Aaron Luchko
2007-Mar-02 20:49 UTC
[Dovecot] Using auth_bind_userdn causes uid to be improper case
I'm having a problem with dovecot-1.0-1.1.rc15.fc6 + LDAP +
auth_bind_userdb.
I have the following /etc/dovecot.conf:
mail_location = maildir:/var/spool/mail/%u/
protocols = imap pop3
mail_log_prefix = "%Us(%u):%i:%h "
first_valid_uid = 5001
first_valid_gid = 5001
protocol imap {
}
protocol pop3 {
}
protocol lda {
postmaster_address = postmaster at example.com
}
auth_verbose = yes
auth_debug = yes
auth default {
mechanisms = plain
userdb ldap {
args = /etc/dovecot-ldap.conf
}
passdb ldap {
args = /etc/dovecot-ldap.conf
}
user = root
}
dict {
}
plugin {
}
and /etc/dovecot-ldap.conf:
hosts = driveable.example.com
base = dc=example,dc=com
#dn = cn=Directory Manager
#dnpass = password
auth_bind_userdn = uid=%u, ou=People, dc=example, dc=com
uris = ldap://127.0.0.1
user_attrs = mail
user_filter = uid=%u
user_global_uid = 5001
user_global_gid = 5001
pass_filter = uid=%u
The problem is that if we have an entry in LDAP, User Name, with the uid
UName, postfix stores the users mail in /var/spool/mail/UName
If I log into dovecot using uname (LDAP uid isn't case sensitive) than
dovecot tries to look in /var/spool/mail/uname, similarly if I log in
with unAME dovecot will look in /var/spool/unAME.
However, if instead of using
auth_bind_userdn = uid=%u, ou=People, dc=example, dc=com
I bind with
dn = cn=Directory Manager
dnpass = password
than it correctly looks in /var/spool/UName regardless of the case used
when logging in.
It seems like when I log in with auth_bind_userdn %u is being left as
the value I logged in with rather than being reloaded from LDAP. I was
wondering if I have made some mistake in the configuration files to
cause this behaviour or if something else is going on?
thanks,
Aaron
Charles Marcus
2007-Mar-02 21:01 UTC
[Dovecot] Using auth_bind_userdn causes uid to be improper case
Aaron Luchko wrote:> I'm having a problem with dovecot-1.0-1.1.rc15.fc6 + LDAP + > auth_bind_userdb.No offense to you Aaron, but I have been noticing this a lot lately... There have been numerous changes in dovecot in the last few weeks and months, all of which have been intended to fix numerous bugs for different things. It really doesn't make sense, under these conditions, to report bugs unless the bug report is against the LATEST VERSION. Please, update to rc24 and see if this fixes it... I'm sure Timo has his hands full getting the 1.0 release ready, and I think he would appreciate it if everyone would make sure that the latest version doesn't already fix their problem before reporting. Thanks, -- Best regards, Charles
Timo Sirainen
2007-Mar-02 21:27 UTC
[Dovecot] Using auth_bind_userdn causes uid to be improper case
On 2.3.2007, at 22.49, Aaron Luchko wrote:> It seems like when I log in with auth_bind_userdn %u is being left as > the value I logged in with rather than being reloaded from LDAP. I was > wondering if I have made some mistake in the configuration files to > cause this behaviour or if something else is going on?That's kind of the point of auth_bind_userdn. It avoids one LDAP lookup which would get the uid from LDAP. It might be possible to also do this later by adding uid=user in user_attrs, but I'm not sure about this. You could however use eg. %Lu in the auth_bind_userdn to make the username always lowercase. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20070302/e9836de5/attachment.bin>