Proskurin Kirill
2008-Oct-16 09:09 UTC
[Dovecot] Multiple "mail" field in one LDAP account
Hello all!
#pkg_info | grep dovecot
dovecot-1.1.3_1
dovecot-managesieve-0.10.3
dovecot-sieve-1.1.5_1
Im trying to do this:
Im have a LDAP account with multiple "mail" field like this(many
strings
cuted):
dn: uid=k.proskurin,ou=Users,dc=Moscow,dc=CAS
uid: k.proskurin
userPassword: {CRYPT}$1$ETadxf6G$O2bNUQVSHxksUp08V/iY2.
mail: sysadmin at domain.off
mail: proskurin-kv at domain.off
My dovecot user "mail" as login:
user_filter = (&(objectClass=mailUser)(mail=%u))
pass_attrs = mail=user,userPassword=password
pass_filter = (&(objectClass=mailUser)(mail=%u))
All seems work well before im add second mail field in account.
In logs in see this:
----
Info: auth(default): client in: AUTH 1 PLAIN service=imap
secured lip=172.16.1.19 rip=172.16.1.19 lport=143 rport=64575
resp=<hidden>
Info: auth(default): ldap(proskurin-kv at domain.off,172.16.1.19): pass
search: base=dc=CAS scope=subtree
filter=(&(objectClass=mailUser)(mail=proskurin-kv at domain.off))
fields=mail,userPassword
Info: auth(default): auth(proskurin-kv at domain.off,172.16.1.19): username
changed proskurin-kv at domain.off -> sysadmin at domain.off
Info: auth(default): auth(sysadmin at domain.off,172.16.1.19): username
changed sysadmin at domain.off -> proskurin-kv at domain.off
Info: auth(default): ldap(proskurin-kv at domain.off,172.16.1.19): result:
userPassword(password)=<hidden>
mail(user)=sysadmin at domain.off/proskurin-kv at domain.off
Info: auth(default): client out: OK 1 user=proskurin-kv at domain.off
Info: auth(default): master in: REQUEST 8 38582 1
Info: auth(default): master out: USER 8 proskurin-kv at domain.off
uid=1002 gid=1002
home=/var/spool/dovecot/domains/domain.off/proskurin-kv
Info: imap-login: Login: user=<proskurin-kv at domain.off>, method=PLAIN,
rip=172.16.1.19, lip=172.16.1.19, secured
And in my Thunderbird then im log by sysadmin at domain.off in see
proskurin-kv at domain.off mail.
----
Oh - what is happening? Why it is jump from one to another?
They have differnent login and same password. If it is possible to make
this work well?
--
Best regards,
Proskurin Kirill
On Oct 16, 2008, at 12:09 PM, Proskurin Kirill wrote:> pass_attrs = mail=user,userPassword=passwordYou could remove the mail=user here and instead set auth_username_format=%Lu to make sure the username is lowercased.> Info: auth(default): auth(proskurin-kv at domain.off,172.16.1.19): > username changed proskurin-kv at domain.off -> sysadmin at domain.offDovecot sees the first mail field and changes the username.> Info: auth(default): auth(sysadmin at domain.off,172.16.1.19): username > changed sysadmin at domain.off -> proskurin-kv at domain.offDovecot sees the second mail field and changes the username again. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20081016/6cbb5610/attachment-0002.bin>
Proskurin Kirill
2008-Oct-16 10:18 UTC
[Dovecot] Multiple "mail" field in one LDAP account
Timo Sirainen wrote:> On Oct 16, 2008, at 12:09 PM, Proskurin Kirill wrote: > >> pass_attrs = mail=user,userPassword=password > > You could remove the mail=user here and instead set > auth_username_format=%Lu to make sure the username is lowercased.Thanks Timo - seems this work! But now im don`t really understand how he lookup user name in LDAP now. Thunder bird send credentials: login: sysadmin at domain.off pass: 123 Dovecot makes LDAP lookup and search user with such pass in userPassword and such login in were? Info: auth(default): ldap(sysadmin at domain.off,172.16.1.80): pass search: base=dc=CAS scope=subtree filter=(&(objectClass=mailUser)(mail=sysadmin at domain.off)) fields=userPassword Info: auth(default): ldap(sysadmin at domain.off,172.16.1.80): result: userPassword(password)=<hidden> Info: auth(default): client out: OK 1 user=sysadmin at domain.off -- Best regards, Proskurin Kirill
Proskurin Kirill
2008-Oct-17 06:08 UTC
[Dovecot] Multiple "mail" field in one LDAP account
Yes I understand - it must be a stupid question but could some one explain it to me? Im aware of problems what lack of understanding may give. Proskurin Kirill wrote:> Timo Sirainen wrote: >> On Oct 16, 2008, at 12:09 PM, Proskurin Kirill wrote: >> >>> pass_attrs = mail=user,userPassword=password >> >> You could remove the mail=user here and instead set >> auth_username_format=%Lu to make sure the username is lowercased. > > Thanks Timo - seems this work! > But now im don`t really understand how he lookup user name in LDAP now. > > Thunderbird send credentials: > login: sysadmin at domain.off > pass: 123 > > Dovecot makes LDAP lookup and search user with such pass in userPassword > and such login in were? > > Info: auth(default): ldap(sysadmin at domain.off,172.16.1.80): pass search: > base=dc=CAS scope=subtree > filter=(&(objectClass=mailUser)(mail=sysadmin at domain.off)) > fields=userPassword > > Info: auth(default): ldap(sysadmin at domain.off,172.16.1.80): result: > userPassword(password)=<hidden> > > Info: auth(default): client out: OK 1 user=sysadmin at domain.off >-- Best regards, Proskurin Kirill