SunOS pop01.unix 5.10 Generic_118844-26 i86pc i386 i86pc
dovecot-1.0.beta3
It is most likely something I am doing wrong, but could someone take a look at
why I can not get LDAP prefetch to work?
If I define things like this:
dovecot.conf:
----------------------------------------------
passdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
userdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
----------------------------------------------
dovecot-ldap.conf:
----------------------------------------------
base = uid=%n, o=%d, ou=mail, dc=example, dc=com
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=posixAccount)(mail=%u))
pass_attrs = mail=user,userPassword=password,homeDirectory=userdb_home,uidNumber
=userdb_uid,gidNumber=userdb_gid
pass_filter = (&(objectClass=posixAccount)(mail=%u))
----------------------------------------------
This works correctly. Queries LDAP twice, but retrieves home, uid, gid and mail
correctly. Authenticates well.
If I replace the userdb line in dovecot.conf with:
----------------------------------------------
userdb prefetch {
}
----------------------------------------------
It does no longer work. The passdb query is still correct, and it is followed by
a second "empty" ldap query (as seen from snoop) with the following
errors:
Mar 20 15:58:06 pop01.unix dovecot: [ID 474965 mail.info] Dovecot v1.0.beta3
starting up
Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default):
prefetch(fred at uranus.com,172.20.12.12): userdb_uid not returned
Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default):
prefetch(fred at uranus.com,172.20.12.12): userdb_gid not returned
Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default):
userdb(fred at uranus.com,172.20.12.12): user not found from userdb
Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.info] pop3-login: Internal
login failure: user=<fred at uranus.com>, method=PLAIN, rip=172.20.12.12,
lip=172.20.12.8
Snoop of failing lookup:
LDAP: Operation *[APPL 3: Search Request]
LDAP: [Base Object]
LDAP: uid=fred, o=uranus.com, ou=mail,
LDAP: dc=example, dc=com
[snip]
LDAP: And *[0]
LDAP: Equality Match *[3]
LDAP: [Attr Descr]
LDAP: objectClass
LDAP: [Value]
LDAP: posixAccount
LDAP: *[3]
LDAP: [OctetString]
LDAP: mail
LDAP: [OctetString]
LDAP: fred at uranus.com
LDAP: *[Sequence]
LDAP: [OctetString]
LDAP: mail
LDAP: [OctetString]
LDAP: userPassword
LDAP: [OctetString]
LDAP: homeDirectory
LDAP: [OctetString]
LDAP: uidNumber
LDAP: [OctetString]
LDAP: gidNumber
[snip]
LDAP: Operation *[APPL 4: Search ResEntry]
LDAP: [Object Name]
LDAP: uid=fred,o=uranus.com,ou=mail,dc
LDAP: =example,dc=com
LDAP: *[Partial Attributes]
LDAP: *[Attribute]
LDAP: [Type]
LDAP: uidNumber
LDAP: *[Vals]
LDAP: [Value]
LDAP: 105
LDAP: *[Attribute]
LDAP: [Type]
LDAP: gidNumber
LDAP: *[Vals]
LDAP: [Value]
LDAP: 200
LDAP: *[Attribute]
LDAP: [Type]
LDAP: homeDirectory
LDAP: *[Vals]
LDAP: [Value]
LDAP: /export/nfs/mail/com/s/u/ur
LDAP: anus/fred/
LDAP: *[Attribute]
LDAP: [Type]
LDAP: userPassword
LDAP: *[Vals]
LDAP: [Value]
LDAP: {crypt}QAa3SPeYrDARs (its "test", no
leak fun here)
LDAP: *[Attribute]
LDAP: [Type]
LDAP: mail
LDAP: *[Vals]
LDAP: [Value]
LDAP: fred at uranus.com
[snip]
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
Please advice!
