Hi Team, I have enabled LDAP authentication with webmail client and it works successfully. But I found an error with LDAP user's mail. Email is not loaded when I log with an LDAP user. Login phase is successful and mail box is the issue. I created a mail user without including LDAP and that user works fine. Issue comes only with LDAP users. *Anushka Bandara* Research Engineer Lanka Software Foundation +94715846018 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190318/a26c6903/attachment-0001.html>
Here is my doveconf -n
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.9.125-linuxkit x86_64 Ubuntu 18.04.2 LTS overlay
auth_cache_size = 10 M
auth_mechanisms = plain login
auth_username_format = %n
disable_plaintext_auth = no
imap_idle_notify_interval = 4 mins
listen = *
log_path = /var/log/dovecot.log
login_greeting = Dovecot ready.
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_gid = 5000
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_plugins = " mail_crypt quota"
mail_privileged_group = vmail
mail_uid = 5000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date index ihave
duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
namespace inbox {
inbox = yes
location
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
imapsieve_mailbox1_before = file:/var/mail/sieve/global/learn-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before = file:/var/mail/sieve/global/learn-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_name = *
mail_crypt_curve = prime256v1
mail_crypt_save_version = 2
quota = maildir:User quota
quota_exceeded_message = Benutzer %u hat das Speichervolumen
?berschritten. / User %u has exhausted allowed storage space.
sieve
file:/var/mail/sieve/%d/%n/scripts;active=/var/mail/sieve/%d/%n/active-script.sieve
sieve_before = /var/mail/sieve/global/spam-global.sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
sieve_pipe_bin_dir = /usr/bin
sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap lmtp sieve
service auth-worker {
user = vmail
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.copper.opensource.lk/.fullchain.pem
ssl_key = # hidden, use -P to show it
userdb {
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = static
}
protocol lmtp {
mail_plugins = " mail_crypt quota sieve"
postmaster_address = postmaster at copper.opensource.lk
}
protocol lda {
mail_plugins = " mail_crypt quota"
postmaster_address = postmaster at copper.opensource.lk
}
protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep
mail_max_userip_connections = 20
mail_plugins = " mail_crypt quota imap_quota imap_sieve"
}
protocol pop3 {
mail_max_userip_connections = 20
mail_plugins = " mail_crypt quota"
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
}
On Mon, Mar 18, 2019 at 10:17 AM Anushka Bandara <anushkab at
opensource.lk>
wrote:
> Hi Team,
>
> I have enabled LDAP authentication with webmail client and it works
> successfully. But I found an error with LDAP user's mail. Email is not
> loaded when I log with an LDAP user. Login phase is successful and mail box
> is the issue. I created a mail user without including LDAP and that user
> works fine.
>
> Issue comes only with LDAP users.
