ACL File
I'm getting inconsistent behavior from my acl file. I have an acl vfile
configured with this:
Jobs$* anyone lrwikst
$* user=bob.wooldri...@edm-inc.com lrwstipekxa
$* user=michael.u...@edm-inc.com lrwstipekxa
Jobs$* user=bob.wooldri...@edm-inc.com lrwstipekxa
Jobs$* user=michael.u...@edm-inc.com lrwstipekxa
The Jobs folder is a public shared folder. I want just the two users to
be able to have complete control of anything in the shared Jobs folder.
Currently, user bob is able to move folders to sub folders but user
michael is sometimes able to move folders but mostly not. I am using
Thunderbird as the mail client. Sometimes I can restart Thunderbird and
it will allow one operation but subsequent operations error out with
Thunderbird saying the user does not have permissions.
Here's my doveconf -n:
# 2.2.30.1 (eebd877): /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-0.bpo.4-amd64 x86_64 Debian 7.11
auth_cache_size = 8 k
auth_debug = yes
first_valid_gid = 89
first_valid_uid = 89
last_valid_gid = 89
last_valid_uid = 89
listen = *
log_path = /dev/stderr
login_greeting = IMAP service for edm-inc.com clients.
mail_location = maildir:~/Maildir
mail_plugins = " listescape acl"
namespace {
inbox = yes
location =
prefix =
separator = $
type = private
}
namespace {
location = maildir:/home/vpopmail/domains/edm-inc.com/public
prefix = Jobs$
separator = $
subscriptions = no
type = public
}
passdb {
args = cache_key=%u%s
driver = vpopmail
}
plugin {
acl = vfile:/usr/local/etc/dovecot/acls:cache_secs=300
}
protocols = imap
service auth {
user = root
vsz_limit = 64 M
}
service imap-login {
process_limit = 150
service_count = 1
}
ssl_cert =
--
*Bob Wooldridge*
Blog: http://kc0dxf.net/blog/
Re: Dovecot 2.2.30* compiling error
Andrey Jr. Melnikov wrote: > Mart Pirita wrote: >> Hello. >> I cant build 2.2.30*, but I can build fine version 2.2.29* with same >> options: >> RedHat based customized distro, 2.6.28.10 kernel > [...] > >> Build error: >> ltest_lib-test-bits.o: In function `bits_required64': >> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/bits.h:33: undefined >> reference to `__builtin_clzll' >> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/bits.h:33: undefined >> reference to `__builtin_clzll' >> test_lib-test-bits.o: In function `test_bits_requiredXX': >> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/test-bits.c:74: undefined >> reference to `__builtin_clzll' >> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/test-bits.c:74: undefined >> reference to `__builtin_clzll' >> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/test-bits.c:74: undefined >> reference to `__builtin_clzll' >> ./.libs/liblib.a(numpack.o): In function `numpack_decode': >> /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/numpack.c:43: undefined >> reference to `__builtin_clz' >> collect2: ld returned 1 exit status >> Please advise? > Time to upgrade ancient GCC? Well, I know it's old, but I didn't notice in changelog that something special new was added, so maybe this is somekind of bug?
Re: Dovecot 2.2.30* compiling error
Mart Pirita wrote: > Hello. > I cant build 2.2.30*, but I can build fine version 2.2.29* with same > options: > RedHat based customized distro, 2.6.28.10 kernel [...] > Build error: > ltest_lib-test-bits.o: In function `bits_required64': > /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/bits.h:33: undefined > reference to `__builtin_clzll' > /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/bits.h:33: undefined > reference to `__builtin_clzll' > test_lib-test-bits.o: In function `test_bits_requiredXX': > /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/test-bits.c:74: undefined > reference to `__builtin_clzll' > /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/test-bits.c:74: undefined > reference to `__builtin_clzll' > /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/test-bits.c:74: undefined > reference to `__builtin_clzll' > ./.libs/liblib.a(numpack.o): In function `numpack_decode': > /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/numpack.c:43: undefined > reference to `__builtin_clz' > collect2: ld returned 1 exit status > Please advise? Time to upgrade ancient GCC?
