I have been using Samba 4 kerberos and ldap with dovecot. Samba 4
changed a while back (resulting in me asking for help) which requires
kerberos auth for ldap lookups. My setup worked perfectly before hand.
Before and after were with dovecot-2.0.11 and the after also happens
with 2.0.11.
The only changes were (in my ldap.conf for dovecot -- changes are new
lines starting with *, * is not in the conf, just showing changes):
hosts = example.org
base = dc=example,dc=org
ldap_version = 3
user_attrs = userPrincipalName=user
user_filter
(&(objectClass=person)(|(mail=%u)(sAMAccountName=%u)(userPrincipalName=%u)))
*dn = MACHINEACCOUNT$@EXAMPLE.ORG
*sasl_bind = yes
*sasl_mech = GSSAPI
*sasl_realm = EXAMPLE.ORG
*#sasl_authz_id = MACHINEACCOUNT$@EXAMPE.ORG
# For using doveadm -A:
iterate_attrs = userPrincipalName=user
iterate_filter = (objectClass=person)
in dovecot.conf:
import_environment = TZ KRB5CCNAME=/etc/dovecot/krb5.cc
With that do any of the following lines from the referenced hg rev set
mean I am missing anything on my import_environment variable? Or is it
all good?
10.15 +/* <settings checks> */
10.16 +#ifdef HAVE_SYSTEMD
10.17 +# define ENV_SYSTEMD " LISTEN_PID LISTEN_FDS"
10.18 +#else
10.19 +# define ENV_SYSTEMD ""
10.20 +#endif
10.21 +#ifdef DEBUG
10.22 +# define ENV_GDB " GDB"
10.23 +#else
10.24 +# define ENV_GDB ""
10.25 +#endif
10.26 +/* </settings checks> */
10.27 +
10.28 static const struct master_settings master_default_settings = {
10.29 .base_dir = PKG_RUNDIR,
10.30 .libexec_dir = PKG_LIBEXECDIR,
10.31 + .import_environment = "TZ" ENV_SYSTEMD ENV_GDB,
If I am not missing anything, then there seems to be a problem with
kerberos sasl with ldap lookups.
Thank you,
Trever Adams
Reference: http://hg.dovecot.org/dovecot-2.0/rev/cec7fa92ff48
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=697325 (backtrace
via abrtd is included here)
--
"Avert misunderstanding by calm, poise, and balance." -- Unknown
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url :
http://dovecot.org/pipermail/dovecot/attachments/20110420/7d368739/attachment.bin
On 04/20/2011 05:59 AM, Trever L. Adams wrote:> I have been using Samba 4 kerberos and ldap with dovecot. Samba 4 > changed a while back (resulting in me asking for help) which requires > kerberos auth for ldap lookups. My setup worked perfectly before hand. > Before and after were with dovecot-2.0.11 and the after also happens > with 2.0.11. > > The only changes were (in my ldap.conf for dovecot -- changes are new > lines starting with *, * is not in the conf, just showing changes): > > Reference: http://hg.dovecot.org/dovecot-2.0/rev/cec7fa92ff48 > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=697325 (backtrace > via abrtd is included here)As I look at the code in the hg reference above, I think there is a bug. If HOME should be preserved as first, and some of these others may be critical to proper operation, they should be preserved automatically, no matter what the configuration says. This seems to be contrary to the code and to the top of the page (commit comment?). So, based on the code, I think HOME, USER, TZ should always be preserved. Depending on system compilation (according to ifdefs), GDB, LISTEN_PIDS and LISTEN_FDS should also be preserved. Is this what is causing my crash? I am still experimenting. I have three systems doing this. Two were Fedora 15 current and one Fedora 14 current. I have upgraded F14 to F15 to help remove variability. Trever -- Legal Warning: Anyone sending me unsolicited/commercial email WILL be charged a $100 proof-reading fee. See US Code Title 47, Sec.227(a)(2)(B), Sec.227(b)(1)(C) and Sec.227(b)(3)(C). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20110425/bb035a1c/attachment.bin>
On 04/25/2011 09:12 AM, Trever L. Adams wrote:> > As I look at the code in the hg reference above, I think there is a bug. > If HOME should be preserved as first, and some of these others may be > critical to proper operation, they should be preserved automatically, no > matter what the configuration says. This seems to be contrary to the > code and to the top of the page (commit comment?). > > So, based on the code, I think HOME, USER, TZ should always be > preserved. Depending on system compilation (according to ifdefs), GDB, > LISTEN_PIDS and LISTEN_FDS should also be preserved. Is this what is > causing my crash? I am still experimenting. > > I have three systems doing this. Two were Fedora 15 current and one > Fedora 14 current. I have upgraded F14 to F15 to help remove variability. > > TreverSorry for responding to my own posts. Neither of the following fix it: import_environment = HOME USER TZ KRB5CCNAME=/etc/dovecot/krb5.cc LISTEN_FDS LISTEN_PIDS GDB import_environment = KRB5CCNAME=/etc/dovecot/krb5.cc I am finding it interested that abrt seems to say that environment is empty/corrupted. I am attaching more backtraces to the Fedora bug (https://bugzilla.redhat.com/show_bug.cgi?id=697325). It should be noted that machines with more memory pressure crash more often. Thank you for any help, Trever -- "All this technology has somehow made you a stranger in your own land." -- Robert M. Pirsig -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20110426/0ddeff01/attachment-0002.bin>