Lund
--
Jorgen Lundman | <lundman at lundman.net>
Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell)
Japan | +81 (0)3 -3375-1767 (home)
Thanks to a similar email, we discovered an userdb passwd definition still active, which would clear out the prefetch data. Having ONLY passwd for ldap, and userdb prefetch makes it work correctly. Lund Jorgen Lundman wrote:> > > SunOS pop01.unix 5.10 Generic_118844-26 i86pc i386 i86pc > dovecot-1.0.beta3 > > > It is most likely something I am doing wrong, but could someone take a > look at why I can not get LDAP prefetch to work? > > If I define things like this: > > dovecot.conf: > ---------------------------------------------- > passdb ldap { > args = /usr/local/etc/dovecot-ldap.conf > } > > userdb ldap { > args = /usr/local/etc/dovecot-ldap.conf > } > ---------------------------------------------- > > > > dovecot-ldap.conf: > ---------------------------------------------- > base = uid=%n, o=%d, ou=mail, dc=example, dc=com > user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid > user_filter = (&(objectClass=posixAccount)(mail=%u)) > pass_attrs = > mail=user,userPassword=password,homeDirectory=userdb_home,uidNumber > =userdb_uid,gidNumber=userdb_gid > pass_filter = (&(objectClass=posixAccount)(mail=%u)) > ---------------------------------------------- > > This works correctly. Queries LDAP twice, but retrieves home, uid, gid > and mail correctly. Authenticates well. > > > If I replace the userdb line in dovecot.conf with: > ---------------------------------------------- > userdb prefetch { > } > ---------------------------------------------- > > It does no longer work. The passdb query is still correct, and it is > followed by a second "empty" ldap query (as seen from snoop) with the > following errors: > > Mar 20 15:58:06 pop01.unix dovecot: [ID 474965 mail.info] Dovecot > v1.0.beta3 starting up > Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] > auth(default): prefetch(fred at uranus.com,172.20.12.12): userdb_uid not > returned > Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] > auth(default): prefetch(fred at uranus.com,172.20.12.12): userdb_gid not > returned > Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] > auth(default): userdb(fred at uranus.com,172.20.12.12): user not found from > userdb > Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.info] pop3-login: > Internal login failure: user=<fred at uranus.com>, method=PLAIN, > rip=172.20.12.12, lip=172.20.12.8 > > > Snoop of failing lookup: > > LDAP: Operation *[APPL 3: Search Request] > LDAP: [Base Object] > LDAP: uid=fred, o=uranus.com, ou=mail, > LDAP: dc=example, dc=com > [snip] > LDAP: And *[0] > LDAP: Equality Match *[3] > LDAP: [Attr Descr] > LDAP: objectClass > LDAP: [Value] > LDAP: posixAccount > LDAP: *[3] > LDAP: [OctetString] > LDAP: mail > LDAP: [OctetString] > LDAP: fred at uranus.com > LDAP: *[Sequence] > LDAP: [OctetString] > LDAP: mail > LDAP: [OctetString] > LDAP: userPassword > LDAP: [OctetString] > LDAP: homeDirectory > LDAP: [OctetString] > LDAP: uidNumber > LDAP: [OctetString] > LDAP: gidNumber > [snip] > LDAP: Operation *[APPL 4: Search ResEntry] > LDAP: [Object Name] > LDAP: uid=fred,o=uranus.com,ou=mail,dc > LDAP: =example,dc=com > LDAP: *[Partial Attributes] > LDAP: *[Attribute] > LDAP: [Type] > LDAP: uidNumber > LDAP: *[Vals] > LDAP: [Value] > LDAP: 105 > LDAP: *[Attribute] > LDAP: [Type] > LDAP: gidNumber > LDAP: *[Vals] > LDAP: [Value] > LDAP: 200 > LDAP: *[Attribute] > LDAP: [Type] > LDAP: homeDirectory > LDAP: *[Vals] > LDAP: [Value] > LDAP: /export/nfs/mail/com/s/u/ur > LDAP: anus/fred/ > LDAP: *[Attribute] > LDAP: [Type] > LDAP: userPassword > LDAP: *[Vals] > LDAP: [Value] > LDAP: {crypt}QAa3SPeYrDARs (its "test", no > leak fun here) > LDAP: *[Attribute] > LDAP: [Type] > LDAP: mail > LDAP: *[Vals] > LDAP: [Value] > LDAP: fred at uranus.com > [snip] > TCP: Destination port = 389 (LDAP) > LDAP: ----- LDAP: ----- > LDAP: > LDAP: "" > LDAP: > TCP: Destination port = 389 (LDAP) > LDAP: ----- LDAP: ----- > LDAP: > LDAP: "" > LDAP: > > Please advice! > > > Lund >-- Jorgen Lundman | <lundman at lundman.net> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home)