SIG11/Auth/FreeBSD
I'm seeing lots of:
Jun 2 00:00:05 thebighonker exim[57437]: dovecot_login authenticator failed
for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM
IN) [52.40.16.7]:51339 I=[192.147.25.65]:465: 535 Incorrect authentication data
(set_id=web)
Jun 2 00:00:06 thebighonker exim[57439]: dovecot_login authenticator failed
for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM
IN) [52.40.16.7]:51363 I=[192.147.25.65]:465: 535 Incorrect authentication data
(set_id=web)
Jun 2 00:00:06 thebighonker exim[57438]: dovecot_login authenticator failed
for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM
IN) [52.40.16.7]:51355 I=[192.147.25.65]:465: 535 Incorrect authentication data
(set_id=web)
Jun 2 00:00:06 thebighonker exim[57443]: dovecot_login authenticator failed
for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM
IN) [52.40.16.7]:51385 I=[192.147.25.65]:465: 435 Unable to authenticate at
present: authentication socket read error or premature e
of
Jun 2 00:00:06 thebighonker exim[57442]: dovecot_login authenticator failed
for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM
IN) [52.40.16.7]:51368 I=[192.147.25.65]:465: 435 Unable to authenticate at
present: authentication socket read error or premature e
of
Jun 2 00:00:06 thebighonker exim[57441]: dovecot_login authenticator failed
for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM
IN) [52.40.16.7]:51361 I=[192.147.25.65]:465: 435 Unable to authenticate at
present: authentication socket read error or premature e
of
Jun 2 00:00:06 thebighonker exim[57440]: dovecot_login authenticator failed
for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM
IN) [52.40.16.7]:51362 I=[192.147.25.65]:465: 435 Unable to authenticate at
present: authentication socket read error or premature e
of
Jun 2 00:00:06 thebighonker dovecot: auth: Fatal: master: service(auth): child
55916 killed with signal 11 (core not dumped - set s
ervice auth { drop_priv_before_exec=yes })
The suggestion to drop_priv_before_exec=yes breaks auth totally.
doveconf -n:
# 2.2.30.1 (eebd877): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: FreeBSD 11.0-STABLE amd64
auth_default_realm = lerctr.org
auth_mechanisms = plain login
auth_realms = lerctr.org thebighonker.lerctr.org tbh.lerctr.org
auth_username_format = %Ln
default_vsz_limit = 1 G
deliver_log_format = msgid=%m: %$ (subject=%s from=%f size=%w)
lda_mailbox_autocreate = yes
listen = 192.147.25.65, ::
lmtp_save_to_detail_mailbox = yes
login_access_sockets = tcpwrap
mail_attribute_dict = file:%h/mail/.imap/dovecot-mail-attributes
mail_debug = yes
mail_location = mbox:~/mail:INBOX=~/mail/INBOX
mail_plugins = " fts fts_solr notify stats virtual"
mail_privileged_group = mail
mail_server_admin = mailto:l...@lerctr.org
mail_server_comment = LERCTR Mail Server
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext vacation-seconds editheader mboxmetadata
servermetadata imapsieve vnd.dovecot.imapsieve
namespace archive {
hidden = no
list = no
location = mbox:~/MAIL-ARCHIVE
prefix = ARCHIVE/
separator = /
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox INBOX {
auto = create
}
mailbox Junk {
special_use = \Junk
}
mailbox SA/FN {
special_use = \Junk
}
mailbox SENT {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
mailbox virtual/Flagged {
special_use = \Flagged
}
mailbox virtual/all {
special_use = \All
}
prefix =
}
namespace virtual {
hidden = no
list = yes
location = virtual:~/MAIL-VIRTUAL:INDEX=MEMORY
prefix = Virtual/
separator = /
}
passdb {
args = failure_show_msg=yes session=yes max_requests=20
driver = pam
}
plugin {
fts = solr
fts_autoindex = yes
fts_solr = url=http://thebighonker.lerctr.org:8983/solr/dovecot/
fts_tika = http://localhost:9998/tika/
imapsieve_url = sieve://thebighonker.lerctr.org
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
flag_change append
mail_log_fields = uid box msgid size from subject vsize flags
recipient_delimiter = +
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +editheader +vacation-seconds +mboxmetadata +servermetadata
sieve_plugins = sieve_imapsieve
stats_command_min_time = 1 mins
stats_domain_min_time = 12 hours
stats_ip_min_time = 12 hours
stats_memory_limit = 16 M
stats_refresh = 5s
stats_session_min_time = 15 mins
stats_track_cmds = yes
stats_user_min_time = 1 hours
}
protocols = imap pop3 lmtp sieve
service auth {
unix_listener auth-client {
mode = 0666
}
unix_listener auth
Re: Bug with 2.2.29-1~auto+25 back to haunt me
* Aki Tuomi :
> I meant
>
> passdb {
> driver = imap
> args = ... ssl_ca_file=/path/to/ca
> }
That doesn't work:
