<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi,</p>
<p>Trying to implement a master user (1) for auditing purposes
without luck. Ubuntu 18.04.3, canonical official repos only, no
ppa nor self-compiled anything. From the log below I understand
the master password succeeds but AD auth fails. I am pretty sure I
missed something here. Also, notice the messages "Ignoring unknown
passdb extra field: original_user".</p>
<p>Log:</p>
<p>Nov 1 14:02:32 netuno dovecot: auth: Debug: client in:
AUTH#0112#011PLAIN#011service=imap#011secured#011session=H2WM7kuWFKYKCQgI#011lip=10.9.8.8#011rip=10.9.8.8#011lport=143#011rport=42516#011resp=<hidden><br>
Nov 1 14:02:32 netuno dovecot: auth: Debug:
passwd-file(master,10.9.8.8,master,<H2WM7kuWFKYKCQgI>):
Master user lookup for login: test.account<br>
Nov 1 14:02:32 netuno dovecot: auth: Debug:
passwd-file(master,10.9.8.8,master,<H2WM7kuWFKYKCQgI>):
lookup: user=master file=/etc/dovecot/master-users<br>
Nov 1 14:02:32 netuno dovecot: auth:
passwd-file(master,10.9.8.8,master,<H2WM7kuWFKYKCQgI>):
Master user logging in as test.account<br>
Nov 1 14:02:32 netuno dovecot: auth:
ldap(test.account,10.9.8.8,<H2WM7kuWFKYKCQgI>): invalid
credentials<br>
Nov 1 14:02:34 netuno dovecot: auth: Debug: client passdb out:
FAIL#0112#011user=test.account#011authz#011original_user=master#011auth_user=master<br>
Nov 1 14:02:34 netuno dovecot: imap-login: Debug: Ignoring
unknown passdb extra field: original_user<br>
Nov 1 14:02:34 netuno dovecot: imap-login: Debug: Ignoring
unknown passdb extra field: auth_user<br>
Nov 1 14:02:42 netuno dovecot: imap-login: Aborted login (auth
failed, 1 attempts in 10 secs): user=<test.account>,
method=PLAIN, rip=10.9.8.8, lip=10.9.8.8, secured,
session=<H2WM7kuWFKYKCQgI><br>
</p>
<p>doveconf -n:</p>
<p><a href="https://pastebin.com/3cAvfNqB">https://pastebin.com/3cAvfNqB</a></p>
<p>root@netuno:/etc/dovecot# grep -v "^\s*#\|^\s*$"
/etc/dovecot/dovecot-ldap.conf.ext<br>
hosts = ad.example.net<br>
auth_bind = yes<br>
auth_bind_userdn = cn=%Lu,CN=Users,DC=ad,DC=example,DC=net<br>
base = DC=ad,DC=example,DC=net<br>
scope = base<br>
user_attrs = \<br>
=home=/mnt/maildirs/%Lu, \<br>
=uid=vmail,\<br>
=gid=vmail<br>
user_filter =
(&(objectClass=person)(uid=%Lu)(<a class="moz-txt-link-abbreviated" href="mailto:mail=*@example.net">mail=*@example.net</a>))<br>
root@netuno:/etc/dovecot# <br>
</p>
<p>root@netuno:/etc/dovecot# cat /etc/dovecot/global-acls<br>
* user=master lr<br>
root@netuno:/etc/dovecot# <br>
<br>
</p>
<p>(1) <a
href="https://doc.dovecot.org/configuration_manual/authentication/master_users/">https://doc.dovecot.org/configuration_manual/authentication/master_users/</a></p>
<p>Best regards<br>
</p>
<div class="moz-signature">-- <br>
<style type="text/css">
#a1AssinaturaEmail { font-family: Tahoma, Verdana, Arial; font-size: 10px; }
#a1AssinaturaEmail * { font-family: Tahoma, Verdana, Arial; font-size: 10px; }
#a1AssinaturaEmail a { text-decoration: none; color: #FF9900; }
</style>
<div id="a1AssinaturaEmail"> <span style="font-size: 12px;"><b>Marcio
Merlone</b></span><br>
</div>
</div>
</body>
</html>