[Dovecot] LDAP and prefetch
Jorgen Lundman
lundman at lundman.net
Wed Mar 22 02:32:12 EET 2006
SunOS pop01.unix 5.10 Generic_118844-26 i86pc i386 i86pc
dovecot-1.0.beta3
It is most likely something I am doing wrong, but could someone take a look at
why I can not get LDAP prefetch to work?
If I define things like this:
dovecot.conf:
----------------------------------------------
passdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
userdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}
----------------------------------------------
dovecot-ldap.conf:
----------------------------------------------
base = uid=%n, o=%d, ou=mail, dc=example, dc=com
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=posixAccount)(mail=%u))
pass_attrs = mail=user,userPassword=password,homeDirectory=userdb_home,uidNumber
=userdb_uid,gidNumber=userdb_gid
pass_filter = (&(objectClass=posixAccount)(mail=%u))
----------------------------------------------
This works correctly. Queries LDAP twice, but retrieves home, uid, gid and mail
correctly. Authenticates well.
If I replace the userdb line in dovecot.conf with:
----------------------------------------------
userdb prefetch {
}
----------------------------------------------
It does no longer work. The passdb query is still correct, and it is followed by
a second "empty" ldap query (as seen from snoop) with the following errors:
Mar 20 15:58:06 pop01.unix dovecot: [ID 474965 mail.info] Dovecot v1.0.beta3
starting up
Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default):
prefetch(fred at uranus.com,172.20.12.12): userdb_uid not returned
Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default):
prefetch(fred at uranus.com,172.20.12.12): userdb_gid not returned
Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.error] auth(default):
userdb(fred at uranus.com,172.20.12.12): user not found from userdb
Mar 20 15:58:14 pop01.unix dovecot: [ID 107833 mail.info] pop3-login: Internal
login failure: user=<fred at uranus.com>, method=PLAIN, rip=172.20.12.12,
lip=172.20.12.8
Snoop of failing lookup:
LDAP: Operation *[APPL 3: Search Request]
LDAP: [Base Object]
LDAP: uid=fred, o=uranus.com, ou=mail,
LDAP: dc=example, dc=com
[snip]
LDAP: And *[0]
LDAP: Equality Match *[3]
LDAP: [Attr Descr]
LDAP: objectClass
LDAP: [Value]
LDAP: posixAccount
LDAP: *[3]
LDAP: [OctetString]
LDAP: mail
LDAP: [OctetString]
LDAP: fred at uranus.com
LDAP: *[Sequence]
LDAP: [OctetString]
LDAP: mail
LDAP: [OctetString]
LDAP: userPassword
LDAP: [OctetString]
LDAP: homeDirectory
LDAP: [OctetString]
LDAP: uidNumber
LDAP: [OctetString]
LDAP: gidNumber
[snip]
LDAP: Operation *[APPL 4: Search ResEntry]
LDAP: [Object Name]
LDAP: uid=fred,o=uranus.com,ou=mail,dc
LDAP: =example,dc=com
LDAP: *[Partial Attributes]
LDAP: *[Attribute]
LDAP: [Type]
LDAP: uidNumber
LDAP: *[Vals]
LDAP: [Value]
LDAP: 105
LDAP: *[Attribute]
LDAP: [Type]
LDAP: gidNumber
LDAP: *[Vals]
LDAP: [Value]
LDAP: 200
LDAP: *[Attribute]
LDAP: [Type]
LDAP: homeDirectory
LDAP: *[Vals]
LDAP: [Value]
LDAP: /export/nfs/mail/com/s/u/ur
LDAP: anus/fred/
LDAP: *[Attribute]
LDAP: [Type]
LDAP: userPassword
LDAP: *[Vals]
LDAP: [Value]
LDAP: {crypt}QAa3SPeYrDARs (its "test", no leak fun here)
LDAP: *[Attribute]
LDAP: [Type]
LDAP: mail
LDAP: *[Vals]
LDAP: [Value]
LDAP: fred at uranus.com
[snip]
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
TCP: Destination port = 389 (LDAP)
LDAP: ----- LDAP: -----
LDAP:
LDAP: ""
LDAP:
Please advice!
Lund
--
Jorgen Lundman | <lundman at lundman.net>
Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell)
Japan | +81 (0)3 -3375-1767 (home)
More information about the dovecot
mailing list