Re: [Dovecot] Dovecot + Windows AD + Postfix + quota

[Timo Sirainen]

On Thu, 2008-01-31 at 17:02 +0200, Timo Sirainen wrote:
> I guess I should make LDAP log clearly what it received from LDAP
> server though..

Actually it does that already. Only if the server returns no fields it
doesn't log anything. Fixes that now:
http://hg.dovecot.org/dovecot/rev/ace71babd1ec



signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Dovecot + Windows AD + Postfix + quota

[Timo Sirainen]

On Mon, 2008-01-28 at 00:52 +0100, Maciej Paczesny wrote:
> user_attrs = uidNumber=uid,gidNumber=gid,postOfficeBox=home,carLicense=quota

It appears none of these fields exists in LDAP:

> Jan 28 00:37:40 gentoo dovecot: auth(default): ldap(xxx,10.10.10.29):
> user search: base=dc=lpr,dc=com,dc=pl scope=subtree filter=(&(cn=xxx))
> fields=uidNumber,gidNumber,postOfficeBox,carLicense
> Jan 28 00:37:40 gentoo dovecot: auth(default): master out: USER 1   xxx

If any fields were returned, they would have been in this "master out"
line. I guess I should make LDAP log clearly what it received from LDAP
server though..



signature.asc
Description: This is a digitally signed message part

[Dovecot] Dovecot + Windows AD + Postfix + quota

[Maciej Paczesny]

Hello,

I'm almost sure that all topics and problems mentioned below were
separately posted to this list already. But after spending 4 days on
searching, I did'n find a compilation similar to my case. So maybe
some of you guys, are able to answer to help me solve this:

1. I'd like to use userdb and passdb of Dovetcot to work with Windows AD.
2. I have to use them both because I'd like to use LDA to serve for my Postfix.
3. I DO NOT want tou use any external programs (ie PAM) to talk to AD server.
4. I was able to make my system partially running - I CAN bind to AD
database, and confirm user/password.
5. I want to get follownig attributes: home directory (OK, I could put
it statically), uid/gid (OK, it could be static too) and MAIL QUOTA
(my users have different values - no 'statics').

To help you on this subject, here are my configs/data:
OS =>
Gentoo Linux

uname -a =>
2.6.15-gentoo-r7 #1 SMP PREEMPT Tue Mar 21 18:08:57 CET 2006 i686
Intel(R) Xeon(TM) CPU 2.40GHz GenuineIntel GNU/Linux

dovecot --version =>
1.1.beta14

dovecot -n =>
protocols: imaps
ssl_listen: *:993
ssl_cert_file: /etc/ssl/dovecot/newcert.pem
ssl_key_file: /etc/ssl/dovecot/newkey.pem
ssl_parameters_regenerate: 0
ssl_cipher_list: ALL:!LOW:!SSLv2
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/imap-login
verbose_proctitle: yes
mail_uid: 5000
mail_gid: 5000
mail_location: maildir:~/.Maildir/
mail_debug: yes
mail_executable: /usr/libexec/dovecot/var
mail_plugins: quota imap_quota
auth default:
  mechanisms: login plain
  username_format: %Lu
  verbose: yes
  debug: yes
  debug_passwords: yes
  passdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
  userdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
  socket:
type: listen
client:
  path: /var/spool/postfix/private/auth
  mode: 438
  user: postfix
  group: postfix
master:
  path: /var/run/dovecot/auth-master
  mode: 384
  user: vmail
  group: vmail
plugin:
  quota: maildir:storage=1024000:ignore=Trash
  sieve: /var/vmail/lpr/%u/.Maildir/.dovecot.sieve

 grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf
hosts = 10.10.10.8:3268
uris = ldap://10.10.10.8:3268
dn = lpr\Administrator
dnpass = ***
auth_bind = yes
auth_bind_userdn = lpr\%u
base = dc=lpr,dc=com,dc=pl
ldap_version = 3
user_attrs = uidNumber=uid,gidNumber=gid,postOfficeBox=home,carLicense=quota
user_filter = (&(cn=%u))
pass_attrs = cn=user,userPasword=password
pass_filter = (&(cn=%u))

Windows AD =>
Windows 2003 R2 PL

---
Logs:

Jan 28 00:37:40 gentoo dovecot: auth(default): client in: AUTH  1
 PLAIN   service=imapsecured lip=10.10.10.2  rip=10.10.10.29
Jan 28 00:37:40 gentoo dovecot: auth(default): client out: CONT 1
Jan 28 00:37:40 gentoo dovecot: auth(default): client in: CONT  1
 AG1wYWN6ZXNueQBOZGYxNjEzODI=
Jan 28 00:37:40 gentoo dovecot: auth(default): client out: OK   1   user=xxx
Jan 28 00:37:40 gentoo dovecot: auth(default): master in: REQUEST
 1   16026   1
Jan 28 00:37:40 gentoo dovecot: auth(default): ldap(xxx,10.10.10.29):
user search: base=dc=lpr,dc=com,dc=pl scope=subtree filter=(&(cn=xxx))
fields=uidNumber,gidNumber,postOfficeBox,carLicense
Jan 28 00:37:40 gentoo dovecot: auth(default): master out: USER 1   xxx
Jan 28 00:37:40 gentoo dovecot: imap-login: Login: user=,
method=PLAIN, rip=10.10.10.29, lip=10.10.10.2, TLS
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Loading modules from
directory: /usr/lib/dovecot/imap
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Module loaded:
/usr/lib/dovecot/imap/lib10_quota_plugin.so
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Module loaded:
/usr/lib/dovecot/imap/lib11_imap_quota_plugin.so
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Effective uid=5000, gid=5000, home=
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Quota root:
name=storage=1024000 backend=maildir args=ignore=Trash

Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): Namespace: type=private,
prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes,
subscriptions=yes
Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): maildir:
data=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir/
Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): maildir++:
root=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir, index=,
control=, inbox=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir
Jan 28 00:37:41 gentoo dovecot: IMAP(xxx):
mkdir(/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir/cur)
failed: Permission denied



the second case is that i receive following errors in log file:
Jan 28 00:47:31 gentoo dovecot: auth(default): client in: AUTH  1
 PLAIN   service=imapsecured lip=10.10.10.2  rip=10.10.10.29
Jan 28 00:47:31 gentoo dovecot: auth(default): client out: CONT 1
Jan 28 00:47:31 gentoo dovecot: auth(default): client in: CONT  1
 AG1wYCN6ZXNuew9OZGYxxAEzODIe=
Jan 28 00:47:31 gentoo dovecot: auth(default): client out: OK   1   user=xxx
Jan 28 00:47:31 gentoo dovecot: auth(defau