Hello,
I'm almost sure that all topics and problems mentioned below were
separately posted to this list already. But after spending 4 days on
searching, I did'n find a compilation similar to my case. So maybe
some of you guys, are able to answer to help me solve this:
1. I'd like to use userdb and passdb of Dovetcot to work with Windows AD.
2. I have to use them both because I'd like to use LDA to serve for my
Postfix.
3. I DO NOT want tou use any external programs (ie PAM) to talk to AD server.
4. I was able to make my system partially running - I CAN bind to AD
database, and confirm user/password.
5. I want to get follownig attributes: home directory (OK, I could put
it statically), uid/gid (OK, it could be static too) and MAIL QUOTA
(my users have different values - no 'statics').
To help you on this subject, here are my configs/data:
OS =>
Gentoo Linux
uname -a =>
2.6.15-gentoo-r7 #1 SMP PREEMPT Tue Mar 21 18:08:57 CET 2006 i686
Intel(R) Xeon(TM) CPU 2.40GHz GenuineIntel GNU/Linux
dovecot --version =>
1.1.beta14
dovecot -n =>
protocols: imaps
ssl_listen: *:993
ssl_cert_file: /etc/ssl/dovecot/newcert.pem
ssl_key_file: /etc/ssl/dovecot/newkey.pem
ssl_parameters_regenerate: 0
ssl_cipher_list: ALL:!LOW:!SSLv2
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/imap-login
verbose_proctitle: yes
mail_uid: 5000
mail_gid: 5000
mail_location: maildir:~/.Maildir/
mail_debug: yes
mail_executable: /usr/libexec/dovecot/var
mail_plugins: quota imap_quota
auth default:
mechanisms: login plain
username_format: %Lu
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
userdb:
driver: ldap
args: /etc/dovecot/dovecot-ldap.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 438
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
plugin:
quota: maildir:storage=10240000000:ignore=Trash
sieve: /var/vmail/lpr/%u/.Maildir/.dovecot.sieve
grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf
hosts = 10.10.10.8:3268
uris = ldap://10.10.10.8:3268
dn = lpr\Administrator
dnpass = ***
auth_bind = yes
auth_bind_userdn = lpr\%u
base = dc=lpr,dc=com,dc=pl
ldap_version = 3
user_attrs = uidNumber=uid,gidNumber=gid,postOfficeBox=home,carLicense=quota
user_filter = (&(cn=%u))
pass_attrs = cn=user,userPasword=password
pass_filter = (&(cn=%u))
Windows AD =>
Windows 2003 R2 PL
-----------------------
Logs:
Jan 28 00:37:40 gentoo dovecot: auth(default): client in: AUTH 1
PLAIN service=imap secured lip=10.10.10.2 rip=10.10.10.29
Jan 28 00:37:40 gentoo dovecot: auth(default): client out: CONT 1
Jan 28 00:37:40 gentoo dovecot: auth(default): client in: CONT 1
AG1wYWN6ZXNueQBOZGYxNjEzODIJan 28 00:37:40 gentoo dovecot: auth(default):
client out: OK 1 user=xxx
Jan 28 00:37:40 gentoo dovecot: auth(default): master in: REQUEST
1 16026 1
Jan 28 00:37:40 gentoo dovecot: auth(default): ldap(xxx,10.10.10.29):
user search: base=dc=lpr,dc=com,dc=pl scope=subtree filter=(&(cn=xxx))
fields=uidNumber,gidNumber,postOfficeBox,carLicense
Jan 28 00:37:40 gentoo dovecot: auth(default): master out: USER 1 xxx
Jan 28 00:37:40 gentoo dovecot: imap-login: Login: user=<xxx>,
method=PLAIN, rip=10.10.10.29, lip=10.10.10.2, TLS
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Loading modules from
directory: /usr/lib/dovecot/imap
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Module loaded:
/usr/lib/dovecot/imap/lib10_quota_plugin.so
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Module loaded:
/usr/lib/dovecot/imap/lib11_imap_quota_plugin.so
Jan 28 00:37:40 gentoo dovecot: IMAP(xxx): Effective uid=5000, gid=5000, homeJan
28 00:37:40 gentoo dovecot: IMAP(xxx): Quota root:
name=storage=10240000000 backend=maildir args=ignore=Trash
Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): Namespace: type=private,
prefix=INBOX., sep=., inbox=yes, hidden=no, list=yes,
subscriptions=yes
Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): maildir:
data=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir/
Jan 28 00:37:41 gentoo dovecot: IMAP(xxx): maildir++:
root=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir, index=,
control=, inbox=/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir
Jan 28 00:37:41 gentoo dovecot: IMAP(xxx):
mkdir(/HOME_DIRECTORY_USED_BUT_NOT_GIVEN_BY_USERDB/.Maildir/cur)
failed: Permission denied
the second case is that i receive following errors in log file:
Jan 28 00:47:31 gentoo dovecot: auth(default): client in: AUTH 1
PLAIN service=imap secured lip=10.10.10.2 rip=10.10.10.29
Jan 28 00:47:31 gentoo dovecot: auth(default): client out: CONT 1
Jan 28 00:47:31 gentoo dovecot: auth(default): client in: CONT 1
AG1wYCN6ZXNuew9OZGYxxAEzODIeJan 28 00:47:31 gentoo dovecot: auth(default):
client out: OK 1 user=xxx
Jan 28 00:47:31 gentoo dovecot: auth(default): master in: REQUEST
1 16170 1
Jan 28 00:47:31 gentoo dovecot: auth(default):
prefetch(xxx,10.10.10.29): passdb didn't return userdb entries
Jan 28 00:47:31 gentoo dovecot: auth(default):
userdb(xxx,10.10.10.29): user not found from userdb
Jan 28 00:47:31 gentoo dovecot: auth(default): master out: NOTFOUND 1
when i use prefetch driver and with change like this one below to
ldap.conf file:
pass_attrs = uid=user, userPassword=password,
postOfficeBox=userdb_home, uidNumber=userdb_uid, gidNumber=userdb_gid,
carLicense=userdb_quota
(and, yes, i know about the home directory path. it is easy to make it
real and working (change mail_location) - it is not a problem.)
the case and question is: how can i get a QUOTA (in my case -
carLicense) attribute from AD/LDAP? is it shown somewhere? how can it
be verified? the value "storage=10240000000 " is a static one written
in config and the same for all users.
is there any kind of manual on how to make AD and Dovecot running and
returning uid, gid, home, quota etc attributes without PAM?
Regards,
--
Maciej Paczesny
maciunio2 at gmail.com
***Gdyby nie wymy?lono elektryczno?ci,
siedzia?bym przed kompem przy ?wieczkach***