On 2015-08-11 10:08 AM, Rowland Penny wrote:
On 10/08/15 20:38, Gerald Brandt wrote:
Hi Rowland,
I changed dovecots ldap file to the following:
# cat /etc/dovecot/dovecot-ldap.conf.ext
hosts = 127.0.0.1:389
dn = cn=administrator,cn=Users,dc=erlphase,dc=com
dnpass = xxxx
base = cn=Users,dc=erlphase,dc=com
auth_bind = yes
pass_filter = (samaccountname=%n)
user_filter = (samaccountname=%n)
user_attrs = cn=home=/var/spool/dovecot/%$
And I can now log in via IMAP and Web nicely. However, sending email
locally has issues. If I send to g...@erlphase.com, I see the
following in the logs:
Aug 10 14:33:01 pdc postfix/cleanup[2138]: 4422DE10FF:
message-id=<654-55c8fc80-3-57a4d200@35647971>
Aug 10 14:33:01 pdc postfix/qmgr[1236]: 4422DE10FF:
from=<g...@erlphase.com>, size=502, nrcpt=2 (queue active)
Aug 10 14:33:01 pdc postfix/smtpd[2036]: disconnect from
localhost[127.0.0.1]
Aug 10 14:33:01 pdc dovecot: lmtp(2145): Connect from 127.0.0.1
Aug 10 14:33:01 pdc dovecot: auth:
ldap(bra...@erlphase.com,127.0.0.1): unknown user
Aug 10 14:33:01 pdc dovecot: lmtp(2146): Connect from 127.0.0.1
Aug 10 14:33:01 pdc dovecot: auth:
ldap(ger...@erlphase.com,127.0.0.1): unknown user
Aug 10 14:33:01 pdc postfix/lmtp[2143]: 4422DE10FF:
to=<bra...@erlphase.com>, orig_to=<g...@erlphase.com>,
relay=127.0.0.1[127.0.0.1]:24, delay=0.13,
delays=0.09/0.02/0.01/0.01, dsn=5.1.1, status=bounced (host
127.0.0.1[127.0.0.1] said: 550 5.1.1 <bra...@erlphase.com> User
doesn't exist: bra...@erlphase.com (in reply to RCPT TO command))
It takes the user 'gbr' and tries to send to firstname (Gerald) and
lastname (Brandt) as separate users.
Gerald
On 2015-07-25 03:12 AM, Rowland Penny wrote:
On 24/07/15 23:03, Gerald Brandt wrote:
On 2015-07-24 03:44 PM, Rowland Penny wrote:
On 24/07/15 19:13, Gerald Brandt wrote:
On 2015-07-24 10:57 AM, Rowland Penny wrote:
On 24/07/15 16:17, Gerald Brandt wrote:
Hi,
I added two users to my SAMBA/SOGo/Openchange server via the
Windows tools from Windows 7. I then went to the Linux server
and ran opechnage_newuser -- create user.
When the user connects via Outlook (2003), they can send and
receive emails, calendar, etc.
When the user connects via IMAP, they can't login. Dovecot
can't find the user in LDAP.
When the user connects voa the SOGo web interface, login takes
awhile, and the user is presented with no email folders.
I added a user with samba-tool user add and the
openchange_newuser --create, and all three (Outlook, IMAP, and
web) work perfectly.
Should I file a bug report with Openchnage on this? With SOGo?
Thanks,
Gerald
Hi, can you post you dovecot ldap conf file (suitably sanitized
of course) also what version of samba4 you are using.
Rowland
Hi,
I'm using everything from the inverse repo. Dovecot authorizes
fine when I use samba-tool to add a user. Samba version is 4.1.18.
I use a script to build my Samba/SOGo/Openchange install. You
can see my script at http://majentis.com/?p=344 . It has every
config file I use.
Here's my dovecot.conf
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
postmaster_address=administra...@erlphase.com
# AUTH
disable_plaintext_auth = yes
auth_master_user_separator = *
auth_mechanisms = plain login
# master users
#passdb {
# driver = passwd-file
# master = yes
# args = /etc/dovecot/master-users
# Unless you're using PAM, you probably still want the
destination user to
# be looked up from passdb that it really exists. pass=yes does
that.