passdb {
driver = imap
# Change the line below to reflect the IP address of your Exchange Server.
args = host=exchange-imap.charite.de port=993 ssl=imaps
ssl_ca=https://www.charite.de
Re: updated to dove 2.30.1 and still the same error ....
> On June 2, 2017 at 4:44 PM dove...@jeffandjessi.com wrote: > > > > > Well.. updated to 2.30.1 hoping it would fix this mysterious seg fault > ... ,but nope ... > > auth: Fatal: master: service(auth): child 14502 killed with signal 11 > (core dumped) > > the core dump shows > > gdb) bt #0 0x7f7ff4a06bee in ?? () > > #1 0x7f7ff74a4f44 in io_loop_handle_remove () from > /usr/local/lib/dovecot/libdovecot.so.0 > > #2 0x7f7ff74a3765 in io_remove_full () from > /usr/local/lib/dovecot/libdovecot.so.0 > > #3 0x7f7ff7438b62 in master_service_deinit () from > /usr/local/lib/dovecot/libdovecot.so.0 > > #4 0x004307ef in main () > > no symbols are available as this is a pkg install so whats next? can you try https://lists.freebsd.org/pipermail/freebsd-ports/2009-November/057974.html to have debug symbols? Aki
updated to dove 2.30.1 and still the same error ....
Well.. updated to 2.30.1 hoping it would fix this mysterious seg fault ... ,but nope ... auth: Fatal: master: service(auth): child 14502 killed with signal 11 (core dumped) the core dump shows gdb) bt #0 0x7f7ff4a06bee in ?? () #1 0x7f7ff74a4f44 in io_loop_handle_remove () from /usr/local/lib/dovecot/libdovecot.so.0 #2 0x7f7ff74a3765 in io_remove_full () from /usr/local/lib/dovecot/libdovecot.so.0 #3 0x7f7ff7438b62 in master_service_deinit () from /usr/local/lib/dovecot/libdovecot.so.0 #4 0x004307ef in main () no symbols are available as this is a pkg install so whats next? time to dump dovecot after running it for 10 years? Can't believe no one else is seeing this the symtoms are dovecot starts up fine when a client connects, they authorize just fine and download email about a minute later the auth process crashes and the entire process starts over so how do you trouble shoot this ... it sounds like a coding issue some place anyone ?
Re: Two domains - same user names filter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2 Jun 2017, Sandbox wrote:
On Fri, 2 Jun 2017, Sandbox wrote:
I have two LDAP domains, which has some equal users, eg:
a...@domain1.com
a...@domain2.com
This works fine except one thing: i cant set up the ldap query to choose
the correct maildir if the user names are equal.
| Well the most problem is that you have two LDAP servers with different
content.
Unfortunately i cant do anything with this. :S
Is it possible to use a user_filter which will choose the correct maildir
and user/domain from the email address?
