using %d as a variable in the ldap search base
Luke Schierer
luke-dovecot at schierer.org
Mon Aug 31 22:31:38 EEST 2020
Hi,
I'm trying to configure dovecot to use LDAP authentication directly,
and I'm having a bit of trouble. I have a somewhat unusual setup, in
that I have an LDAP directory that has 3 OUs each of which have their
own set of users, some of which overlap. As I was trying to figure
things out, I was setting the search base in my
/etc/dovecot/dovecot-ldap.conf.ext file which is referenced by
/etc/dovecot/conf.d/auth-ldap.conf.ext file to
base = ou=%d,dc=thecrazyguys,dc=net
however, the resulting searches against the directory endup just
dropping the %d, resulting in
ou=,dc=thecrazyguys,dc=net
which is invalid. On a whim, I tried a search base of
base = dc=%d,dc=thecrazyguys,dc=net
and found that it did correctly substitute in the variable, which
would be correct, except that my ldap tree is set up with OUs and not
an extra DC segment.
for whatever reason, it will do variable substitution for dc=%d, but
not for ou=%d. this is certainly not documented, and seems like wrong
behavior, since having an ou in a search base is valid.
I'm including configuration information below. Please let me know if I've missed including information that is required.
Thanks!
Luke
luke at schierer@littera001:/etc/dovecot$ lsb_release -rd
Description: Ubuntu 18.04.5 LTS
Release: 18.04
luke at schierer@littera001:/etc/dovecot$
luke at schierer@littera001:/etc/dovecot$ dpkg -l | grep -i dovecot
ii dovecot-core 1:2.2.33.2-1ubuntu4.6 amd64
ii dovecot-imapd 1:2.2.33.2-1ubuntu4.6 amd64
ii dovecot-ldap 1:2.2.33.2-1ubuntu4.6 amd64
ii dovecot-pop3d 1:2.2.33.2-1ubuntu4.6 amd64
luke at schierer@littera001:/etc/dovecot$
root at littera001:/etc/dovecot# dovecot -n
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.15.0-112-generic x86_64 Ubuntu 18.04.5 LTS
auth_verbose = yes
first_valid_uid = 1001
imap_hibernate_timeout = 100 secs
lock_method = dotlock
mail_cache_min_mail_count = 15
mail_fsync = always
mail_location = maildir:~/Maildir:LAYOUT=fs:INDEX=MEMORY
mail_nfs_index = yes
mail_nfs_storage = yes
mail_privileged_group = mail
mailbox_list_index = yes
maildir_broken_filename_sizes = yes
maildir_very_dirty_syncs = yes
mbox_min_index_size = 10 B
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocols = " imap pop3"
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = # hidden, use -P to show it
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol imap {
mail_max_userip_connections = 20
}
root at littera001:/etc/dovecot#
root at littera001:/etc/dovecot# cat /etc/dovecot/dovecot-ldap.conf.ext | grep -v ^# | uniq | more
hosts = censor001.plerumque.thecrazyguys.net
tls = yes
tls_require_cert = allow
debug_level = 4
auth_bind = yes
base = ou=%d,dc=thecrazyguys,dc=net
scope = subtree
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=posixAccount)(uid=%n))
blocking = no
root at littera001:/etc/dovecot#
More information about the dovecot
mailing list