GSSAPI mail home mapping problem
Lucas Castro
lucas at gnuabordo.com.br
Tue Aug 10 20:49:05 EEST 2021
Sorry, my fault, I missed some comma on user and pass attrs.
On 8/10/21 1:31 PM, Lucas Castro wrote:
> Hello,
>
> I'm trying to map authenticated kerberos users to mail_location,
>
>
> The problem when I set mail_home =
> /var/mail/virtual/domain1.zw.loca/%n works fine.
>
> But if mail_home is set as /var/mail/virtual/%d/%n
>
> I get
>
> Apr 12 19:53:18 postfix10 dovecot: imap-login: Login: user=<user0>,
> method=GSSAPI, rip=172.16.0.44, lip=10.16.0.220, mpid=2428,
> session=<iPA4Yc6/lJCsEAAs>
> Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local
> =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Added userdb
> setting: plugin/=yes
> Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local
> =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Effective uid=5000,
> gid=5000, home=/var/mail/virtual/domain1.zw.local =login_user=user0/user0
>
> Right here, I can't figure out why login_user=user0/user0
>
> Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local
> =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Namespace inbox:
> type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes,
> subscriptions=yes location=maildir:~/mail
>
> Now login_user=user0
>
> Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local
> =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: maildir++:
> root=/var/mail/virtual/domain1.zw.local =login_user=user0/user0/mail,
> index=, indexpvt=, control=, inbox=/var/mail/virtual/domain1.zw.local
> =login_user=user0/user0/mail, alt=
>
> then login_user=user0/user0/mail
>
> Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local
> =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Mailbox INBOX:
> Mailbox opened because: SELECT
>
>
> doveconf -n
> # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.4 ()
> # OS: Linux 5.10.0-7-amd64 x86_64 Debian 10.6
> # Hostname: postfix10.zw.local
> auth_debug = yes
> auth_gssapi_hostname = $ALL
> auth_krb5_keytab = /etc/dovecot/imap.keytab
> auth_mechanisms = gssapi
> auth_verbose = yes
> disable_plaintext_auth = no
> import_environment = TZ KRB5CCNAME=/etc/dovecot/imap.ticket
> KRB5_KTNAME=/etc/dovecot/imap.keytab
> mail_debug = yes
> mail_gid = 5000
> mail_home = /var/mail/virtual/%d/%n
> mail_location = maildir:~/mail
> mail_privileged_group = mail
> mail_uid = 5000
> namespace inbox {
> disabled = no
> inbox = yes
> list = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> type = private
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> }
> protocols = " imap lmtp pop3"
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> ssl = no
> ssl_cert = </etc/dovecot/private/dovecot.pem
> ssl_client_ca_dir = /etc/ssl/certs
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> userdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> }
> userdb {
> driver = prefetch
> }
> protocol lmtp {
> postmaster_address = postmaster at zw.local
> }
>
>
> egrep -v "^$|^#" /etc/dovecot/dovecot-ldap.conf.ext
> uris = ldap://ldap10.zw.local
> auth_bind = yes
> sasl_bind = yes
> sasl_mech = gssapi
> sasl_realm = zw.local
> debug_level = -1
> ldap_version = 3
> base = dc=zw,dc=local
> user_attrs = \
> =user=%{ldap:mail} \
> =login_user=%{ldap:uid}
> user_filter = (uid=%n)
> pass_attrs = \
> =user=%{ldap:uid},\
> =k5principals=%{ldap:krbPrincipalName}
> pass_filter = (&(objectClass=krbPrincipalAux)(uid=%n))
>
>
--
Lucas Castro
More information about the dovecot
mailing list