My current ldap.conf for domain1:
hosts = ldap.domain1.com
base = ou=People,dc=domain1,dc=com
ldap_version = 3
user_attrs = uid=user
user_filter = (uid=%n)
pass_attrs = uid=user,userPassword=password
pass_filter = (uid=%n)
default_pass_scheme = MD5
and for domain2:
hosts = ldap.domain2.com
base = ou=People,dc=domain2,dc=com
ldap_version = 3
user_attrs = \
=mail=maildir:/home/vmail/%{ldap:departmentNumber)/%n/Maildir
user_filter = (uid=%n)
pass_attrs = uid=%n,userPassword=password
pass_filter = (uid=%n)
default_pass_scheme = MD5
| you have one LDAP conf per domain and two userdb's, right?
Nop, I have two ldap.conf files, one for domain1 and one for domain2 and
two userdb setting in dovecot.conf for each ldap.conf files.
| Can you make use of ${domain} in one of the LDAP servers, is the domain
present in the user entries?
Uhm, what do you mean? "Can you make use of ${domain} in one of the LDAP
servers"?
Only the mail address and the departmentNumber contains the domain in the
user entries, to be clear, the first domain's (this is the "old" one) user
entries does not contain any departmentNumber data so those e-mails are
going to the current /home/vmail/user/maildir directory, the second domain
(which is the "new" one) contains the departmentnumber data, so those
emails are going to the /home/vmail/domain2.com/user/maildir directory.
The main problem that I have the same usernames in both domains, thats why
i cant use only one domain.
Actually i have one ldap server with two domains configured.
Just thinking about the problem, is that not possible to fill up a not used
LDAP record eg: labeledURI with the user's second e-mail address? So in the
ldap.conf i have to use a filter which can decide which e-mail address is
used -> where to store the mail.
Or, use two mail record.
Both requires e-mail address filtering where i have to use the domain part
as a decision parameterwhat do you think?
Then use
(&(uid=%n)(mail=*@%{domain}))
or something similar.
However, I don't know, whether %{domain} is populated in your config.
Did you checked out Aki's answer. If that works as described,
username_format would make it easier.
2017-06-02 10:13 GMT+02:00 Steffen Kaiser :
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEVAwUBWTFYqHz1H7kL/d9rAQJ41AgAmyu8Uw+BQCmSQ7PHlFUIh/YO8IQy10Sv
WzgorCAqtyL3KBU48tE1lUyQT58NV4QR7SGEbFxsSN1WQXzFTsc43kLfGvmk7/WQ
bAtvqZaw0uiiPrt2p69e4jfd7GR7NIgM8UP2IM74anmLRzx/uMTBH3MyufChb6gW
EDXjn/rTNlm0FaUYGL6JZuyQMZb8YubHVtl1BXMvdULXgewdmCv9UqodUBKVDlDG
f8RwUzAjTiITFINC+4RGBwJKVK8J4MxA4BUs9yZomMXd6384JYogCACmvuK4Je13
5BwTfxT97NER3LIxsLeTZPA6SHq89IlDS3HD/wqW5wMgDzp+BWlOiQ==
=mipf
-END PGP SIGNATURE-
Dovecot 2.2.30* compiling error
Hello. I cant build 2.2.30*, but I can build fine version 2.2.29* with same options: RedHat based customized distro, 2.6.28.10 kernel Build options: export CPPFLAGS export LDFLAGS CPPFLAGS=-I/usr/local/ssl/include LDFLAGS=-L/usr/local/ssl/lib ./configure \ --prefix=/usr \ --with-ssl=openssl \ --with-ssldir=/etc/ssl \ --sysconfdir=/etc \ --without-vpopmail \ --with-pam \ --without-bsdauth \ --without-sql \ --without-nss \ --without-ldap \ --without-pgsql \ --without-mysql \ --without-sqlite \ --with-rundir=/var/run/dovecot\ --without-deliver \ --without-gssapi Build error: ltest_lib-test-bits.o: In function `bits_required64': /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/bits.h:33: undefined reference to `__builtin_clzll' /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/bits.h:33: undefined reference to `__builtin_clzll' test_lib-test-bits.o: In function `test_bits_requiredXX': /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/test-bits.c:74: undefined reference to `__builtin_clzll' /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/test-bits.c:74: undefined reference to `__builtin_clzll' /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/test-bits.c:74: undefined reference to `__builtin_clzll' ./.libs/liblib.a(numpack.o): In function `numpack_decode': /usr/src/redhat/BUILD/dovecot-2.2.30/src/lib/numpack.c:43: undefined reference to `__builtin_clz' collect2: ld returned 1 exit status Please advise? -- Mart
Re: Two domains - same user names filter
Hi,
On Fri, 2 Jun 2017, Sandbox wrote:
I have two LDAP domains, which has some equal users, eg:
>
> a...@domain1.com
> a...@domain2.com
>
> This works fine except one thing: i cant set up the ldap query to choose
> the correct maildir if the user names are equal.
