
> info_log_path = /var/log/sieve.log
> log_path = /var/log/sieve.log
> mail_max_userip_connections = 10
> managesieve_implementation_string = Dovecot Pigeonhole
> managesieve_logout_format = bytes=%i/%o
> managesieve_max_compile_errors = 5
> managesieve_max_line_length = 65536
> }
>
> root at buserver:/etc/dovecot# cat dovecot-acl
> root at buserver:/etc/dovecot#
>
> —> means empty file
>
> root at buserver:/etc/dovecot# cat share.passwd
> test at onnet.ch
> <mailto:test at onnet.ch>:::::::userdb_acl=vfile:/etc/dovecot/dovecot-acl
> userdb_acl_globals_only=yes
>
> root at buserver:/etc/dovecot# sed -e '/^#/d' dovecot-ldap.conf
> hosts = localhost
> uris = ldap://localhost:389/
> debug_level = 10
> auth_bind = yes
> ldap_version = 3
> base = ou=domains,dc=intra,dc=onnet,dc=ch
> deref = never
> scope = subtree
> user_attrs =
> homeDirectory=home=/var/spool/postfix/virtual/%$,uidNumber=uid,gidNumber=gid,quota=quota_rule=*:bytes=%$
> user_filter = (&(objectClass=CourierMailAccount)(mail=%u))
> pass_attrs = mail=user,userPassword=password
> pass_filter = (&(objectClass=CourierMailAccount)(mail=%u))
> iterate_attrs = mail=user
> iterate_filter = (objectClass=CourierMailAccount)
> default_pass_scheme = CRYPT
>
> root at buserver:/etc/dovecot# cat /var/log/mail.log | grep "Aug 7 11:17:27"
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: acl vfile: file
> /var/spool/postfix/virtual/onnet.ch/test//Maildir/.test
> <http://onnet.ch/test//Maildir/.test> folder 1.sub folder 1
> 1/dovecot-acl not found
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: acl vfile: reading file
> /var/spool/postfix/virtual/onnet.ch/test//Maildir/.super/dovecot-acl
> <http://onnet.ch/test//Maildir/.super/dovecot-acl>
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: acl vfile: reading file
> /var/spool/postfix/virtual/onnet.ch/test//Maildir/.super.hello
> <http://onnet.ch/test//Maildir/.super.hello> du/dovecot-acl
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: acl vfile: file
> /var/spool/postfix/virtual/onnet.ch/test//Maildir/.test
> <http://onnet.ch/test//Maildir/.test> folder 1/dovecot-acl not found
> Aug 7 11:17:27 buserver dovecot: auth: Debug: auth client connected
> (pid=3203)
> Aug 7 11:17:27 buserver dovecot: auth: Debug: client in:
> AUTH#0111#011PLAIN#011service=imap#011session=lkbV3NRyyQDAqDgB#011lip=192.168.56.50#011rip=192.168.56.1#011lport=143#011rport=52169#011resp=dGVzdEBvbm5ldC5jaAB0ZXN0QG9ubmV0LmNoAG5vdmVsbDEyMzQ1Ng==
> (previous base64 data may contain sensitive data)
> Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test at onnet.ch
> <mailto:test at onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): bind search:
> base=ou=domains,dc=intra,dc=onnet,dc=ch
> filter=(&(objectClass=CourierMailAccount)(mail=test at onnet.ch
> <mailto:mail=test at onnet.ch>))
> Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test at onnet.ch
> <mailto:test at onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result:
> mail=test at onnet.ch <mailto:mail=test at onnet.ch>; mail unused
> Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test at onnet.ch
> <mailto:test at onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result:
> mail=test at onnet.ch <mailto:mail=test at onnet.ch>
> Aug 7 11:17:27 buserver dovecot: auth: Debug: client passdb out:
> OK#0111#011user=test at onnet.ch <mailto:OK#0111#011user=test at onnet.ch>
> Aug 7 11:17:27 buserver dovecot: auth: Debug: master in:
> REQUEST#0113718250497#0113203#0111#011089fd1d9e1a2c66586786422f24c51cd#011session_pid=3206#011request_auth_token
> Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test at onnet.ch
> <mailto:test at onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): user search:
> base=ou=domains,dc=intra,dc=onnet,dc=ch scope=subtree
> filter=(&(objectClass=CourierMailAccount)(mail=test at onnet.ch
> <mailto:mail=test at onnet.ch>))
> fields=homeDirectory,uidNumber,gidNumber,quota
> Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test at onnet.ch
> <mailto:test at onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result:
> uidNumber=5000 quota=1073741824 gidNumber=5000
> homeDirectory=onnet.ch/test/ <http://onnet.ch/test/>;
> homeDirectory,uidNumber,quota,gidNumber unused
> Aug 7 11:17:27 buserver dovecot: auth: Debug: ldap(test at onnet.ch
> <mailto:test at onnet.ch>,192.168.56.1,<lkbV3NRyyQDAqDgB>): result:
> uidNumber=5000 quota=1073741824 gidNumber=5000
> homeDirectory=onnet.ch/test/ <http://onnet.ch/test/>
> Aug 7 11:17:27 buserver dovecot: auth: Debug: master userdb out:
