GSSAPI mail home mapping problem

Lucas Castro lucas at gnuabordo.com.br
Tue Aug 10 19:31:09 EEST 2021 

Hello,

I'm trying to map authenticated kerberos users to mail_location,


The problem when I set mail_home = /var/mail/virtual/domain1.zw.loca/%n 
works fine.

But if mail_home is set as /var/mail/virtual/%d/%n

I get

Apr 12 19:53:18 postfix10 dovecot: imap-login: Login: user=<user0>, 
method=GSSAPI, rip=172.16.0.44, lip=10.16.0.220, mpid=2428, 
session=<iPA4Yc6/lJCsEAAs>
Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local 
=login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Added userdb setting: 
plugin/=yes
Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local 
=login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Effective uid=5000, 
gid=5000, home=/var/mail/virtual/domain1.zw.local =login_user=user0/user0

Right here, I can't figure out why login_user=user0/user0

Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local 
=login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Namespace inbox: 
type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, 
subscriptions=yes location=maildir:~/mail

Now login_user=user0

Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local 
=login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: maildir++: 
root=/var/mail/virtual/domain1.zw.local =login_user=user0/user0/mail, 
index=, indexpvt=, control=, inbox=/var/mail/virtual/domain1.zw.local 
=login_user=user0/user0/mail, alt=

then login_user=user0/user0/mail

Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local 
=login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Mailbox INBOX: 
Mailbox opened because: SELECT


doveconf  -n
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 5.10.0-7-amd64 x86_64 Debian 10.6
# Hostname: postfix10.zw.local
auth_debug = yes
auth_gssapi_hostname = $ALL
auth_krb5_keytab = /etc/dovecot/imap.keytab
auth_mechanisms = gssapi
auth_verbose = yes
disable_plaintext_auth = no
import_environment = TZ KRB5CCNAME=/etc/dovecot/imap.ticket 
KRB5_KTNAME=/etc/dovecot/imap.keytab
mail_debug = yes
mail_gid = 5000
mail_home = /var/mail/virtual/%d/%n
mail_location = maildir:~/mail
mail_privileged_group = mail
mail_uid = 5000
namespace inbox {
   disabled = no
   inbox = yes
   list = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
   type = private
}
passdb {
   args = /etc/dovecot/dovecot-ldap.conf.ext
   driver = ldap
}
protocols = " imap lmtp pop3"
service lmtp {
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0600
     user = postfix
   }
}
ssl = no
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
   args = /etc/dovecot/dovecot-ldap.conf.ext
   driver = ldap
}
userdb {
   driver = prefetch
}
protocol lmtp {
   postmaster_address = postmaster at zw.local
}


egrep -v "^$|^#" /etc/dovecot/dovecot-ldap.conf.ext
uris = ldap://ldap10.zw.local
auth_bind = yes
sasl_bind = yes
sasl_mech = gssapi
sasl_realm = zw.local
debug_level = -1
ldap_version = 3
base = dc=zw,dc=local
user_attrs = \
     =user=%{ldap:mail} \
     =login_user=%{ldap:uid}
user_filter = (uid=%n)
pass_attrs = \
     =user=%{ldap:uid},\
     =k5principals=%{ldap:krbPrincipalName}
pass_filter = (&(objectClass=krbPrincipalAux)(uid=%n))


-- 
Lucas Castro

More information about the dovecot mailing list