>
| Well the most problem is that you have two LDAP servers with different
content.
Unfortunately i cant do anything with this. :S
Is it possible to use a user_filter which will choose the correct maildir
> and user/domain from the email address?
>
> My current ldap.conf for domain1:
>
> hosts = ldap.domain1.com
> base = ou=People,dc=domain1,dc=com
> ldap_version = 3
> user_attrs = uid=user
> user_filter = (uid=%n)
> pass_attrs = uid=user,userPassword=password
> pass_filter = (uid=%n)
> default_pass_scheme = MD5
>
> and for domain2:
> hosts = ldap.domain2.com
> base = ou=People,dc=domain2,dc=com
> ldap_version = 3
> user_attrs = \
>=mail=maildir:/home/vmail/%{ldap:departmentNumber)/%n/Maildir
> user_filter = (uid=%n)
> pass_attrs = uid=%n,userPassword=password
> pass_filter = (uid=%n)
> default_pass_scheme = MD5
>
| you have one LDAP conf per domain and two userdb's, right?
Nop, I have two ldap.conf files, one for domain1 and one for domain2 and
two userdb setting in dovecot.conf for each ldap.conf files.
| Can you make use of ${domain} in one of the LDAP servers, is the domain
present in the user entries?
Uhm, what do you mean? "Can you make use of ${domain} in one of the LDAP
servers"?
Only the mail address and the departmentNumber contains the domain in the
user entries, to be clear, the first domain's (this is the "old" one) user
entries does not contain any departmentNumber data so those e-mails are
going to the current /home/vmail/user/maildir directory, the second domain
(which is the "new" one) contains the departmentnumber data, so those
emails are going to the /home/vmail/domain2.com/user/maildir directory.
The main problem that I have the same usernames in both domains, thats why
i cant use only one domain.
Actually i have one ldap server with two domains configured.
Just thinking about the problem, is that not possible to fill up a not used
LDAP record eg: labeledURI with the user's second e-mail address? So in the
ldap.conf i have to use a filter which can decide which e-mail address is
used -> where to store the mail.
Or, use two mail record.
Both requires e-mail address filtering where i have to use the domain part
as a decision parameterwhat do you think?
Robert
2017-06-02 10:13 GMT+02:00 Steffen Kaiser :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Fri, 2 Jun 2017, Sandbox wrote:
>
> I have two LDAP domains, which has some equal users, eg:
>>
>> a...@domain1.com
>> a...@domain2.com
>>
>> This works fine except one thing: i cant set up the ldap query to choose
>> the correct maildir if the user names are equal.
>>
>
> Well the most problem is that you have two LDAP servers with different
> content.
>
> Is it possible to use a user_filter which will choose the correct maildir
>> and user/domain from the email address?
