-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I had a problem in my test configuration, therefore I want to suggest to
improvements for logging:
1) mail_log - add mailbox of operation
dovecot: Mar 07 09:35:16 Info: IMAP(dvtest) [16829]: expunged: uid=886,
msgid=<xxxxxxxxxxxxxx.xxxxxxxxxxx at xxxxxxxx.xx-xxxx-xxxxx-xxxx.xx>
dovecot: Mar 07 09:35:16 Info: IMAP(dvtest) [16829]: expunged: uid=887,
msgid=<xxxxxxxxxxxx.xxxxx.xxxxxxxxx.xxxxxxxx at xx-xxxx-xxxxx-xxxx.xx>
Please add, from which folder the mail is deleted/expunged, because uid
is no unique throughout the mail storage and I do not find no tracking in
which mailbox the operation happens.
2) Login - add which passdb / userdb the data was gathered from
dovecot: Mar 07 09:34:03 Info: auth(default): ldap(dvtest,10.20.10.63):
bind search: base=dc=fh-bonn-rhein-sieg,dc=de
filter=(&(objectClass=fhMailAlias)(uid=dvtest))
dovecot: Mar 07 09:34:03 Info: auth(default): ldap(dvtest,10.20.10.63):
result: uidNumber(userdb_uid)=1012 gidNumber(userdb_gid)=102
homeDirectory(userdb_home)=/home/dvtest uid(userdb_user)=dvtest
mailLocationDovecot(userdb_mail)=maildir:/home/dvtestMAIL/MailDir:INDEX=/var/cache/dovecot/1012/index:CONTROL=/var/cache/dovecot/1012/index/control
dovecot: Mar 07 09:34:03 Info: auth(default): ldap(dvtest,10.20.10.63):
bind: dn=uid=dvtest,ou=staff,dc=fb02,dc=fh-bonn-rhein-sieg,dc=de
dovecot: Mar 07 09:34:03 Info: auth(default): ldap(dvtest,10.20.10.63):
invalid credentials
dovecot: Mar 07 09:34:03 Info: auth(default): client out: OK 1
user=dvtest
dovecot: Mar 07 09:34:03 Info: auth(default): master in: REQUEST 1
16810 1
dovecot: Mar 07 09:34:03 Info: auth(default):
prefetch(dvtest,10.20.10.63): passdb didn't return userdb entries
dovecot: Mar 07 09:34:03 Info: auth(default): ldap(dvtest,10.20.10.63):
user search: base=dc=fh-bonn-rhein-sieg,dc=de scope=subtree
filter=(&(objectClass=fhMailAlias)(uid=dvtest))
fields=homeDirectory,uidNumber,gidNumber,mailLocationDovecot,uid
dovecot: Mar 07 09:34:03 Info: auth(default): master out: USER 1
dvtest uid=1012 gid=102 home=/home/dvtest user=dvtest
mail=maildir:/home/dvtestMAIL/MailDir:INDEX=/var/cache/dovecot/1012/index:CONTROL=/var/cache/dovecot/1012/index/control
dovecot: Mar 07 09:34:03 Info: pop3-login: Login: 16810:, user=<dvtest>,
method=PLAIN, rip=10.20.10.63, lip=10.20.10.166
First I didn't realized any problem at all ;) and assumed LDAP bind
working.
Dovecot successfully reads the LDAP attributes for the user dvtest,
however, the LDAP bind fails with "invalid credentials", yet, dvtest
was
allowed to login.
The reason is simple:
When I was testing the LDAP bind stuff, I "commented out" the user
dvtest
in /etc/passwd, but not in "/etc/shadow" and intentionally used
another
password in LDAP. Dovecot is configured to consult userdb/passdb ldap,
first, then pam. In my case, the LDAP bind failed, so Dovecot fall back
to pam - just as configured.
I would like suggest to log wich passdb / userdb Dovecot gathered the
information from, because, at first, I interpreted the log file as if
Dovecot allows an user to login, who is not authentificated.
Bye,
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRe6N+y9SORjhbDpvAQJITQf6AmueszP73MBoG5mPRzB0mEzKC9jmY+gb
eepPjBZp7yqXnACt7hOjcI0ckLZpgmQd4TbwVmO1otJaaQa/UZvgy1pV7gXeMTVs
RZnAT7qiT7j+RB54yg1nT65/W9VmP3ymp41pi+qlWfC3qaVwsFk9hgarQC1FzF/w
tD92cT8vvLPzXXf22xO6bmeTW4xg6fsUWbC7BiL461qJTMXjHGZdMwU7jPbTrI3c
iYAel2jKAMaspgTpz/sEg3Yjka2tafinItnah8Q9HIQGixzUlV750NULx/jR8Cop
1ufFZSigkVRY25XpxESgCAaKQg3LsB7rnZOVyG/hA3KDmyh2+nu9Yw==WUyX
-----END PGP SIGNATURE-----