Username aliases

Florian Pritz bluewind at xinu.at
Fri Sep 28 00:08:31 EEST 2018 

On Wed, Sep 26, 2018 at 09:34:07AM +0300, Aki Tuomi <aki.tuomi at open-xchange.com> wrote:
> # before current passbd
> passdb {
>   driver = passwd-file
>   args = username_format=%Lu /etc/dovecot/aliases
> }
> 
> # into /etc/dovecot/aliases
> alias at user:::::::user=real_username noauthenticate
> 
> This hopefully works.

This seems to work fine and I had the idea of doing something similar
for the userdb, but there it appears that the user name change doesn't
happen.

> auth_debug=yes
> userdb {
>   driver = passwd-file
>   args = username_format=%Lu /etc/dovecot/aliases
>   result_success = continue-ok
> }
> userdb {
>   driver = passwd-file
>   args = username_format=%u /etc/passwd
> }

When I perform a lookup with `doveadm user 'test at xinu.at'` I get many
empty fields since the alias file doesn't have them set. I expected that
they would be fetched from the next userdb (/etc/passwd), but that
doesn't seem to happen. I get this in the log:

> dovecot[10118]: auth: Debug: master in: USER     1       test at xinu.at    service=doveadm debug
> dovecot[10118]: auth: Debug: passwd-file(test at xinu.at): lookup: user=test at xinu.at file=/etc/dovecot/aliases
> dovecot[10118]: auth: Debug: passwd-file(test at xinu.at): lookup: user=test at xinu.at file=/etc/passwd
> dovecot[10118]: auth: passwd-file(test at xinu.at): unknown user
> dovecot[10118]: auth: Debug: userdb out: USER    1       test at xinu.at

So it looks like the user name change doesn't get applied with userdb,
while it works as expected with passdb. Is this expected or is this a
bug?


Just for comparison, the passdb config is this:
> passdb {
>   driver = passwd-file
>   args = username_format=%Lu /etc/dovecot/aliases
> }
> passdb {
>   driver = pam
> }

And when logging in with `doveadm auth test test at xinu.at` the log looks like this:

> dovecot[10118]: auth: Debug: auth client connected (pid=0)
> dovecot[10118]: auth: Debug: client in: AUTH     1       PLAIN   service=doveadm debug   resp=<hidden>
> dovecot[10118]: auth: Debug: passwd-file(test at xinu.at): lookup: user=test at xinu.at file=/etc/dovecot/aliases
> dovecot[10118]: auth: Debug: passwd-file(test at xinu.at): username changed test at xinu.at -> flo
> dovecot[10118]: auth: Debug: passwd-file(flo): Allowing any password
> dovecot[10118]: auth: Debug: passwd-file(flo): Not performing authentication (noauthenticate set)
> dovecot[10118]: auth-worker(10356): Debug: pam(flo): lookup service=dovecot
> dovecot[10118]: auth-worker(10356): Debug: pam(flo): #1/1 style=1 msg=Password:
> dovecot[10118]: auth: Debug: client passdb out: OK       1       user=flo                original_user=test at xinu.at

Florian



Full config:

# 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.2 (7704de5e)
# OS: Linux 4.18.5-arch1-1-ARCH x86_64 Arch Linux 
# Hostname: calima
auth_debug = yes
mail_location = mdbox:~/.mdbox
mail_plugins = zlib
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
mmap_disable = yes
namespace {
  hidden = no
  inbox = yes
  location = 
  prefix = INBOX.
  separator = .
  type = private
}
passdb {
  args = username_format=%Lu /etc/dovecot/aliases
  driver = passwd-file
}
passdb {
  driver = pam
}
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
  quota = count:User quota
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 Mailbox is full
  quota_status_success = DUNNO
  quota_vsizes = yes
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/.sieve
  sieve_global_dir = /etc/dovecot/sieve/global/
  sieve_global_path = /etc/dovecot/sieve/default.sieve
}
protocols = imap lmtp
service auth {
  user = root
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service quota-status {
  client_limit = 1
  executable = quota-status -p postfix
  unix_listener /var/spool/postfix/private/quota-status {
    group = postfix
    mode = 0660
    user = postfix
  }
}
ssl_cert = </etc/letsencrypt/live/calima.server-speed.net/fullchain.pem
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_dh =  # hidden, use -P to show it
ssl_key =  # hidden, use -P to show it
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
  args = username_format=%Lu /etc/dovecot/aliases
  driver = passwd-file
  result_success = continue-ok
}
userdb {
  args = username_format=%u /etc/passwd
  driver = passwd-file
}
protocol lmtp {
  mail_plugins = zlib sieve
  postmaster_address = postmaster at server-speed.net
}
protocol imap {
  imap_client_workarounds = tb-extra-mailbox-sep
}






-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180927/aaa711fa/attachment.sig>

More information about the dovecot mailing list