>>
>> My current ldap.conf for domain1:
>>
>> hosts = ldap.domain1.com
>> base = ou=People,dc=domain1,dc=com
>> ldap_version = 3
>> user_attrs = uid=user
>> user_filter = (uid=%n)
>> pass_attrs = uid=user,userPassword=password
>> pass_filter = (uid=%n)
>> default_pass_scheme = MD5
>>
>> and for domain2:
>> hosts = ldap.domain2.com
>> base = ou=People,dc=domain2,dc=com
>> ldap_version = 3
>> user_attrs = \
>>=mail=maildir:/home/vmail/%{ldap:departmentNumber)/%n/Maildir
>> user_filter = (uid=%n)
>> pass_attrs = uid=%n,userPassword=password
>> pass_filter = (uid=%n)
>> default_pass_scheme = MD5
>>
>
> you have one LDAP conf per domain and two userdb's, right?
>
> Can you make use of ${domain} in one of the LDAP servers, is the domain
> present in the user entries?
>
> - -- Steffen Kaiser
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
>
> iQEVAwUBWTEeOXz1H7kL/d9rAQKgKAf+NgTeS/4p/BPFwiP7pFXvn1K0cNRvBLcA
> n6sDHQPebxnVxotRPomblaXoHVpYHPY9PlADQ6tF0g0ZjVuXeYdQuF5Yxy8pJgKb
> Wyy12H2kLOCbN4rbFEGJqxL9301mMQLfgIRe4EbDi4BdXRjyBNvIYU+6M2BYXHTx
> VNTXcsql18tmjJufN5/7XeVFpd3LVC4o6v2W99N88JLi2GJjpPVYGiyMrRmdGTOI
> XL75q8wg9Zoh6FKu+fdocDUpsFvxmraMChsagJScdHvG2pfMj26J87aJzHJ43zZe
> GhzI7fwCbuVWZ4mGyZNB4Age7MjO0yaeqCVR/M29dUPv3Xtl8Z7NCg==
> =qnQp
> -END PGP SIGNATURE-
>
Re: Two domains - same user names filter
> On June 2, 2017 at 11:13 AM Steffen Kaiser
> wrote:
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Fri, 2 Jun 2017, Sandbox wrote:
>
> > I have two LDAP domains, which has some equal users, eg:
> >
> > a...@domain1.com
> > a...@domain2.com
> >
> > This works fine except one thing: i cant set up the ldap query to choose
> > the correct maildir if the user names are equal.
>
> Well the most problem is that you have two LDAP servers with different
> content.
>
> > Is it possible to use a user_filter which will choose the correct maildir
> > and user/domain from the email address?
> >
> > My current ldap.conf for domain1:
> >
> > hosts = ldap.domain1.com
> > base = ou=People,dc=domain1,dc=com
> > ldap_version = 3
> > user_attrs = uid=user
> > user_filter = (uid=%n)
> > pass_attrs = uid=user,userPassword=password
> > pass_filter = (uid=%n)
> > default_pass_scheme = MD5
> >
> > and for domain2:
> > hosts = ldap.domain2.com
> > base = ou=People,dc=domain2,dc=com
> > ldap_version = 3
> > user_attrs = \
> >=mail=maildir:/home/vmail/%{ldap:departmentNumber)/%n/Maildir
> > user_filter = (uid=%n)
> > pass_attrs = uid=%n,userPassword=password
> > pass_filter = (uid=%n)
> > default_pass_scheme = MD5
>
> you have one LDAP conf per domain and two userdb's, right?
>
> Can you make use of ${domain} in one of the LDAP servers, is the domain
> present in the user entries?
>
> - --
> Steffen Kaiser
Dovecot 2.2.29+ has feature called username_filter for passdb blocks, which
lets you specify usernames the passdb block is to be used. This could simplify
your config somewhat. See https://wiki.dovecot.org/PasswordDatabase
Aki
Re: Two domains - same user names filter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 2 Jun 2017, Sandbox wrote:
I have two LDAP domains, which has some equal users, eg:
a...@domain1.com
a...@domain2.com
This works fine except one thing: i cant set up the ldap query to choose
the correct maildir if the user names are equal.
Well the most problem is that you have two LDAP servers with different
content.
