Displaying 11 results from an estimated 11 matches for "username_attribute".
2020 Sep 16
2
Cannot load key: Invalid dovecot key version
I am trying to use a newly added Local Validation functionality in dovecot version 2.3.11. I am running dovecot inside a Docker container With base image " debian:buster-slim". When I try to login through below command , a crash is seen. Algorithm Used is RS256 and certificate is self-signed.
'''
a1 login admin
2019 Dec 08
2
Dovecot & OAuth
...tps://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect
>>>> introspection_mode = post
>>>> debug = yes
>>>> rawlog_dir = /tmp/oauth2
>>>> #force_introspection = yes
>>>> username_attribute = username
>>>> #active_attribute = active
>>>> #active_value = true
>>>> tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt
>>>> tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
>>>> tls_key_file = /etc/pki/dovecot/private/...
2019 Dec 06
4
Dovecot & OAuth
...://keycloak.com/auth/realms/mail/protocol/openid-connect/token
introspection_url =
https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect
introspection_mode = post
debug = yes
rawlog_dir = /tmp/oauth2
#force_introspection = yes
username_attribute = username
#active_attribute = active
#active_value = true
tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt
tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
tls_key_file = /etc/pki/dovecot/private/dovecot.pem
---------------
The debug log is showing now slightly different msg ex:...
2017 Mar 22
2
last_login LDAP - killed with signal 11 (core dumped)
...ib_save_level = 6
}
dovecot-ldap-dict.conf.ext:
uri = ldap://ldap.internal
bind_dn = cn=Manager,dc=mail,dc=com
password = XXXX
tls = no
debug = 1
map {
pattern = last-login/$user
filter = (&(mail=%{user})(objectClass=mailUser)) # the () is required
base_dn = o=domains,dc=mail,dc=com
username_attribute = mail
value_attribute = lastLoginTime
fields {
mail=$user
}
}
I don't see dovecot ever making a connection to the LDAP server I've
configured in the dovecot-ldap-dict.conf.ext file.
Log shows
==> /var/log/dovecot.log <==
Mar 22 07:49:30 imap-login: Info: Login: user=<...
2017 Mar 22
1
last_login LDAP - killed with signal 11 (core dumped)
...=Manager,dc=mail,dc=com
> > password = XXXX
> > tls = no
> > debug = 1
> >
> > map {
> > pattern = last-login/$user
> > filter = (&(mail=%{user})(objectClass=mailUser)) # the () is required
> > base_dn = o=domains,dc=mail,dc=com
> > username_attribute = mail
> > value_attribute = lastLoginTime
> > fields {
> > mail=$user
> > }
> > }
> >
> > I don't see dovecot ever making a connection to the LDAP server I've
> > configured in the dovecot-ldap-dict.conf.ext file.
> >
> &g...
2019 Dec 06
0
Dovecot & OAuth
...= https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect
> > > introspection_mode = post
> > > debug = yes
> > > rawlog_dir = /tmp/oauth2
> > > #force_introspection = yes
> > > username_attribute = username
> > > #active_attribute = active
> > > #active_value = true
> > > tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt
> > > tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
> > > tls_key_file = /etc/pki/dovecot/private/dovec...
2019 Dec 10
0
Dovecot & OAuth
...34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect
> >>>> introspection_mode = post
> >>>> debug = yes
> >>>> rawlog_dir = /tmp/oauth2
> >>>> #force_introspection = yes
> >>>> username_attribute = username
> >>>> #active_attribute = active
> >>>> #active_value = true
> >>>> tls_ca_cert_file = /etc/pki/CA/certs/incommon-rsa-server-ca.crt
> >>>> tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
> >>>> tls_key_file =...
2020 Feb 14
0
Dovecot Proxy - Oauth2 mech add custom fields
...-proxy/dovecot-oauth2.conf
grant_url = https://keycloak-iam.apps.example.com/auth/realms/example/protocol/openid-connect/token
use_grant_password = yes
introspection_mode = post
introspection_url = https://keycloak-iam.apps.example.com/auth/realms/example/protocol/openid-connect/token/introspect
username_attribute = username
username_format = %Lu
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
active_attribute = active
active_value = true
scope = email
send_auth_headers = yes
debug = yes
rawlog_dir = /LOGS/imap/oauth2/
client_id = imap-client
client_secret = 99e26b26-0f2a-4b64-8f57-c0ca2147d3a0
pas...
2017 Mar 22
0
last_login LDAP - killed with signal 11 (core dumped)
...uri = ldap://ldap.internal
> bind_dn = cn=Manager,dc=mail,dc=com
> password = XXXX
> tls = no
> debug = 1
>
> map {
> pattern = last-login/$user
> filter = (&(mail=%{user})(objectClass=mailUser)) # the () is required
> base_dn = o=domains,dc=mail,dc=com
> username_attribute = mail
> value_attribute = lastLoginTime
> fields {
> mail=$user
> }
> }
>
> I don't see dovecot ever making a connection to the LDAP server I've
> configured in the dovecot-ldap-dict.conf.ext file.
>
> Log shows
>
> ==> /var/log/dovecot.log...
2020 Jul 04
2
dovecot oauth
...log/dovecot-deliver-errors.log
}
------
- dovecot-oauth2.conf.ext
-----
tokeninfo_url =
https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/token
introspection_mode = post
introspection_url =
https://my.keycloak.host/auth/realms/test_saml/protocol/openid-connect/token/introspect
username_attribute = email
tls_ca_cert_file = /etc/letsencrypt/live/my.host/chain.pem
#tls_ca_cert_file = /etc/ssl/certs/letsencrypt.pem
#active_attribute = enableMail
#active_value = TRUE
debug =? yes
rawlog_dir = /tmp/oauth2
-----
* Logs:
-------
Jul 04 17:00:12 auth: Debug:
oauth2(my.mail at whatever,::1,<fG8...
2019 Dec 05
2
Dovecot & OAuth
Hi all,
We'd like to enable OAuth with Keycloak in Dovecot, after enabling
'OAUTHBEARER XOAUTH2' in Dovecot based on online document, I can confirm
Dovecot is ready for OAuth using openssl command, however when the auth
request comes in, it failed in establishing a SSL connection with Keycloak
server on port 443, shown as following in debug logs. I can confirming
using commands