Hi again, I tried it again. This time, I could manage to get rid of the pam_authentication issue (see below). But I still get the invalid credential. I do not understand because based on the article I found at http:// wiki.dovecot.org/AuthDatabase/LDAP/AuthBinds, it does not authenticate by the use of password, unless I miss out on something. It's really frustrating because I feel like I'm that close but not quite there yet.
Sep 2 14:32:01 server1 dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=54128#011resp=AG1pa2VfbGVlAGRsaWUzMjA1 Sep 2 14:32:01 server1 dovecot: auth(default): ldap(mike_lee,127.0.0.1): invalid credentials (given password: secrets) Sep 2 14:32:01 server1 dovecot: auth(default): new auth connection: pid=4380 Sep 2 14:32:03 server1 dovecot: auth(default): client out: FAIL#0111#011user=mike_lee Sep 2 14:32:08 server1 dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<mike_lee>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Any help is greatly appreciated. Thanks ________________________________ From: Daminto Lie <dli...@yahoo.com.au> To: Timo Sirainen <t...@iki.fi> Cc: "dovecot@dovecot.org" <dovecot@dovecot.org> Sent: Thursday, 1 September 2011 4:07 PM Subject: Re: [Dovecot] dovecot imap permission denied Thanks Timo for your reply. It now works fine with Passdb LDAP with password lookups. Users can now login with no problem. However, when trying to do LDAP authentication with Authentication binds, I received the following errors from mail.log Sep 1 15:34:22 server1 dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=34719#011resp=AG1pa2VfbGVlAGRsaWUzMjA1 Sep 1 15:34:22 server1 dovecot: auth-worker(default): pam(mike_lee,127.0.0.1): lookup service=dovecot Sep 1 15:34:22 server1 dovecot: auth-worker(default): pam(mike_lee,127.0.0.1): #1/1 style=1 msg=Password: Sep 1 15:34:22 server1 dovecot: auth(default): new auth connection: pid=1947 Sep 1 15:34:24 server1 dovecot: auth-worker(default): pam(mike_lee,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: secrets) Sep 1 15:34:24 server1 dovecot: auth(default): passwd(mike_lee,127.0.0.1): lookup Sep 1 15:34:24 server1 dovecot: auth(default): passwd(mike_lee,127.0.0.1): unknown user Sep 1 15:34:24 server1 dovecot: auth(default): ldap(mike_lee,127.0.0.1): invalid credentials (given password: secrets) Sep 1 15:34:26 server1 dovecot: auth(default): client out: FAIL#0111#011user=mike_lee Sep 1 15:34:31 server1 dovecot: imap-login: Aborted login (auth failed, 1 attempts): user=<mike_lee>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured I do not understand why I am getting pam() authentication issue when I deliberately chose not to use it. The following is the setting I have in dovecot-ldap.conf hosts = localhost #uris = dn = uid=dovecot,ou=accounts,dc=companyexample,dc=com,dc=au dnpass = helloworld #sasl_bind = no #sasl_mech = #sasl_realm = #sasl_authz_id = #tls = no #tls_ca_cert_file = #tls_ca_cert_dir = #tls_cert_file = #tls_key_file = #tls_cipher_suite = #tls_require_cert = #ldaprc_path = #debug_level = 0 auth_bind = yes auth_bind_userdn = cn=%u,ou=accounts,dc=companyexample,dc=com,dc=au ldap_version = 3 base = ou=accounts,dc=companyexample,dc=com,dc=au deref = never scope = subtree user_attrs = homeDirectory=home user_filter = (&(objectClass=posixAccount)(uid=%u)) #pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) default_pass_scheme = PLAIN This is what I have in dovecot.conf base_dir = /var/run/dovecot protocols = imap protocol imap { listen = *:143 } # protocol pop3 { # listen = *:10100 # .. # } # protocol managesieve { # listen = *:12000 # .. # } #listen = * disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " #ssl_listen = ssl = no #ssl_cert_file = /etc/ssl/certs/dovecot.pem #ssl_key_file = /etc/ssl/private/dovecot.pem #ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem #ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key #ssl_key_password = #ssl_ca_file = #ssl_verify_client_cert = no #ssl_cert_username_field = commonName #ssl_parameters_regenerate = 168 #ssl_cipher_list = ALL:!LOW:!SSLv2 #verbose_ssl = no login_dir = /var/run/dovecot/login login_chroot = yes login_user = dovecot #login_process_size = 64 #login_process_per_connection = yes #login_processes_count = 3 #login_max_processes_count = 128 #login_max_connections = 256 #login_greeting = Dovecot ready. #login_trusted_networks = #login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c #login_log_format = %$: %s mail_location = maildir:/home/%u/Maildir mail_uid = 3000 mail_gid = 8 mail_privileged_group = mail #mail_access_groups = #mail_full_filesystem_access = no #mail_debug = no #mail_log_max_lines_per_sec = 10 #mmap_disable = no #dotlock_use_excl = yes #fsync_disable = no #mail_nfs_index = no #lock_method = fcntl #mail_drop_priv_before_exec = no verbose_proctitle = yes first_valid_uid = 3000 last_valid_uid = 3000 first_valid_gid = 8 last_valid_gid = 8 #max_mail_processes = 512 #mail_process_size = 256 #mail_max_keyword_length = 50 #valid_chroot_dirs = #mail_chroot = #mail_cache_min_mail_count = 0 #mailbox_idle_check_interval = 30 mail_save_crlf = no #maildir_stat_dirs = no maildir_copy_with_hardlinks = yes #maildir_copy_preserve_filename = no #maildir_very_dirty_syncs = no protocol imap { #login_executable = /usr/lib/dovecot/imap-login #mail_executable = /usr/lib/dovecot/imap #imap_max_line_length = 65536 #mail_max_userip_connections = 10 #mail_plugin_dir = /usr/lib/dovecot/modules/imap #imap_logout_format = bytes=%i/%o #imap_capability = #imap_idle_notify_interval = 120 #imap_id_send = #imap_id_log = imap_client_workarounds = outlook-idle delay-newmail netscape-eoh tb-extra-mailbox-sep oe6-fetch-no-newmail } protocol pop3 { pop3_uidl_format = %08Xu%08Xv } protocol managesieve { } #auth_executable = /usr/lib/dovecot/dovecot-auth #auth_process_size = 256 #auth_cache_size = 0 #auth_cache_ttl = 3600 #auth_cache_negative_ttl = 3600 #auth_realms = #auth_default_realm = #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ #auth_username_translation = #auth_username_format = #auth_master_user_separator = #auth_anonymous_username = anonymous auth_verbose = yes auth_debug = yes auth_debug_passwords = yes #auth_worker_max_count = 30 #auth_gssapi_hostname = #auth_krb5_keytab = #auth_use_winbind = no #auth_winbind_helper_path = /usr/bin/ntlm_auth #auth_failure_delay = 2 auth default { mechanisms = plain passdb pam { } passdb passwd { } passdb ldap { args = /etc/dovecot/dovecot-ldap.conf } userdb passwd { args = /etc/dovecot/dovecot-ldap-userdb.conf } userdb ldap { args = /etc/dovecot/dovecot-ldap.conf } user = root #user = dovecot-auth #chroot = #count = 1 #ssl_require_client_cert = no #ssl_username_from_cert = no socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } !include_try /etc/dovecot/auth.d/*.auth } plugin { } # Config files can also be included. deliver doesn't support them currently. #!include /etc/dovecot/conf.d/*.conf # Optional configurations, don't give an error if it's not found: !include_try /etc/dovecot/conf.d/*.conf #!include_try /etc/dovecot/extra.conf I wonder where I did it wrong. I did not set pam authentication. Any help would be appreciated. Thank you ________________________________ From: Timo Sirainen <t...@iki.fi> To: Daminto Lie <dli...@yahoo.com.au> Cc: "dovecot@dovecot.org" <dovecot@dovecot.org> Sent: Wednesday, 31 August 2011 4:52 PM Subject: Re: [Dovecot] dovecot imap permission denied On 31.8.2011, at 9.47, Daminto Lie wrote: > Thanks a lot Timo, > > Creating directories for new users is not an issue. It's the permission that > makes me headache. The error message you showed said that the user's home directory didn't exist, and the permission problem came only because it didn't exist and Dovecot tried to create it. > I tried the following > > sudo chmod o-r /home/$USER > sudo chmod g+rw /home/$USER > > It did not work until I did chmod 777 /home. Right, because only then did it have enough permissions to create the home dir. > Is it safe to make home directory with permission 777? No.