Hi,
I have setup a new ubuntu on 16.04..
I have already a running system on 14.04 but wanted to migrate.
I get an error when checking user in ldap.
+++
Aug 31 18:14:16 auth: Error: ldap_bind
Aug 31 18:14:16 auth: Error: ldap_simple_bind
Aug 31 18:14:16 auth: Error: ldap_sasl_bind
Aug 31 18:14:16 auth: Error: ldap_send_initial_request
Aug 31 18:14:16 auth: Error: ldap_new_connection 1 1 0
Aug 31 18:14:16 auth: Error: ldap_int_open_connection
Aug 31 18:14:16 auth: Error: ldap_connect_to_host: TCP localhost:389
Aug 31 18:14:16 auth: Error: ldap_new_socket: 20
Aug 31 18:14:16 auth: Error: ldap_prepare_socket: 20
Aug 31 18:14:16 auth: Error: ldap_connect_to_host: Trying ::1 389
Aug 31 18:14:16 auth: Error: ldap_pvt_connect: fd: 20 tm: 5 async: 0
Aug 31 18:14:16 auth: Error: ldap_ndelay_on: 20
Aug 31 18:14:16 auth: Error: attempting to connect:
Aug 31 18:14:16 auth: Error: connect errno: 115
Aug 31 18:14:16 auth: Error: ldap_int_poll: fd: 20 tm: 5
Aug 31 18:14:16 auth: Error: ldap_is_sock_ready: 20
Aug 31 18:14:16 auth: Error: ldap_ndelay_off: 20
Aug 31 18:14:16 auth: Error: ldap_pvt_connect: 0
Aug 31 18:14:16 auth: Error: ldap_open_defconn: successful
Aug 31 18:14:16 auth: Error: ldap_send_server_request
Aug 31 18:14:16 auth: Error: ldap_result ld 0x55b624137680 msgid -1
Aug 31 18:14:16 auth: Error: wait4msg ld 0x55b624137680 msgid -1 (timeout 0
usec)
Aug 31 18:14:16 auth: Error: wait4msg continue ld 0x55b624137680 msgid -1
all 0
Aug 31 18:14:16 auth: Error: ** ld 0x55b624137680 Connections:
Aug 31 18:14:16 auth: Error: * host: localhost port: 389 (default)
Aug 31 18:14:16 auth: Error: refcnt: 2 status: Connected
Aug 31 18:14:16 auth: Error: last used: Wed Aug 31 18:14:16 2016
Aug 31 18:14:16 auth: Error:
Aug 31 18:14:16 auth: Error:
Aug 31 18:14:16 auth: Error: ** ld 0x55b624137680 Outstanding Requests:
Aug 31 18:14:16 auth: Error: * msgid 1, origid 1, status InProgress
Aug 31 18:14:16 auth: Error: outstanding referrals 0, parent count 0
Aug 31 18:14:16 auth: Error: ld 0x55b624137680 request count 1 (abandoned
0)
Aug 31 18:14:16 auth: Error: ** ld 0x55b624137680 Response Queue:
Aug 31 18:14:16 auth: Error: Empty
Aug 31 18:14:16 auth: Error: ld 0x55b624137680 response count 0
Aug 31 18:14:16 auth: Error: ldap_chkResponseList ld 0x55b624137680 msgid -1
all 0
Aug 31 18:14:16 auth: Error: ldap_chkResponseList returns ld 0x55b624137680
NULL
Aug 31 18:14:16 auth: Error: ldap_int_select
Aug 31 18:14:16 auth: Error: read1msg: ld 0x55b624137680 msgid -1 all 0
Aug 31 18:14:16 auth: Error: read1msg: ld 0x55b624137680 msgid 1 message
type bind
Aug 31 18:14:16 auth: Error: read1msg: ld 0x55b624137680 0 new referrals
Aug 31 18:14:16 auth: Error: read1msg: mark request completed, ld
0x55b624137680 msgid 1
Aug 31 18:14:16 auth: Error: request done: ld 0x55b624137680 msgid 1
Aug 31 18:14:16 auth: Error: res_errno: 0, res_error: <>, res_matched:
<>
Aug 31 18:14:16 auth: Error: ldap_free_request (origid 1, msgid 1)
Aug 31 18:14:16 auth: Error: ldap_parse_result
Aug 31 18:14:16 auth: Error: ldap_search
Aug 31 18:14:16 auth: Error: put_filter:
"(&(objectClass=posixAccount)(mail=info))"
Aug 31 18:14:16 auth: Error: put_filter: AND
Aug 31 18:14:16 auth: Error: put_filter_list
"(objectClass=posixAccount)(mail=info)"
Aug 31 18:14:16 auth: Error: put_filter: "(objectClass=posixAccount)"
Aug 31 18:14:16 auth: Error: put_filter: simple
Aug 31 18:14:16 auth: Error: put_simple_filter:
"objectClass=posixAccount"
Aug 31 18:14:16 auth: Error: put_filter: "(mail=info)"
Aug 31 18:14:16 auth: Error: put_filter: simple
Aug 31 18:14:16 auth: Error: put_simple_filter: "mail=info"
