David Scheele
2015-Feb-27 14:46 UTC
Dovecot & LDAP Take #2: Authentication failed and logging
Hi there, after banging my head against a wall for a bit I got more indepth with dovecot and am now much more knowledgeable about the system than before. But I still have two problems: 1.) For some reason my dovecot doesnt log correctly. I put debug_log to -1 and expected to see logs flooding in in my syslog. When I try to log in via telnet over imap and the login succeeds it loggs correctly. But when it fails there is no log entry. Any clue what might cause this? And now the big fish: 2.) Still hanging to log a user in over telnet via imap. I'm pretty sure i have misconfigured something. first of all: 2a.) Is the *passdb* and *userdb* ind the dovecot.conf still needed in the newest version? It appears to me that all authing runs over the *10-auth.conf*, *auth-ldap.conf.ext* and *dovecot-ldap.conf.ext *and the passdb and userdb settings might just be remnants of the past? or am i wrong here? 2b.) This is my config: *# 2.1.7: /etc/dovecot/dovecot.conf# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.8 ext4auth_mechanisms = plain logindefault_login_user vmaildisable_plaintext_auth = nofirst_valid_gid = 2222first_valid_uid 2222listen = *mail_access_groups = vmailmail_debug = yesmail_location maildir:/var/vmail/%d/%npassdb { args = scheme=SHA1 /etc/dovecot/passwd driver = passwd-file}protocols = imapservice auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root}service imap-login { process_min_avail = 1 user = vmail}ssl = nouserdb { args = uid=2222 gid=2222 home=/var/vmail/%d/%n allow_all_users=yes driver = static}* *hosts = [ <http://mailserver.realsecure.de/>hostname].[domainname].dedebug_level -1auth_bind = yesauth_bind_userdn = cn=%u,ou=People,dc=**[domainname]* *,dc=debase = ou=People,dc=[domainname],dc=deuser_attrs uidNumber=uiduser_filter = (&(objectClass=inetOrgPerson)(uid=%u))pass_attrs = uid=user,userPassword=passwordpass_filter (&(objectClass=inetOrgPerson)(uid=%u))iterate_attrs uid=useriterate_filter = (objectClass=inetOrgPerson)* The user I try to log in with is: *cn=Klara Fall,ou=People,dc=[domainname],dc=de* *objectclasses: inetOrgPerson, organizationalPerson, person, simpleSecurityObject,top* *sn=Fall* *userPassword is set* *mail: klara.fall@[domainname].de* *uid: klarafall* I want to try with auth bind because I think i understood whats going on with that. When i try to a login klarafall [password] it gives me a NO [AUTHENTICATIONFAILED] Authentication failed. Any clues? This would be much easier with logging... but see 1.) :) I feel I'm not far from the finish line. Best, David
Steffen Kaiser
2015-Feb-27 14:56 UTC
Dovecot & LDAP Take #2: Authentication failed and logging
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 27 Feb 2015, David Scheele wrote:> But I still have two problems: > > 1.) For some reason my dovecot doesnt log correctly. I put debug_log to -1? http://wiki2.dovecot.org/Logging?highlight=%28debug_log%29> and expected to see logs flooding in in my syslog. When I try to log in via > telnet over imap and the login succeeds it loggs correctly. But when it > fails there is no log entry. Any clue what might cause this? > > And now the big fish: > > 2.) Still hanging to log a user in over telnet via imap. I'm pretty sure i > have misconfigured something. first of all: > > 2a.) Is the *passdb* and *userdb* ind the dovecot.conf still needed in the > newest version? It appears to me that all authing runs over the > *10-auth.conf*, *auth-ldap.conf.ext* and *dovecot-ldap.conf.ext *and the > passdb and userdb settings might just be remnants of the past? or am i > wrong here?Did you've consulted the Wiki? http://wiki2.dovecot.org/Authentication - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVPCFjXz1H7kL/d9rAQLdVgf+MD2W8tx2DgsVy7vXQqcywaOWbGXPdW1o psRQDaSWf8IlSOZOeYNC0k3AbGSPbb70pYibGDeFo5W8wIdsEyTizEmvZOmKRTnC Bf6Q3hFPOQ9TUrcGVKwyA5lbR4UkMwLLOUcj1PvFwJ4d3iGx0Rqc4xMFPv79oXDq H5fiXxDjlJlFcqdE4Z3XedzEUDmTjYihGCr+2Zsa/wKjrEM2PYZn+SZEsv+AZZgL LcnH2eqVt6CaN44H12H9auvC2KLbVXAPCGHlwnmD1IXfXfK1IsDkH3yzsSPYxtQn tv0Ps7mSig/8MJrP+17kl42q0P7YsMYFqzlSUK9u/Dkwx7NoMeZd4Q==o5Xt -----END PGP SIGNATURE-----
David Scheele
2015-Feb-27 14:58 UTC
Dovecot & LDAP Take #2: Authentication failed and logging
Thanks for the reply. I did indeed consult the wiki. But most of the time it seems some information is old and/or more confusing then helping. But I'll take another look. 2015-02-27 15:56 GMT+01:00 Steffen Kaiser <skdovecot at smail.inf.fh-brs.de>:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 27 Feb 2015, David Scheele wrote: > >> But I still have two problems: >> >> 1.) For some reason my dovecot doesnt log correctly. I put debug_log to -1 >> > > ? http://wiki2.dovecot.org/Logging?highlight=%28debug_log%29 > > and expected to see logs flooding in in my syslog. When I try to log in >> via >> telnet over imap and the login succeeds it loggs correctly. But when it >> fails there is no log entry. Any clue what might cause this? >> >> And now the big fish: >> >> 2.) Still hanging to log a user in over telnet via imap. I'm pretty sure i >> have misconfigured something. first of all: >> >> 2a.) Is the *passdb* and *userdb* ind the dovecot.conf still needed in the >> newest version? It appears to me that all authing runs over the >> *10-auth.conf*, *auth-ldap.conf.ext* and *dovecot-ldap.conf.ext *and the >> passdb and userdb settings might just be remnants of the past? or am i >> wrong here? >> > > Did you've consulted the Wiki? > http://wiki2.dovecot.org/Authentication > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBVPCFjXz1H7kL/d9rAQLdVgf+MD2W8tx2DgsVy7vXQqcywaOWbGXPdW1o > psRQDaSWf8IlSOZOeYNC0k3AbGSPbb70pYibGDeFo5W8wIdsEyTizEmvZOmKRTnC > Bf6Q3hFPOQ9TUrcGVKwyA5lbR4UkMwLLOUcj1PvFwJ4d3iGx0Rqc4xMFPv79oXDq > H5fiXxDjlJlFcqdE4Z3XedzEUDmTjYihGCr+2Zsa/wKjrEM2PYZn+SZEsv+AZZgL > LcnH2eqVt6CaN44H12H9auvC2KLbVXAPCGHlwnmD1IXfXfK1IsDkH3yzsSPYxtQn > tv0Ps7mSig/8MJrP+17kl42q0P7YsMYFqzlSUK9u/Dkwx7NoMeZd4Q=> =o5Xt > -----END PGP SIGNATURE----- >