On Tue, 06 Mar 2007 16:55:25 +0200
Timo Sirainen <tss at iki.fi> wrote:
> On Thu, 2007-03-01 at 22:02 +0100, Alexej Davidov wrote:
> > Hola!
> >
> > Dovecot should serve virtual mail users. So I've set
user_global_uid
> > and user_global_gid in dovecot_ldap.conf to vmail/vmail. Also I've
> > commented auth the user_attrs field. Still Dovecot tries to switch
> > to the uid that is defined in the LDAP entry.
> >
> > It took me some time to figure out, that the only way to prevent
> > this is to set
> > user_attrs = foo=uid,bar=gid
> > or something like this, so Dovecot doesn't have a chance to find
the
> > uid/gid. Still it will perform some LDAP lookups.
> >
> > In my oppinion, Dovecot shouldn't try to get the uid/gid from LDAP
> > if the user_attrs field is undefined.
>
> Commenting out user_attrs is the same as setting it to the default
> value. Setting "user_attrs =" should have worked. However if you
don't
> want userdb LDAP lookup at all, use userdb static instead.
I want to use ldap for authorization. The entries just happen to
contain a uid field, which should not be used for file access, though.
Setting "user_attrs =" did not work. Dovecot still looked up the uid
from ldap. I always got:
Mar 1 21:31:54 myhost dovecot: imap-login: Login:
user=<foo at bar.net>, method=PLAIN, rip=xxx.xxx.xxx.xxx,
lip=xxx.xxx.xxx.xxx, TLS
Mar 1 21:31:54 myhost dovecot: IMAP(foo at bar.net):
stat(/var/vmail/foo/cur) failed: Permission denied
I tried again with "user_attrs =" and strange enough the error is now
different:
Mar 6 19:11:52 myhost dovecot: imap-login: Internal login failure:
user=<foo at bar.net>, method=PLAIN, rip=xxx.xxx.xxx.xxx,
lip=xxx.xxx.xxx.xxx, TLS
Mar 6 19:11:52 myhost dovecot: child 9966 (auth) killed with signal 11
After setting user_attrs back to "foo=uid,bar=gid" everything works
again.
A.