Aug 31 18:14:16 auth: Error: ldap_send_initial_request
Aug 31 18:14:16 auth: Error: ldap_send_server_request
Aug 31 18:14:16 auth: Error: ldap_msgfree
Aug 31 18:14:16 auth: Error: ldap_result ld 0x55b624137680 msgid -1
Aug 31 18:14:16 auth: Error: wait4msg ld 0x55b624137680 msgid -1 (timeout 0
usec)
Aug 31 18:14:16 auth: Error: wait4msg continue ld 0x55b624137680 msgid -1
all 0
Aug 31 18:14:16 auth: Error: ** ld 0x55b624137680 Connections:
Aug 31 18:14:16 auth: Error: * host: localhost port: 389 (default)
Aug 31 18:14:16 auth: Error: refcnt: 2 status: Connected
Aug 31 18:14:16 auth: Error: last used: Wed Aug 31 18:14:16 2016
Aug 31 18:14:16 auth: Error:
Aug 31 18:14:16 auth: Error:
Aug 31 18:14:16 auth: Error: ** ld 0x55b624137680 Outstanding Requests:
Aug 31 18:14:16 auth: Error: * msgid 2, origid 2, status InProgress
Aug 31 18:14:16 auth: Error: outstanding referrals 0, parent count 0
Aug 31 18:14:16 auth: Error: ld 0x55b624137680 request count 1 (abandoned
0)
Aug 31 18:14:16 auth: Error: ** ld 0x55b624137680 Response Queue:
Aug 31 18:14:16 auth: Error: Empty
Aug 31 18:14:16 auth: Error: ld 0x55b624137680 response count 0
Aug 31 18:14:16 auth: Error: ldap_chkResponseList ld 0x55b624137680 msgid -1
all 0
Aug 31 18:14:16 auth: Error: ldap_chkResponseList returns ld 0x55b624137680
NULL
Aug 31 18:14:16 auth: Error: ldap_int_select
Aug 31 18:14:16 auth: Error: read1msg: ld 0x55b624137680 msgid -1 all 0
Aug 31 18:14:16 auth: Error: read1msg: ld 0x55b624137680 msgid 2 message
type search-result
Aug 31 18:14:16 auth: Error: read1msg: ld 0x55b624137680 0 new referrals
Aug 31 18:14:16 auth: Error: read1msg: mark request completed, ld
0x55b624137680 msgid 2
Aug 31 18:14:16 auth: Error: request done: ld 0x55b624137680 msgid 2
Aug 31 18:14:16 auth: Error: res_errno: 0, res_error: <>, res_matched:
<>
Aug 31 18:14:16 auth: Error: ldap_free_request (origid 2, msgid 2)
Aug 31 18:14:16 auth: Error: ldap_parse_result
Aug 31 18:14:16 auth: Error: ldap_first_attribute
Aug 31 18:14:16 auth: Error: ldap_msgfree
Aug 31 18:14:16 auth: Error: ldap_result ld 0x55b624137680 msgid -1
Aug 31 18:14:16 auth: Error: wait4msg ld 0x55b624137680 msgid -1 (timeout 0
usec)
Aug 31 18:14:16 auth: Error: wait4msg continue ld 0x55b624137680 msgid -1
all 0
Aug 31 18:14:16 auth: Error: ** ld 0x55b624137680 Connections:
Aug 31 18:14:16 auth: Error: * host: localhost port: 389 (default)
Aug 31 18:14:16 auth: Error: refcnt: 1 status: Connected
Aug 31 18:14:16 auth: Error: last used: Wed Aug 31 18:14:16 2016
Aug 31 18:14:16 auth: Error:
Aug 31 18:14:16 auth: Error:
Aug 31 18:14:16 auth: Error: ** ld 0x55b624137680 Outstanding Requests:
Aug 31 18:14:16 auth: Error: Empty
Aug 31 18:14:16 auth: Error: ld 0x55b624137680 request count 0 (abandoned
0)
Aug 31 18:14:16 auth: Error: ** ld 0x55b624137680 Response Queue:
Aug 31 18:14:16 auth: Error: Empty
Aug 31 18:14:16 auth: Error: ld 0x55b624137680 response count 0
Aug 31 18:14:16 auth: Error: ldap_chkResponseList ld 0x55b624137680 msgid -1
all 0
Aug 31 18:14:16 auth: Error: ldap_chkResponseList returns ld 0x55b624137680
NULL
Aug 31 18:14:16 auth: Error: ldap_int_select
Aug 31 18:16:18 auth: Error: ldap_unbind
Aug 31 18:16:18 auth: Error: ldap_free_connection 1 1
Aug 31 18:16:18 auth: Error: ldap_send_unbind
Aug 31 18:16:18 auth: Error: ldap_free_connection: actually freed
+++
The problem is this line:
Aug 31 18:14:16 auth: Error: put_filter:
"(&(objectClass=posixAccount)(mail=info))"
Since the file to run the userdb contains this command:
user_filter = (&(objectClass=posixAccount)(mail=%u))
Which should user the full name, in my case a full e-mail address.
