On Wed, Sep 26, 2018 at 09:34:07AM +0300, Aki Tuomi <aki.tuomi at open-xchange.com> wrote:> # before current passbd > passdb { > ? driver = passwd-file > ? args = username_format=%Lu /etc/dovecot/aliases > } > > # into /etc/dovecot/aliases > alias at user:::::::user=real_username noauthenticate > > This hopefully works.This seems to work fine and I had the idea of doing something similar for the userdb, but there it appears that the user name change doesn't happen.> auth_debug=yes > userdb { > driver = passwd-file > args = username_format=%Lu /etc/dovecot/aliases > result_success = continue-ok > } > userdb { > driver = passwd-file > args = username_format=%u /etc/passwd > }When I perform a lookup with `doveadm user 'test at xinu.at'` I get many empty fields since the alias file doesn't have them set. I expected that they would be fetched from the next userdb (/etc/passwd), but that doesn't seem to happen. I get this in the log:> dovecot[10118]: auth: Debug: master in: USER 1 test at xinu.at service=doveadm debug > dovecot[10118]: auth: Debug: passwd-file(test at xinu.at): lookup: user=test at xinu.at file=/etc/dovecot/aliases > dovecot[10118]: auth: Debug: passwd-file(test at xinu.at): lookup: user=test at xinu.at file=/etc/passwd > dovecot[10118]: auth: passwd-file(test at xinu.at): unknown user > dovecot[10118]: auth: Debug: userdb out: USER 1 test at xinu.atSo it looks like the user name change doesn't get applied with userdb, while it works as expected with passdb. Is this expected or is this a bug? Just for comparison, the passdb config is this:> passdb { > driver = passwd-file > args = username_format=%Lu /etc/dovecot/aliases > } > passdb { > driver = pam > }And when logging in with `doveadm auth test test at xinu.at` the log looks like this:> dovecot[10118]: auth: Debug: auth client connected (pid=0) > dovecot[10118]: auth: Debug: client in: AUTH 1 PLAIN service=doveadm debug resp=<hidden> > dovecot[10118]: auth: Debug: passwd-file(test at xinu.at): lookup: user=test at xinu.at file=/etc/dovecot/aliases > dovecot[10118]: auth: Debug: passwd-file(test at xinu.at): username changed test at xinu.at -> flo > dovecot[10118]: auth: Debug: passwd-file(flo): Allowing any password > dovecot[10118]: auth: Debug: passwd-file(flo): Not performing authentication (noauthenticate set) > dovecot[10118]: auth-worker(10356): Debug: pam(flo): lookup service=dovecot > dovecot[10118]: auth-worker(10356): Debug: pam(flo): #1/1 style=1 msg=Password: > dovecot[10118]: auth: Debug: client passdb out: OK 1 user=flo original_user=test at xinu.atFlorian Full config: # 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.2 (7704de5e) # OS: Linux 4.18.5-arch1-1-ARCH x86_64 Arch Linux # Hostname: calima auth_debug = yes mail_location = mdbox:~/.mdbox mail_plugins = zlib managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext mmap_disable = yes namespace { hidden = no inbox = yes location = prefix = INBOX. separator = . type = private } passdb { args = username_format=%Lu /etc/dovecot/aliases driver = passwd-file } passdb { driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = count:User quota quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_vsizes = yes sieve = ~/.dovecot.sieve sieve_dir = ~/.sieve sieve_global_dir = /etc/dovecot/sieve/global/ sieve_global_path = /etc/dovecot/sieve/default.sieve } protocols = imap lmtp service auth { user = root } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } } ssl_cert = </etc/letsencrypt/live/calima.server-speed.net/fullchain.pem ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { args = username_format=%Lu /etc/dovecot/aliases driver = passwd-file result_success = continue-ok } userdb { args = username_format=%u /etc/passwd driver = passwd-file } protocol lmtp { mail_plugins = zlib sieve postmaster_address = postmaster at server-speed.net } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20180927/aaa711fa/attachment.sig>
On 28.09.2018 00:08, Florian Pritz wrote:> On Wed, Sep 26, 2018 at 09:34:07AM +0300, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: >> # before current passbd >> passdb { >> ? driver = passwd-file >> ? args = username_format=%Lu /etc/dovecot/aliases >> } >> >> # into /etc/dovecot/aliases >> alias at user:::::::user=real_username noauthenticate >> >> This hopefully works. > This seems to work fine and I had the idea of doing something similar > for the userdb, but there it appears that the user name change doesn't > happen. > >> auth_debug=yes >> userdb { >> driver = passwd-file >> args = username_format=%Lu /etc/dovecot/aliases >> result_success = continue-ok >> } >> userdb { >> driver = passwd-file >> args = username_format=%u /etc/passwd >> } > When I perform a lookup with `doveadm user 'test at xinu.at'` I get many > empty fields since the alias file doesn't have them set. I expected that > they would be fetched from the next userdb (/etc/passwd), but that > doesn't seem to happen. I get this in the log: > >> dovecot[10118]: auth: Debug: