I have pretty much everything working fine.
I have run into one issue with the filters that I am unsure where this a filter
is being set.
Dovecot 2.2.32 (dfbe293d4)
I have setup dovecot-ldap.conf.ext to control my LDAP query's
My current layout used filters based on looking at the posixAccount attributes
user_filter = (&(objectClass=posixAccount)(uid=%u))
If I connect to a a ldap account that has no posixAccount attributes set I was
getting a failure in the logs
Nov 02 14:15:48 mail2 dovecot[28715]: auth: Debug:
ldap(sales,192.168.123.39,<fd5mpwVddrvAqHsn>): user search:
base=ou=People,dc=userful,dc=ca scope=subtree
filter=(&(objectClass=posixAccount)(uid=sales)) fields=mail,user_filter
Nov 02 14:15:48 mail2 dovecot[28715]: auth: Debug:
ldap(sales,192.168.123.39,<fd5mpwVddrvAqHsn>): no fields returned by the server
Nov 02 14:15:48 mail2 dovecot[28715]: auth:
ldap(sales,192.168.123.39,<fd5mpwVddrvAqHsn>): unknown user
Nov 02 14:15:48 mail2 dovecot[28715]: auth: Error:
ldap(sales,192.168.123.39,<fd5mpwVddrvAqHsn>): user not found from userdb
I changed the filters thinking I needed to look at the attributes seen by one
of these accounts, I used the apache studio to find out what was visible.
From that I saw inetOrgPerson could be used. So I changed the filters.
user_filter = (&(objectClass=inetOrgPerson)(uid=%u))
pass_filter = (&(objectClass=inetOrgPerson)(uid=%n))
iterate_filter = (objectClass=inetOrgPerson)
Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: client in: AUTH 1
PLAIN service=imap secured
session=Y0GBzgVdlorAqHsn lip=192.168.123.236
Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug:
ldap(sa...@userful.com,192.168.123.39,<Y0GBzgVdlorAqHsn>): bind search:
base=ou=People,dc=userful,dc=ca filter=(&(objectClass=inetOrgPerson)(uid=sales))
Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug:
ldap(sa...@userful.com,192.168.123.39,<Y0GBzgVdlorAqHsn>): result: uid=sales;
uid unused
Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug:
ldap(sa...@userful.com,192.168.123.39,<Y0GBzgVdlorAqHsn>): username changed
sa...@userful.com
-> sales
Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug:
ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): result: uid=sales
Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug:
ldap(sa...@userful.com,192.168.123.39,<Y0GBzgVdlorAqHsn>): username changed
sa...@userful.com -> sales
Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: client passdb out: OK
1 user=sales original_user=sa...@userful.com
so far so good but then I get
Nov 02 14:26:44 mail2 dovecot[29047]: auth: Debug: master in: REQUEST
3851550721 29049 1 519189df600c24c010b57158ac01c867
session_pid=29073 request_auth_token
Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug:
ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): user search:
base=ou=People,dc=userful,dc=ca
scope=subtree filter=(&(objectClass=posixAccount)(uid=sales))
fields=mail,user_filter
Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066): Debug:
ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): no fields returned by the server
Nov 02 14:26:44 mail2 dovecot[29047]: auth-worker(29066):
ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): unknown user
Nov 02 14:26:44 mail2 dovecot[29047]: auth: Error:
ldap(sales,192.168.123.39,<Y0GBzgVdlorAqHsn>): user not found from userdb
The question then is where did it get filter=(&(objectClass=posixAccount) from
since I changed the filters to inetOrgPerson
I grep the dovecot settings directory and all My filters are in the one file.
The file that hold the ldap settings