> USER#0113718250497#011test at onnet.ch
> <mailto:USER#0113718250497#011test at onnet.ch>#011home=/var/spool/postfix/virtual/onnet.ch/test/#011uid=5000#011gid=5000#011quota_rule=*:bytes=1073741824#011auth_token=913bee7c974e18d4527fc38d90457411e7e61201
> <http://onnet.ch/test/#011uid=5000#011gid=5000#011quota_rule=*:bytes=1073741824#011auth_token=913bee7c974e18d4527fc38d90457411e7e61201>
> Aug 7 11:17:27 buserver dovecot: imap-login: Login:
> user=<test at onnet.ch <mailto:test at onnet.ch>>, method=PLAIN,
> rip=192.168.56.1, lip=192.168.56.50, mpid=3206
> Aug 7 11:17:27 buserver dovecot: imap: Debug: Loading modules from
> directory: /usr/lib/dovecot/modules
> Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded:
> /usr/lib/dovecot/modules/lib01_acl_plugin.so
> Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded:
> /usr/lib/dovecot/modules/lib02_imap_acl_plugin.so
> Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded:
> /usr/lib/dovecot/modules/lib10_quota_plugin.so
> Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded:
> /usr/lib/dovecot/modules/lib11_imap_quota_plugin.so
> Aug 7 11:17:27 buserver dovecot: imap: Debug: Module loaded:
> /usr/lib/dovecot/modules/lib20_zlib_plugin.so
> Aug 7 11:17:27 buserver dovecot: imap: Debug: Added userdb setting:
> plugin/quota_rule=*:bytes=1073741824
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: Effective uid=5000, gid=5000,
> home=/var/spool/postfix/virtual/onnet.ch/test/ <http://onnet.ch/test/>
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: Quota root: name=User quota
> backend=maildir args=
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: Quota rule: root=User quota mailbox=*
> bytes=1073741824 messages=0
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: Quota rule: root=User quota
> mailbox=INBOX.Trash bytes=+104857600 messages=0
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: Quota rule: root=User quota
> mailbox=INBOX.Spam ignored
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: Quota warning: bytes=1020054732 (95%)
> messages=0 reverse=no command=quota-warning 95 test at onnet.ch
> <mailto:test at onnet.ch>
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: Quota grace: root=User quota
> bytes=107374182 (10%)
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: Namespace inbox: type=private,
> prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes
> location=maildir:~/Maildir
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: maildir++:
> root=/var/spool/postfix/virtual/onnet.ch/test//Maildir
> <http://onnet.ch/test//Maildir>, index=, indexpvt=, control=,
> inbox=/var/spool/postfix/virtual/onnet.ch/test//Maildir
> <http://onnet.ch/test//Maildir>, alt=
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: acl: initializing backend with data: vfile
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: acl: acl username = test at onnet.ch
> <mailto:test at onnet.ch>
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: acl: owner = 1
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: acl vfile: Global ACLs disabled
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: Namespace : type=shared,
> prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children,
> subscriptions=yes
> location=maildir:%h/Maildir:INDEX=/var/spool/postfix/virtual/onnet.ch/test//shared/%u:CONTROL=/var/spool/postfix/virtual/onnet.ch/test//shared/%u
> <http://onnet.ch/test//shared/%u:CONTROL=/var/spool/postfix/virtual/onnet.ch/test//shared/%u>
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: shared: root=/var/run/dovecot, index=,
> indexpvt=, control=, inbox=, alt=
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: acl: initializing backend with data: vfile
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: acl: acl username = test at onnet.ch
> <mailto:test at onnet.ch>
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: acl: owner = 0
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Debug: acl vfile: Global ACLs disabled
> Aug 7 11:17:27 buserver dovecot: imap(test at onnet.ch
> <mailto:test at onnet.ch>): Disconnected: Logged out in=30 out=457
>
> thanks for looking into this
>
>> On 7 Aug 2018, at 10:34, Aki Tuomi <aki.tuomi at dovecot.fi
>> <mailto:aki.tuomi at dovecot.fi>> wrote:
>>
>> Can you provide your doveconf -n after adding the database *after* LDAP.
>>
>> You probably need to add 'noauthenticate' as one parameter after the
>> userdb ones.
>>
>> Aki
>>
>
More information about the dovecot
mailing list