Is it possible to use a user_filter which will choose the correct maildir
and user/domain from the email address?
My current ldap.conf for domain1:
hosts = ldap.domain1.com
base = ou=People,dc=domain1,dc=com
ldap_version = 3
user_attrs = uid=user
user_filter = (uid=%n)
pass_attrs = uid=user,userPassword=password
pass_filter = (uid=%n)
default_pass_scheme = MD5
and for domain2:
hosts = ldap.domain2.com
base = ou=People,dc=domain2,dc=com
ldap_version = 3
user_attrs = \
=mail=maildir:/home/vmail/%{ldap:departmentNumber)/%n/Maildir
user_filter = (uid=%n)
pass_attrs = uid=%n,userPassword=password
pass_filter = (uid=%n)
default_pass_scheme = MD5
you have one LDAP conf per domain and two userdb's, right?
Can you make use of ${domain} in one of the LDAP servers, is the domain
present in the user entries?
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEVAwUBWTEeOXz1H7kL/d9rAQKgKAf+NgTeS/4p/BPFwiP7pFXvn1K0cNRvBLcA
n6sDHQPebxnVxotRPomblaXoHVpYHPY9PlADQ6tF0g0ZjVuXeYdQuF5Yxy8pJgKb
Wyy12H2kLOCbN4rbFEGJqxL9301mMQLfgIRe4EbDi4BdXRjyBNvIYU+6M2BYXHTx
VNTXcsql18tmjJufN5/7XeVFpd3LVC4o6v2W99N88JLi2GJjpPVYGiyMrRmdGTOI
XL75q8wg9Zoh6FKu+fdocDUpsFvxmraMChsagJScdHvG2pfMj26J87aJzHJ43zZe
GhzI7fwCbuVWZ4mGyZNB4Age7MjO0yaeqCVR/M29dUPv3Xtl8Z7NCg==
=qnQp
-END PGP SIGNATURE-
Re: Bug with 2.2.29-1~auto+25 back to haunt me
> On June 1, 2017 at 1:42 PM Ralf Hildebrandt
> wrote:
>
>
> * Aki Tuomi :
>
> > > > So I added
> > > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt
> > > >
> > > > But alas:
> > > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in
> > > > /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by
> > > > ssl_ca = > > >
> > > > Gnarf! As you can see I do HAVE ssl_ca in my doveconf -n output!
> > > >
> > > > ssl_ca = > > >
> > > > So what gives?
> > >
> > > It seems to be similar to:
> > > https://www.dovecot.org/pipermail/dovecot/2017-March/107488.html
> > >
> > > "Can't verify remote server certs without trusted CAs (ssl_client_ca_*
> > > settings)"
> > >
> > > --
> > > Ralf Hildebrandt
> > > Geschäftsbereich IT | Abteilung Netzwerk
> > > Charité - Universitätsmedizin Berlin
> > > Campus Benjamin Franklin
> > > Hindenburgdamm 30 | D-12203 Berlin
> > > Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
> > > ralf.hildebra...@charite.de | https://www.charite.de
> > >
> >
> > Hi.
> >
> > passdb imap was changed to verify remote SSL cert by default (yeah, it
> > kinda didn't do this before). It requires a ssl_ca_file or ssl_ca_dir
> > setting in args. Or you can disable this behaviour with
> > allow_invalid_cert.
>
> I did specify "ssl_ca_file", but then dovecot said "ssl_ca_file has been
> replaced by ssl_ca = either!
>
> --
> Ralf Hildebrandt
I ment
passdb {
driver = imap
args = ... ssl_ca_file=/path/to/ca
}
Aki
Re: Problem with dsync backup
> On June 1, 2017 at 8:53 PM Sergio Belkin wrote: > > > Hi folks, > dsync(sergio.zuniga@example.local): Debug: imapc(mail.example.com:143): Authenticating as neth.stand for user sergio.zuniga@example.local dsync(sergio.zuniga@example.local): Error: imapc(mail.example.com:143): Authentication failed: AUTHENTICATE failed. Aki