>
> *Anushka Bandara*
> Research Engineer
> Lanka Software Foundation
> +94715846018
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20190318/379e7b03/attachment-0001.html>
To be honest, I can't really understand your issue. Can you explain what you did, what you expected to happen and what happened instead? Also include any relevant log lines. Aki On 18.3.2019 7.02, Anushka Bandara via dovecot wrote:> Here is my doveconf -n > > # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf > > # Pigeonhole version 0.4.21 (92477967) > > # OS: Linux 4.9.125-linuxkit x86_64 Ubuntu 18.04.2 LTS overlay > > auth_cache_size = 10 M > > auth_mechanisms = plain login > > auth_username_format = %n > > disable_plaintext_auth = no > > imap_idle_notify_interval = 4 mins > > listen = * > > log_path = /var/log/dovecot.log > > login_greeting = Dovecot ready. > > mail_attribute_dict = file:%h/Maildir/dovecot-attributes > > mail_gid = 5000 > > mail_location = maildir:/var/mail/vhosts/%d/%n > > mail_plugins = " mail_crypt quota" > > mail_privileged_group = vmail > > mail_uid = 5000 > > managesieve_notify_capability = mailto > > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date index ihave duplicate mime foreverypart > extracttext imapsieve vnd.dovecot.imapsieve > > namespace inbox { > > ? inbox = yes > > ? location =? > > ? mailbox Archive { > > ? ? auto = subscribe > > ? ? special_use = \Archive > > ? } > > ? mailbox Drafts { > > ? ? auto = subscribe > > ? ? special_use = \Drafts > > ? } > > ? mailbox Junk { > > ? ? auto = subscribe > > ? ? special_use = \Junk > > ? } > > ? mailbox Sent { > > ? ? auto = subscribe > > ? ? special_use = \Sent > > ? } > > ? mailbox "Sent Messages" { > > ? ? special_use = \Sent > > ? } > > ? mailbox Spam { > > ? ? auto = subscribe > > ? ? special_use = \Junk > > ? } > > ? mailbox Trash { > > ? ? auto = subscribe > > ? ? special_use = \Trash > > ? } > > ? prefix =? > > } > > passdb { > > ? args = /etc/dovecot/dovecot-ldap.conf.ext > > ? driver = ldap > > } > > plugin { > > ? imapsieve_mailbox1_before = file:/var/mail/sieve/global/learn-spam.sieve > > ? imapsieve_mailbox1_causes = COPY > > ? imapsieve_mailbox1_name = Spam > > ? imapsieve_mailbox2_before = file:/var/mail/sieve/global/learn-ham.sieve > > ? imapsieve_mailbox2_causes = COPY > > ? imapsieve_mailbox2_from = Spam > > ? imapsieve_mailbox2_name = * > > ? mail_crypt_curve = prime256v1 > > ? mail_crypt_save_version = 2 > > ? quota = maildir:User quota > > ? quota_exceeded_message = Benutzer %u hat das Speichervolumen > ?berschritten. / User %u has exhausted allowed storage space. > > ? sieve > file:/var/mail/sieve/%d/%n/scripts;active=/var/mail/sieve/%d/%n/active-script.sieve > > ? sieve_before = /var/mail/sieve/global/spam-global.sieve > > ? sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment > > ? sieve_pipe_bin_dir = /usr/bin > > ? sieve_plugins = sieve_imapsieve sieve_extprograms > > } > > protocols = imap lmtp sieve > > service auth-worker { > > ? user = vmail > > } > > service auth { > > ? unix_listener /var/spool/postfix/private/auth { > > ? ? group = postfix > > ? ? mode = 0666 > > ? ? user = postfix > > ? } > > ? unix_listener auth-userdb { > > ? ? mode = 0600 > > ? ? user = vmail > > ? } > > ? user = dovecot > > } > > service imap-login { > > ? inet_listener imap { > > ? ? port = 143 > > ? } > > ? inet_listener imaps { > > ? ? port = 993 > > ? ? ssl = yes > > ? } > > } > > service lmtp { > > ? unix_listener /var/spool/postfix/private/dovecot-lmtp { > > ? ? group = postfix > > ? ? mode = 0600 > > ? ? user = postfix > > ? } > > } > > service pop3-login { > > ? inet_listener pop3 { > > ? ? port = 0 > > ? } > > ? inet_listener pop3s { > > ? ? port = 995 > > ? ? ssl = yes > > ? } > > } > > ssl = required > > ssl_cert > </etc/letsencrypt/live/mail.copper.opensource.lk/.fullchain.pem > <http://mail.copper.opensource.lk/.fullchain.pem> > > ssl_key =? # hidden, use -P to show it > > userdb { > > ? args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n > > ? driver = static > > } > > protocol lmtp { > > ? mail_plugins = " mail_crypt quota sieve" > > ? postmaster_address = postmaster at copper.opensource.lk > <mailto:postmaster at copper.opensource.lk> > > } > > protocol lda { > > ? mail_plugins = " mail_crypt quota" > > ? postmaster_address = postmaster at copper.opensource.lk > <mailto:postmaster at copper.opensource.lk> > > } > > protocol imap { > > ? imap_client_workarounds = tb-extra-mailbox-sep > > ? mail_max_userip_connections = 20 > > ? mail_plugins = " mail_crypt quota imap_quota imap_sieve" > > } > > protocol pop3 { > > ? mail_max_userip_connections = 20 > > ? mail_plugins = " mail_crypt quota" > > ? pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > > ? pop3_uidl_format = %08Xu%08Xv > > } > > > > On Mon, Mar 18, 2019 at 10:17 AM Anushka Bandara > <anushkab at opensource.lk <mailto:anushkab at opensource.lk>> wrote: > > Hi Team, > > I have enabled LDAP authentication with webmail client and it > works successfully. But I found an error with LDAP user's mail. > Email is not loaded when I log with an LDAP user. Login phase is > successful and mail box is the issue. I created a mail user > without including LDAP and that user works fine.? > > Issue comes only with LDAP users. > > *Anushka Bandara* > Research Engineer > Lanka Software Foundation > +94715846018 >
A problem with your /etc/dovecot/dovecot-ldap.conf.ext ?
Can you attach it?
Try:
auth_verbose = yes
auth_verbose_passwords = no
auth_debug = yes
auth_debug_passwords = no
and compare those strings in logs for LDAP and non-LDAP logins:
auth: Debug: master userdb out: USER 47054849
support at example.com home=... mail=maildir:....
18.03.2019 7:47, Anushka Bandara via dovecot ?????:> Hi Team,
>
> I have enabled LDAP authentication with webmail client and it works
> successfully. But I found an error with LDAP user's mail. Email is not
> loaded when I log with an LDAP user. Login phase is successful and mail
> box is the issue. I created a mail user without including LDAP and that
> user works fine.?
>
> Issue comes only with LDAP users.
>
> *Anushka Bandara*
> Research Engineer
> Lanka Software Foundation
> +94715846018
I suggest you try adding extra attributes to LDAP replies: https://wiki.dovecot.org/AuthDatabase/LDAP/Userdb#Attribute_templates_.28v2.1.2B-.29 Primarily, define "mail=" explicitly. And then compare auth userdb outputs in logs for both LDAP and non-LDAP. Hope this helps. 18.03.2019 12:25, Anushka Uditha Bandara wrote:> Hi, > > > Here is my "/etc/dovecot/dovecot-ldap.conf.ext". I couldn't find a fix. > > hosts = ldap > dn = cn=ro,dc=mail,dc=mail,dc=lk > dnpass = roadmin > auth_bind = yes > auth_bind_userdn = uid=%n,ou=Users,dc=mai,dc=mail,dc=lk > ldap_version = 3 > base = ou=Users,dc=mail,dc=mail,dc=lk > deref = never > scope = subtree > user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid > user_filter = (&(objectClass=posixAccount)(cn=%n)) > pass_attrs = mail=user,userPassword=password > pass_filter = (&(objectclass=inetOrgPerson)(uid=%n)) > > tls_ca_cert_file = /etc/letsencrypt/live/mail.lsf.mail.lk/.fullchain.pem > <http://mail.lsf.mail.lk/.fullchain.pem> > tls_ca_cert_dir = /etc/letsencrypt/live/mail.lsf.mail.lk/ > <http://mail.lsf.mail.lk/> > tls_cipher_suite = SECURE256:-VERS-SSL3.0 > tls_cert_file =/etc/letsencrypt/live/mail.lsf.mail.lk/.fullchain.pem > <http://mail.lsf.mail.lk/.fullchain.pem> > tls_key_file =/etc/letsencrypt/live/mail.lsf.mail.lk/.privkey.pem > <http://mail.lsf.mail.lk/.privkey.pem> > tls_require_cert = try > debug_level = -1 > > > >