The postfix command is:
virtual_transport = lmtp:unix:private/dovecot-lmtp
When using:
virtual_transport = dovecot
The correct string is shown for %u.
Here is dovecot conf. I don't believe this will cause the error. Anyhow.
+++
dovecot -n
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS ext4
auth_mechanisms = plain login
auth_username_format = %Ln
debug_log_path = /var/log/dovecot/dovecot-debug.log
info_log_path = /var/log/dovecot/dovecot-info.log
log_path = /var/log/dovecot/dovecot.log
mail_gid = avvmail
mail_location = maildir:/var/av_vmail/%d/%n:LAYOUT=fs
mail_privileged_group = avvmail
mail_uid = avvmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date index ihave
duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix }
passdb {
args = /etc/dovecot/av_auth_ldap.conf
driver = ldap
}
protocols = pop3 imap lmtp
service auth-worker {
unix_listener auth-worker {
user = root
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group mode = 0666
user }
}
service imap-login {
inet_listener imap {
port = 143
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
user = avvmail
}
ssl = required
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_cipher_list
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128
:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDE
A:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
ssl_dh_parameters_length = 2048
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
args = /etc/dovecot/av_auth_ldap.conf
driver = ldap
}
protocol imap {
imap_idle_notify_interval = 29 mins
mail_max_userip_connections = 20
mail_plugins = " quota imap_quota antispam"
}
+++
Please let me know what additional info I can provide to narrow the problem
and get to a solution.
By the way:
When using:
virtual_transport = dovecot
I get another error with some file permissions on auth-userdb which I was
not able to overcome sofar.
Help appreciated.
Mit freundlichenGr??en / Kind Regards
Kallewirsch
On 31.08.2016 19:24, Averlon GmbH (in Gr?ndung) wrote:> Hi, > I have setup a new ubuntu on 16.04.. > I have already a running system on 14.04 but wanted to migrate. > > I get an error when checking user in ldap. > > I get another error with some file permissions on auth-userdb which I was > not able to overcome sofar. > > Help appreciated. > > > Mit freundlichenGr??en / Kind Regards > KallewirschYour problem is in postfix config, possibly some virtual user mapping or aliasing. Aki
Averlon GmbH (in GrĂ¼ndung)
2016-Sep-01 10:43 UTC
AW: dovecot and ldap with problem on userdb
Hi,
thanks for the valuable hint. I have already tried to search for this.
This is my postfix config.
+++
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1h
command_directory = /usr/sbin
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
maximal_backoff_time = 15m
maximal_queue_lifetime = 1h
message_size_limit = 10240000
minimal_backoff_time = 5m
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = av.loc
myhostname = mail.av.loc
mynetworks = 127.0.0.0/8, 192.168.110.0/24, 192.168.111.0/24,
192.168.114.150, 192.168.114.151
myorigin = /etc/mailname
queue_run_delay = 5m
readme_directory = no
recipient_delimiter = +
relayhost smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/av_smtp_auth.cf
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_ciphers = high
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks
check_relay_domains reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = reject_unknown_sender_domain permit_mynetworks
permit_sasl_authenticated warn_if_reject
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_high_cipherlist
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128
:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDE
A:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
tls_random_source = dev:/dev/urandom
tls_ssl_options = NO_COMPRESSION
unknown_local_recipient_reject_code = 550
unverified_sender_reject_reason = "av - Address verification failed"
virtual_alias_maps = hash:/etc/postfix/av_aliases.cf
virtual_mailbox_base = /var/av_vmail
virtual_mailbox_domains = /etc/postfix/av_domains.cf
virtual_mailbox_limit = 0
virtual_mailbox_maps = ldap:/etc/postfix/av_accounts.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
postconf: warning: /etc/postfix/main.cf: unused parameter: i#setgid_group+++
Could you probably identify the area based on your knowledge where it could
be?
ldap:/etc/postfix/av_accounts.cf +++
#
# check recipient mailbox destination
#
server_host = localhost
search_base = ou=people,dc=av,dc=loc
bind = yes
bind_dn = cn=xxx
bind_pw = xxx
query_filter = (&(objectClass=posixAccount)(mail=%s))
result_attribute = mail
result_format = %s/Maildir/
debuglevel = 1
+++
Mit freundlichenGr??en / Kind Regards
Kallewirsch
-----Urspr?ngliche Nachricht-----
Von: dovecot [mailto:dovecot-bounces at dovecot.org] Im Auftrag von Aki Tuomi
Gesendet: Donnerstag, 1. September 2016 08:02
An: dovecot at dovecot.org
Betreff: Re: dovecot and ldap with problem on userdb
On 31.08.2016 19:24, Averlon GmbH (in Gr?ndung) wrote:> Hi,
> I have setup a new ubuntu on 16.04..
> I have already a running system on 14.04 but wanted to migrate.
>
> I get an error when checking user in ldap.
>
> I get another error with some file permissions on auth-userdb which I
> was not able to overcome sofar.
>
> Help appreciated.
>
>
> Mit freundlichenGr??en / Kind Regards
> Kallewirsch
Your problem is in postfix config, possibly some virtual user mapping or
aliasing.
Aki