master in: USER 1 test at xinu.at service=doveadm debug >> dovecot[10118]: auth: Debug: passwd-file(test at xinu.at): lookup: user=test at xinu.at file=/etc/dovecot/aliases >> dovecot[10118]: auth: Debug: passwd-file(test at xinu.at): lookup: user=test at xinu.at file=/etc/passwd >> dovecot[10118]: auth: passwd-file(test at xinu.at): unknown user >> dovecot[10118]: auth: Debug: userdb out: USER 1 test at xinu.at > So it looks like the user name change doesn't get applied with userdb, > while it works as expected with passdb. Is this expected or is this a > bug? > > > Just for comparison, the passdb config is this: >> passdb { >> driver = passwd-file >> args = username_format=%Lu /etc/dovecot/aliases >> } >> passdb { >> driver = pam >> } > And when logging in with `doveadm auth test test at xinu.at` the log looks like this: > >> dovecot[10118]: auth: Debug: auth client connected (pid=0) >> dovecot[10118]: auth: Debug: client in: AUTH 1 PLAIN service=doveadm debug resp=<hidden> >> dovecot[10118]: auth: Debug: passwd-file(test at xinu.at): lookup: user=test at xinu.at file=/etc/dovecot/aliases >> dovecot[10118]: auth: Debug: passwd-file(test at xinu.at): username changed test at xinu.at -> flo >> dovecot[10118]: auth: Debug: passwd-file(flo): Allowing any password >> dovecot[10118]: auth: Debug: passwd-file(flo): Not performing authentication (noauthenticate set) >> dovecot[10118]: auth-worker(10356): Debug: pam(flo): lookup service=dovecot >> dovecot[10118]: auth-worker(10356): Debug: pam(flo): #1/1 style=1 msg=Password: >> dovecot[10118]: auth: Debug: client passdb out: OK 1 user=flo original_user=test at xinu.at > Florian > > > > Full config: > > # 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.2 (7704de5e) > # OS: Linux 4.18.5-arch1-1-ARCH x86_64 Arch Linux > # Hostname: calima > auth_debug = yes > mail_location = mdbox:~/.mdbox > mail_plugins = zlib > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext > mmap_disable = yes > namespace { > hidden = no > inbox = yes > location = > prefix = INBOX. > separator = . > type = private > } > passdb { > args = username_format=%Lu /etc/dovecot/aliases > driver = passwd-file > } > passdb { > driver = pam > } > plugin { > mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename > mail_log_fields = uid box msgid size > quota = count:User quota > quota_status_nouser = DUNNO > quota_status_overquota = 552 5.2.2 Mailbox is full > quota_status_success = DUNNO > quota_vsizes = yes > sieve = ~/.dovecot.sieve > sieve_dir = ~/.sieve > sieve_global_dir = /etc/dovecot/sieve/global/ > sieve_global_path = /etc/dovecot/sieve/default.sieve > } > protocols = imap lmtp > service auth { > user = root > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0660 > user = postfix > } > } > service quota-status { > client_limit = 1 > executable = quota-status -p postfix > unix_listener /var/spool/postfix/private/quota-status { > group = postfix > mode = 0660 > user = postfix > } > } > ssl_cert = </etc/letsencrypt/live/calima.server-speed.net/fullchain.pem > ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA > ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > ssl_options = no_compression > ssl_prefer_server_ciphers = yes > userdb { > args = username_format=%Lu /etc/dovecot/aliases > driver = passwd-file > result_success = continue-ok > } > userdb { > args = username_format=%u /etc/passwd > driver = passwd-file > } > protocol lmtp { > mail_plugins = zlib sieve > postmaster_address = postmaster at server-speed.net > } > protocol imap { > imap_client_workarounds = tb-extra-mailbox-sep > } > > > > > >Username change should've occured in userdb too, although with passwd_file you probably need to return it as userdb_user. Aki -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20180928/af2d182d/attachment.sig>
On Fri, Sep 28, 2018 at 08:57:44AM +0300, Aki Tuomi <aki.tuomi at open-xchange.com> wrote:> On 28.09.2018 00:08, Florian Pritz wrote: > > On Wed, Sep 26, 2018 at 09:34:07AM +0300, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > >> # before current passbd > >> passdb { > >> ? driver = passwd-file > >> ? args = username_format=%Lu /etc/dovecot/aliases > >> } > >> > >> # into /etc/dovecot/aliases > >> alias at user:::::::user=real_username noauthenticate > > Username change should've occured in userdb too, although with > passwd_file you probably need to return it as userdb_user.That works. Thanks! In case anyone else is interested, put this in the alias file if you want to use it for both:> test at xinu.at:::::::user=flo userdb_user=flo noauthenticateFlorian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20180928/ed6bf764/attachment-0001.sig>
Possibly Parallel Threads
- Username aliases
- Username aliases
- 2nd try: Thunderbird "Empty Trash" causes inconsistent IMAP session state?
- passwd-file, getting invalid uid 0
- [BUG] 2.2.21 Panic: file imap-client.c: line 841 (client_check_command_hangs): assertion failed: (!have_wait_unfinished || unfinished_count > 0)