<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body><div>You could run dovecot-lda as root. It will setuid to correct account.</div><div><br></div><div><br></div><div><br></div><div id="composer_signature"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">---<div>Aki Tuomi</div><div>Dovecot oy</div></div><div><br></div><div style="font-size:100%;color:#000000"><!-- originalMessage --><div>-------- Original message --------</div><div>From: Andras Kemeny <pdx@pdx.hu> </div><div>Date: 31/07/2018 04:46 (GMT+02:00) </div><div>To: dovecot@dovecot.org </div><div>Subject: uid problem </div><div><br></div></div>hi,<br><br>contacting this mailing list is my last-ditch effort to somehow come to <br>a working configuration where postfix "ends in" dovecot, IE for special <br>LDAP-based users, featured in the virtual mailbox delivery, dovecot <br>would act as LDA.<br><br>here's the deal.<br><br>i've set up dovecot's access to the LDAP server, and for the purposes of <br>being an IMAP server and a SASL auth backend, dovecot works brilliantly <br>and without a glitch. i can access my test mailbox (in maildir format), <br>i can use the LDA as root and it delivers the message correctly (after a <br>switch to the target user's UID), and even postfix's submission works <br>with dovecot as its SASL backend.<br><br>what does not work is dovecot as LDA from postfix.<br><br>i'm getting these errors in the log:<br><br>Jul 31 03:40:40 rhyno dovecot: lda(aik): Error: user aik: Auth USER <br>lookup failed<br>Jul 31 03:40:40 rhyno dovecot: auth: Error: userdb(aik): client doesn't <br>have lookup permissions for this user: userdb uid (10001) doesn't match <br>peer uid (5000) (to bypass this check, set: service auth { unix_listener <br>/var/run/dovecot/auth-userdb { mode=0777 } })<br>Jul 31 03:40:40 rhyno dovecot: lda: Fatal: Internal error occurred. <br>Refer to server log for more information.<br><br>for the sake of clarity, i've tried the "to bypass this check" <br>instructions, didn't help.<br><br>also, for the sake of operational clarity, "aik" is the LDAP account <br>with the following parameters:<br><br>dn: uid=aik,ou=People,dc=rhyno,dc=tech<br>objectClass: account<br>objectClass: posixAccount<br>objectClass: postfixUser<br>cn: aik<br>uid: aik<br>uidNumber: 10001<br>gidNumber: 10001<br>homeDirectory: /home/aik<br>loginShell: /bin/sh<br>gecos: aik<br>description: User account<br>structuralObjectClass: account<br>entryUUID: db947584-0369-1038-98b3-675e2f0cea17<br>creatorsName: cn=admin,dc=rhyno,dc=tech<br>createTimestamp: 20180613152616Z<br>email: ***********<br>userPassword:: *************************<br>mailacceptinggeneralid: andras.kemeny<br>mailacceptinggeneralid: kemeny.andras<br>mailacceptinggeneralid: aik<br>mailacceptinggeneralid: pdx<br>mailacceptinggeneralid: @rhyno.tech<br>mailacceptinggeneralid: @rhynotechnologies.com<br>maildrop: aik<br><br>and postfix's master.cf says:<br><br>dovecot unix - n n - - pipe<br> flags=ODRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -e -f <br>${sender} -d ${user}<br><br>so i'm stuck at this point. obviously, if the LDA is spawned with <br>vmail:vmail perms, it cannot become uid 10001 (btw, the LDAP and passwd <br>accounts were once connected, but for security reasons, the connection <br>has been severed -- still the /home/aik/mail dir is owned by uid 10001 etc).<br><br>what am i doint wrong?<br><br>thanks,<br>a<br></body></html>