Sorry, my fault, I missed some comma on user and pass attrs.
On 8/10/21 1:31 PM, Lucas Castro wrote:> Hello,
>
> I'm trying to map authenticated kerberos users to mail_location,
>
>
> The problem when I set mail_home =
> /var/mail/virtual/domain1.zw.loca/%n works fine.
>
> But if mail_home is set as /var/mail/virtual/%d/%n
>
> I get
>
> Apr 12 19:53:18 postfix10 dovecot: imap-login: Login: user=<user0>,
> method=GSSAPI, rip=172.16.0.44, lip=10.16.0.220, mpid=2428,
> session=<iPA4Yc6/lJCsEAAs>
> Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local
> =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Added userdb
> setting: plugin/=yes
> Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local
> =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Effective
uid=5000,
> gid=5000, home=/var/mail/virtual/domain1.zw.local =login_user=user0/user0
>
> Right here, I can't figure out why login_user=user0/user0
>
> Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local
> =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Namespace
inbox:
> type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes,
> subscriptions=yes location=maildir:~/mail
>
> Now login_user=user0
>
> Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local
> =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: maildir++:
> root=/var/mail/virtual/domain1.zw.local =login_user=user0/user0/mail,
> index=, indexpvt=, control=, inbox=/var/mail/virtual/domain1.zw.local
> =login_user=user0/user0/mail, alt>
> then login_user=user0/user0/mail
>
> Apr 12 19:53:18 postfix10 dovecot: imap(user0 at domain1.zw.local
> =login_user=user0)<2428><iPA4Yc6/lJCsEAAs>: Debug: Mailbox
INBOX:
> Mailbox opened because: SELECT
>
>
> doveconf? -n
> # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.4 ()
> # OS: Linux 5.10.0-7-amd64 x86_64 Debian 10.6
> # Hostname: postfix10.zw.local
> auth_debug = yes
> auth_gssapi_hostname = $ALL
> auth_krb5_keytab = /etc/dovecot/imap.keytab
> auth_mechanisms = gssapi
> auth_verbose = yes
> disable_plaintext_auth = no
> import_environment = TZ KRB5CCNAME=/etc/dovecot/imap.ticket
> KRB5_KTNAME=/etc/dovecot/imap.keytab
> mail_debug = yes
> mail_gid = 5000
> mail_home = /var/mail/virtual/%d/%n
> mail_location = maildir:~/mail
> mail_privileged_group = mail
> mail_uid = 5000
> namespace inbox {
> ? disabled = no
> ? inbox = yes
> ? list = yes
> ? location > ? mailbox Drafts {
> ??? special_use = \Drafts
> ? }
> ? mailbox Junk {
> ??? special_use = \Junk
> ? }
> ? mailbox Sent {
> ??? special_use = \Sent
> ? }
> ? mailbox "Sent Messages" {
> ??? special_use = \Sent
> ? }
> ? mailbox Trash {
> ??? special_use = \Trash
> ? }
> ? prefix > ? type = private
> }
> passdb {
> ? args = /etc/dovecot/dovecot-ldap.conf.ext
> ? driver = ldap
> }
> protocols = " imap lmtp pop3"
> service lmtp {
> ? unix_listener /var/spool/postfix/private/dovecot-lmtp {
> ??? group = postfix
> ??? mode = 0600
> ??? user = postfix
> ? }
> }
> ssl = no
> ssl_cert = </etc/dovecot/private/dovecot.pem
> ssl_client_ca_dir = /etc/ssl/certs
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> userdb {
> ? args = /etc/dovecot/dovecot-ldap.conf.ext
> ? driver = ldap
> }
> userdb {
> ? driver = prefetch
> }
> protocol lmtp {
> ? postmaster_address = postmaster at zw.local
> }
>
>
> egrep -v "^$|^#" /etc/dovecot/dovecot-ldap.conf.ext
> uris = ldap://ldap10.zw.local
> auth_bind = yes
> sasl_bind = yes
> sasl_mech = gssapi
> sasl_realm = zw.local
> debug_level = -1
> ldap_version = 3
> base = dc=zw,dc=local
> user_attrs = \
> ??? =user=%{ldap:mail} \
> ??? =login_user=%{ldap:uid}
> user_filter = (uid=%n)
> pass_attrs = \
> ??? =user=%{ldap:uid},\
> ??? =k5principals=%{ldap:krbPrincipalName}
> pass_filter = (&(objectClass=krbPrincipalAux)(uid=%n))
>
>
--
Lucas Castro