#pass = yes
#}
# ldap users
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
# trust on 127.0.0.1
passdb {
driver = static
args = nopassword=y allow_nets=127.0.0.1/32
}
# LOGGING
auth_verbose = yes
mail_debug = no
plugin {
# Events to log. Also available: flag_change append
#mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
# Available fields: uid, box, msgid, from, subject, size,
vsize, flags
# size and vsize are available only for expunge and copy events.
#mail_log_fields = uid box msgid size
}
# MAIL and NAMESPACES
mail_location = maildir:~/maildir
mail_uid = vmail
mail_gid = vmail
mail_plugins = acl quota
namespace {
type = private
separator = /
prefix =
inbox = yes
mailbox INBOX {
auto = create
}
}
namespace {
type = shared
separator = /
prefix = shared/%%u/
location = maildir:%%h/maildir:INDEX=~/maildir/shared/%%u
subscriptions = no
list = children
}
# MASTER
service imap-login {
inet_listener imap {
#port = 143
}
inet_listener imaps {
#port = 993
ssl = yes
}
# this is suboptimal since imap and imaps will also accept nopass
inet_listener imap-nopass {
port = 144
}
}
service pop3-login {
inet_listener pop3 {
#port = 110
}
inet_listener pop3s {
#port = 995
#ssl = yes
}
}
service lmtp {
unix_listener lmtp {
#mode = 0666
}
# Create inet listener only if you can't use the above UNIX socket
inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
address = 127.0.0.1
port = 24
}
}
service imap {
executable = imap postlogin
}
service auth {
# auth_socket_path points to this userdb socket by default.
It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Its
default
# permissions make it readable only by root, but you may need
to relax these
# permissions. Users that have access to this socket are able
to get a list
# of all usernames and get results of everyone's userdb lookups.
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
service postlogin {
executable = script-login -d rawlog
unix_listener postlogin {
}
}
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = yes
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
# LDA
quota_full_tempfail = yes
protocol lda {
# Space separated list of plugins to load (default is global
mail_plugins).
#mail_plugins = $mail_plugins
}
# PROTOCOLS
protocol imap {
mail_plugins = $mail_plugins autocreate imap_acl imap_quota
}
protocol lmtp {
mail_plugins = $mail_plugins sieve
}
service managesieve-login {
inet_listener sieve {
port = 4190
address = 127.0.0.1
}
}
service managesieve {
}
protocol sieve {
}
plugin {
acl = vfile
acl_shared_dict = file:/var/spool/dovecot/shared-mailboxes.db
quota_rule = *:storage=2G
quota_rule2 = Trash:storage=+100M
quota = dict:::file:%h/dovecot-quota
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
autocreate = Trash
autosubscribe = Trash
autocreate2 = Drafts
autosubscribe2 = Drafts
autocreate3 = Sent
}
and here's my dovecot ldap conf:
hosts = 127.0.0.1:389
dn = cn=administrator,cn=Users,dc=xxx,dc=com
dnpass = xxxx
base = cn=Users,dc=xxx,dc=com
auth_bind = yes
pass_filter = (cn=%n)
user_filter = (cn=%n)
user_attrs = cn=home=/var/spool/dovecot/%$
Gerald
Hmm, there doesn't seem to be anything really strange there, I
'might' have an idea, but to confirm it, can you post the exact
samba-tool command you are using to create users.
Rowland
Hi,
samba-tool user add test
openchange_newuser --create test
The above commands give me a user that has great access via
Outlook, IMAP, and web.
Gerald
OK, this is what I 'think' is happening, when you create a user on
windows, you enter the users first name, last name etc, with
samba-tool you are just supplying the username. So if you were
creating a user called 'Test User' on windows, you would end up with
the cn of 'Test User' whilst creating the same user with samba-tool,
you would end up with the cn of 'Test'. This is probably your
problem, you are using 'cn' in your dovecot ldap conf, so it is
looking for a 'cn' that may not exist in the format you think, try
changing 'cn' to 'samaccountname'
Rowland
Hi, are trying to do local and virtual mail deliver ?
I am a bit out of touch with postfix/dovecot, but this may point you
in the right direction:
http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP
It might help if could post your postfix main.cf
Rowland
I do a local delivery via IMAP or the web page. Basically sending mail
from me to me.
# cat main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate delayed mail warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
myhostname = pdc.erlphase.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, $myhostname, $mydomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.100.0/22
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_alias_maps = ldap:/etc/postfix/people.ldap
mailbox_transport = lmtp:127.0.0.1:24
# SASL Auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = $myorigin
broken_sasl_auth_clients = yes
--
users@sogo.nu
https://inverse.ca/sogo/lists