The problem was in auth_bind=yes in dovecot-ldap.conf i didnt read thoroughly
the
http://wiki.dovecot.org/Authentication/MasterUsers?action=show&redirect=MasterPassword
You should also add the pass=yes setting to the master passdb if possible.
It means that Dovecot verifies that the login user really exists before
allowing the master user to log in. Without the setting if a non-existing
login username is given, depending on the configuration, it could either
return an internal login error (the userdb lookup failed) or create a whole
new user (with eg. static userdb). pass=yes doesn't work with PAM or LDAP
with auth_bind=yes, because both of them require knowing the user's
password.
Tom Mihalicek wrote:
>
> Greetings to all
>
> I need a masteruser/proxy account for some applications to be implemented
> and i am having some problems. Normal users are proxyied through
> ldap queries to the remote machine and this is working like it sopose to,
> but i can't make the master user to work. Below are both the dovecot.conf
> and dovecot-ldap.conf and verbose logs on the proxy machine.
>
> If i log directly on the remote machine that should be proxied everything
> is working normal ...
>
> ### dovecot.conf
>
> protocols = pop3 imap managesieve
>
> mail_uid = 10021
> mail_gid = 10021
> mail_privileged_group = vmail
> mail_access_groups = vmail
>
> log_path =
> info_log_path =
> log_timestamp = "%b %d %H:%M:%S "
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
> login_log_format = %$: %s
> mail_log_prefix = "%Us(%u): "
>
> disable_plaintext_auth = no
> login_process_per_connection=yes
> auth_default_realm = example.com
> login_processes_count = 8
> login_max_processes_count = 128
> login_max_connections = 256
> verbose_proctitle = yes
> max_mail_processes = 512
>
> mail_debug = yes
> auth_verbose = yes
> auth_debug = yes
> auth_debug_passwords = yes
>
> auth_master_user_separator = *
> login_chroot = yes
>
> ssl = no
> protocol imap {
> imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
> tb-extra-mailbox-sep
> listen = xx.xx.xx.xx:143
> imap_max_line_length = 65536
> imap_logout_format = bytes=%i/%o
> mail_max_userip_connections = 10
> }
>
> protocol pop3 {
> pop3_uidl_format = %08Xu%08Xv
> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> pop3_enable_last = yes
> pop3_uidl_format = %08Xu%08Xv
> listen = xx.xx.xx.xx:110
> mail_max_userip_connections = 10
> }
>
> protocol managesieve {
> listen = xx.xx.xx.xx:2000
> login_executable =
> /usr/local/dovecot/libexec/dovecot/managesieve-login
> mail_executable = /usr/local/dovecot/libexec/dovecot/managesieve
> managesieve_max_line_length = 65536
> managesieve_implementation_string = dovecot
> managesieve_logout_format = bytes ( in=%i : out=%o )
> }
>
> auth default {
> mechanisms = plain login
> user = vmail
>
> passdb passwd-file {
> args = /etc/dovecot/passwd.masterusers
> master = yes
> pass = yes
> }
>
> passdb ldap {
> args = /etc/dovecot/dovecot-ldap.conf
> }
>
> userdb ldap {
> args = /etc/dovecot/dovecot-ldap.conf
> }
>
> socket listen {
> master {
> path = /var/run/dovecot/auth-master
> mode = 0600
> user = vmail
> group = vmail
> }
> client {
> path = /var/spool/postfix/dovecot-auth
> mode = 0660
> user = postfix
> group = postfix
> }
> }
> }
>
> ### dovecot-ldap.conf
>
> hosts = ldap.example.com
> ldap_version = 3
> auth_bind = yes
> dn = cn=vmail,dc=example,dc=com
> dnpass = secret_pass
> base = ou=Users,domainName=%d,o=domains,dc=example,dc=com
> scope = subtree
> deref = never
> user_filter =
> (&(mail=%u)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls))
> user_attrs =
> storageBaseDirectory=home,mailHost=host,=proxy=yes,=nologin=yes,=nodelay=yes
> pass_filter =
> (&(mail=%u)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls))
> pass_attrs =
> userPassword=password,mailHost=host,=proxy=yes,=nologin=yes,=nodelay=yes
> default_pass_scheme = CRYPT
>
> ### /var/log/mail/dovecot.info
>
> Nov 30 14:26:59 dougie dovecot: auth(default): new auth connection:
> pid=5873
> Nov 30 14:27:28 dougie dovecot: auth(default): client in: AUTH 1
> PLAIN
> service=pop3 lip=xx.xx.xx.xx rip=192.168.22.222
> lport=110 rport=36639
> resp=AHRtaWhhbGljZWtAeG5ldC5sYW4qbWlncmF0aW9uQHhuZXQuaHIAbTFncjR0MTBu
> Nov 30 14:27:28 dougie dovecot: auth(default):
> passwd-file(migrat...@example.com,192.168.22.222,master): lookup:
> user=master_u...@example.com
> file=/etc/dovecot/passwd.masterusers
> Nov 30 14:27:28 dougie dovecot: auth(default):
> passdb(master_u...@example.com,192.168.22.222,master): Master user logging
> in as some_u...@example.com
> Nov 30 14:27:28 dougie dovecot: auth(default):
> ldap(some_u...@example.com,192.168.22.222): bind search:
> base=ou=Users,domainName=example.com,o=domains,dc=example,dc=com
> filter=(&(mail=some_u...@example.com)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=pop3))
> Nov 30 14:27:28 dougie dovecot: auth(default):
> ldap(some_u...@example.com,192.168.22.222): result:
> mailHost(host)=xx.xx.xx.xx
> Nov 30 14:27:28 dougie dovecot: auth(default):
> ldap(some_u...@example.com,192.168.22.222): invalid credentials (given
> password: master_password)
> Nov 30 14:27:28 dougie dovecot: auth(default): client out: FAIL 1
> user=some_u...@example.com authz nodelay host=xx.xx.xx.xx
> proxynologin pass=master_password master=master_u...@example.com
> Nov 30 14:27:28 dougie dovecot: pop3-login: Ignoring unknown passdb extra
> field: authz
>
>
>
--
View this message in context:
http://old.nabble.com/Dovecot-1.2.x-masteruser-proxy-problem-tp26574804p26576084.html
Sent from the Dovecot mailing list archive at Nabble.com.
