Benjamin
2016-Jun-09 14:03 UTC
postfix+dovecot and usernames different to e-mail addresses
Thank you for this hint, but no, that does not work.
Does Dovecot really use this user_filter when postfix passes mail using
the dovecot-lda command?
I now tried it with
user_filter = (&(objectClass=qmailUser)(|(uid=%u)(mail=%u)))
and when I search with this filter in LDAP directly (using the
recipients e-mail address as %u) it returns the wanted user.
I also ensured, postfix passes the e-mail address as argument by playing
around with master.cf, and it does. At the moment the dovecot line looks
as follows:
dovecot unix - n n - - pipe
flags=DRhu user=mail-data:mail-data
argv=/usr/lib/dovecot/dovecot-lda -a ${recipient}
Dovecot still tells me that it does not find the home directory for the
user.
Benjamin
On 06/08/2016 10:45 PM, Wolfgang Rosenauer wrote:> On Wed, Jun 8, 2016 at 10:13 AM, Benjamin <dovecot at
benjaminhubert.at> wrote:
>
>>
>> My dovecot-ldap configuration looks quite simple:
>>
>> hosts = 192.168.0.1,192.168.0.2
>> dn = cn=mailadmin,dc=example,dc=com
>> dnpass = foo
>> auth_bind = yes
>> ldap_version = 3
>> base = ou=users,dc=example,dc=com
>> user_attrs = mailMessageStore=home
>> user_filter = (&(objectClass=qmailUser)(uid=%u))
>> pass_filter = (&(objectClass=qmailUser)(uid=%u))
>>
>> I think dovecot does not know that the username is not the e-mail
address,
>> but how can I tell him?
>>
>> Furthermore we have alternative addresses here, so for example there
may
>> be an e-mail address bar at example.com owned by foo-example.com who
has
>> foo at example.com as primary address.
>>
>
> You need user_filter and pass_filter to recognize also the email addresses
> IMHO.
>
> Mine look like:
> pass_filter = (&(objectClass=suseMailRecipient)(|(alias=%n)(uid=%n)))
> user_filter = (&(objectClass=suseMailRecipient)(|(alias=%n)(uid=%n)))
>
> You have to adapt to your own ldap attributes and use the correct variable
> (%n) to match your usecase. My users can login (and receive mails) via all
> of their aliases, primary address (part of the alias set) or their
username.
>
> HTH,
> Wolfgang
>
Benjamin
2016-Jun-09 15:13 UTC
postfix+dovecot and usernames different to e-mail addresses
Ok. The problem seems to be something different. I found out that even if I pass the real username (foo-example.com) to dovecot-lda, dovecot tells me Error: User initialization failed: Namespace 'INBOX.': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Why does dovecot find the home when accessed via IMAP, but not when accessed via dovecot-lda? Benjamin On 06/09/2016 04:03 PM, Benjamin wrote:> Thank you for this hint, but no, that does not work. > > Does Dovecot really use this user_filter when postfix passes mail using > the dovecot-lda command? > > I now tried it with > > user_filter = (&(objectClass=qmailUser)(|(uid=%u)(mail=%u))) > > and when I search with this filter in LDAP directly (using the > recipients e-mail address as %u) it returns the wanted user. > > I also ensured, postfix passes the e-mail address as argument by playing > around with master.cf, and it does. At the moment the dovecot line looks > as follows: > > dovecot unix - n n - - pipe > flags=DRhu user=mail-data:mail-data > argv=/usr/lib/dovecot/dovecot-lda -a ${recipient} > > Dovecot still tells me that it does not find the home directory for the > user. > > > Benjamin > > > On 06/08/2016 10:45 PM, Wolfgang Rosenauer wrote: >> On Wed, Jun 8, 2016 at 10:13 AM, Benjamin <dovecot at benjaminhubert.at> >> wrote: >> >>> >>> My dovecot-ldap configuration looks quite simple: >>> >>> hosts = 192.168.0.1,192.168.0.2 >>> dn = cn=mailadmin,dc=example,dc=com >>> dnpass = foo >>> auth_bind = yes >>> ldap_version = 3 >>> base = ou=users,dc=example,dc=com >>> user_attrs = mailMessageStore=home >>> user_filter = (&(objectClass=qmailUser)(uid=%u)) >>> pass_filter = (&(objectClass=qmailUser)(uid=%u)) >>> >>> I think dovecot does not know that the username is not the e-mail >>> address, >>> but how can I tell him? >>> >>> Furthermore we have alternative addresses here, so for example there may >>> be an e-mail address bar at example.com owned by foo-example.com who has >>> foo at example.com as primary address. >>> >> >> You need user_filter and pass_filter to recognize also the email >> addresses >> IMHO. >> >> Mine look like: >> pass_filter = (&(objectClass=suseMailRecipient)(|(alias=%n)(uid=%n))) >> user_filter = (&(objectClass=suseMailRecipient)(|(alias=%n)(uid=%n))) >> >> You have to adapt to your own ldap attributes and use the correct >> variable >> (%n) to match your usecase. My users can login (and receive mails) via >> all >> of their aliases, primary address (part of the alias set) or their >> username. >> >> HTH, >> Wolfgang >>
Wolfgang Rosenauer
2016-Jun-09 16:26 UTC
postfix+dovecot and usernames different to e-mail addresses
Hi, On Thu, Jun 9, 2016 at 5:13 PM, Benjamin <dovecot at benjaminhubert.at> wrote:> Ok. The problem seems to be something different. I found out that even if > I pass the real username (foo-example.com) to dovecot-lda, dovecot tells > me > > Error: User initialization failed: Namespace 'INBOX.': Home directory > not set for user. Can't expand ~/ for mail root dir in: ~/Maildir > > Why does dovecot find the home when accessed via IMAP, but not when > accessed via dovecot-lda? > >actually good question. I have to admit I only use LMTP and for that it works for me. I left out some more settings which might be important for you: pass_attrs = uid=user user_attrs uid=user,=uid=600,=gid=600,=home=/srv/dovecot/%n,suseImapQuota=quota_rule=*:storage=%{ldap:suseImapQuota}M since obviously the search itself it not sufficient. You need to make sure that the right mailbox is addressed in the end via the uid=user In your configuration you do not return a user at all so this can be a problem IMHO.