dovecot - Feb 2007 - Reading mail for Virtual and Real LDAP Users

I'm trying to setup a system with ldap+postfix+dovecot. Everyone who
gets an email is stored in LDAP, some of these users also have a local
unix account, regardless I want all users to be dealt with as virtual
users.

All the mail is stored by postfix in /var/spool/mail in Maildir format
with permissions 600 vmail:vmail. Everything works fine when dovecot
tries to read the mail of a completely virtual user, the problem is when
dovecot tries to read mail for a user who has an account on the machine,
dovecot finds the user's local account, then it tries to read the mail
as that user. Even if first_valid_{u,g}id is low enough to allow login
the user still doesn't have sufficient permissions to read the mail.

I can't figure out why this is happening and was hoping someone could
help me out.

thanks,
Aaron

/etc/dovecot-ldap.conf:

hosts = server.example.com
base = dc=example,dc=com
dn = cn=Directory Manager
dnpass = password
uris = ldap://127.0.0.1
user_attrs = mail
user_filter = uid=%u
user_global_uid = 5001
user_global_gid = 5001
pass_filter = uid=%u

/etc/dovecot.conf:

mail_location = maildir:/var/spool/mail/%u/
protocols = imap pop3
mail_log_prefix = "%Us(%u):%i:%h "
first_valid_uid = 5001
first_valid_gid = 5001
protocol imap {
}
protocol pop3 {
}
protocol lda {
  postmaster_address = postmaster at example.com
}
auth_verbose = yes
auth_debug = yes
auth default {
  mechanisms = plain
  passdb pam {
  }
  userdb passwd {
  }
  userdb ldap {
    args = /etc/dovecot-ldap.conf
  }
  passdb ldap {
    args = /etc/dovecot-ldap.conf
  }
  user = root
}
dict {
}
plugin {
}

On Tue, 20 Feb 2007 11:39:39 -0700
Aaron Luchko <aaron.luchko at oxn.ca> wrote:
> I'm trying to setup a system with ldap+postfix+dovecot. Everyone who
> gets an email is stored in LDAP, some of these users also have a local
> unix account, regardless I want all users to be dealt with as virtual
> users.
> 
> All the mail is stored by postfix in /var/spool/mail in Maildir format
> with permissions 600 vmail:vmail. Everything works fine when dovecot
> tries to read the mail of a completely virtual user, the problem is
> when dovecot tries to read mail for a user who has an account on the
> machine, dovecot finds the user's local account, then it tries to
> read the mail as that user. Even if first_valid_{u,g}id is low enough
> to allow login the user still doesn't have sufficient permissions to
> read the mail.
[snip]
> auth default {
>   mechanisms = plain
>   passdb pam {
>   }
>   userdb passwd {
>   }
>   userdb ldap {
>     args = /etc/dovecot-ldap.conf
>   }
>   passdb ldap {
>     args = /etc/dovecot-ldap.conf
>   }
>   user = root
> }
Comment out "passdb pam" and "userdb passwd".  These are
telling
dovecot to look for real system users.

-- 
Marshal Newrock, Ideal Solution LLC
http://www.idealso.com