1 Topic by varchar

  • varchar
  • Member
  • Offline
  • Registered: 2011-10-13
  • Posts: 15

Topic: [SOLVED] dovecot-ldap + ADS 2

==== Provide basic information to help troubleshoot and get quick answer ====
- iRedMail version: iRedMail-0.7.3
- Linux/BSD distribution name and version: CentOS 6.0
====
Hello.
I have next problem - when I'm trying to connect to dovecot with telnet I get next:
telnet localhost 143
. login user@vdomain.tld USERPASS
* OK Waiting for authentication process to respond..
. NO [UNAVAILABLE] Temporary authentication failure.
* BYE Disconnected for inactivity.

in /var/log/dovecot.log :
Nov 29 12:46:29 auth: Error: mysql(127.0.0.1): Connect failed to database (vmail): Access denied for user 'vmail'@'localhost' (using password: YES) - waiting for 1 seconds before retry
...
Nov 29 12:47:00 auth: Error: mysql(127.0.0.1): Connect failed to database (vmail): Access denied for user 'vmail'@'localhost' (using password: YES) - waiting for 125 seconds before retry
Nov 29 12:47:13 auth: Error: mysql: Query timed out (no free connections for 60 secs): SELECT CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir) AS home, CONCAT('*:bytes=', mailbox.quota*1048576) AS quota_rule FROM mailbox,domain WHERE mailbox.username='www@vdomain.tld' AND mailbox.domain='vdomain.tld' AND mailbox.enablelda=1 AND mailbox.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND mailbox.active=1
Nov 29 12:47:13 auth: Error: sql(www@vdomain.tld): User query failed: Not connected to database
Nov 29 12:47:13 auth: Error: auth worker: Aborted request: Lookup timed out
Nov 29 12:47:13 auth: Error: auth worker: Aborted request: Lookup timed out
Nov 29 12:47:13 auth: Error: mysql: Query timed out (no free connections for 60 secs): SELECT CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir) AS home, CONCAT('*:bytes=', mailbox.quota*1048576) AS quota_rule FROM mailbox,domain WHERE mailbox.username='www@vdomain.tld' AND mailbox.domain='vdomain.tld' AND mailbox.enablelda=1 AND mailbox.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND mailbox.active=1
Nov 29 12:47:13 auth: Error: sql(www@vdomain.tld): User query failed: Not connected to database
Nov 29 12:47:13 auth: Error: mysql(127.0.0.1): Connect failed to database (vmail): Access denied for user 'vmail'@'localhost' (using password: YES) - waiting for 1 seconds before retry
...
Nov 29 12:47:29 auth: Error: mysql: Query timed out (no free connections for 60 secs): SELECT password FROM mailbox WHERE username='user@vdomain.tld' AND active='1'
Nov 29 12:47:29 auth: Error: sql(user@vdomain.tld,127.0.0.1): Password query failed: Not connected to database
Nov 29 12:47:44 auth: Error: mysql(127.0.0.1): Connect failed to database (vmail): Access denied for user 'vmail'@'localhost' (using password: YES) - waiting for 125 seconds before retry
Nov 29 12:49:18 imap-login: Info: Disconnected: Inactivity (auth failed, 1 attempts): user=<user@vdomain.tld>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Nov 29 12:49:50 auth: Error: mysql(127.0.0.1): Connect failed to database (vmail): Access denied for user 'vmail'@'localhost' (using password: YES) - waiting for 625 seconds before retry

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| iredadmin          |
| mysql              |
| roundcubemail      |
| test               |
+--------------------+
There in no DB vmail...
What should I do to resolv it?

Thanks.==== Provide basic information to help troubleshoot and get quick answer ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: [SOLVED] dovecot-ldap + ADS 2

varchar wrote:

Nov 29 12:46:29 auth: Error: mysql(127.0.0.1): Connect failed to database (vmail): Access denied for user 'vmail'@'localhost' (using password: YES) - waiting for 1 seconds before retry

It's clear here, you have incorrect MySQL username or password in /etc/dovecot/dovecot-mysql.conf. Please fix it first.

3 Reply by varchar (edited by varchar 2011-11-29 21:33:18)

  • varchar
  • Member
  • Offline
  • Registered: 2011-10-13
  • Posts: 15

Re: [SOLVED] dovecot-ldap + ADS 2

ZhangHuangbin wrote:
varchar wrote:

Nov 29 12:46:29 auth: Error: mysql(127.0.0.1): Connect failed to database (vmail): Access denied for user 'vmail'@'localhost' (using password: YES) - waiting for 1 seconds before retry

It's clear here, you have incorrect MySQL username or password in /etc/dovecot/dovecot-mysql.conf. Please fix it first.

==== Provide basic information to help troubleshoot and get quick answer ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

1. There was no user 'vmail' in mysql table 'user'.
2. I created user vmail, changed his password in /etc/dovecot/dovecot-myql.conf. Result is the same.
3. in file /etc/dovecot-mysql.conf:
connect = host=127.0.0.1 dbname=vmail
...

There is no db 'vmail' in MySQL DBs. Can you help me create this DB?

Thank you.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: [SOLVED] dovecot-ldap + ADS 2

Are you trying integrating iRedMail + Microsoft Active Directory?
If so, please follow our integratiom tutorial strictly:
http://iredmail.com/wiki/index.php?titl … y.iRedMail

5 Reply by varchar

  • varchar
  • Member
  • Offline
  • Registered: 2011-10-13
  • Posts: 15

Re: [SOLVED] dovecot-ldap + ADS 2

ZhangHuangbin wrote:

Are you trying integrating iRedMail + Microsoft Active Directory?
If so, please follow our integratiom tutorial strictly:
http://iredmail.com/wiki/index.php?titl … y.iRedMail

I did everything according this instruction. I have working queries 'postmap -q ...' but when I'm trying to test dovecot with telnet I get error messages from mysql in /var/log/dovecot.log (see above). There is NO database 'vmail' in mysql dbs list. Can I create it or it should be created automatically?

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: [SOLVED] dovecot-ldap + ADS 2

In the Requirements section, we mentioned that you should install iRedMail with OpenLDAP backend. Seems you have MySQL backend instead of OpenLDAP.

So, what you need to do is create new file /etc/dovecot/dovecot-ldap.conf as wiki tutorial described, and change /etc/dovecot/dovecot.conf to use it in both "userdb" and "passdb".

Please post output of command "dovecot -n" to help troubleshoot.

7 Reply by varchar

  • varchar
  • Member
  • Offline
  • Registered: 2011-10-13
  • Posts: 15

Re: [SOLVED] dovecot-ldap + ADS 2

ZhangHuangbin wrote:

In the Requirements section, we mentioned that you should install iRedMail with OpenLDAP backend. Seems you have MySQL backend instead of OpenLDAP.

So, what you need to do is create new file /etc/dovecot/dovecot-ldap.conf as wiki tutorial described, and change /etc/dovecot/dovecot.conf to use it in both "userdb" and "passdb".

Please post output of command "dovecot -n" to help troubleshoot.

==== Provide basic information to help troubleshoot and get quick answer ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

You were right -- when I have install iRedmail I choose LDAP as backend but in dovecot.conf as userdb and passdb was pointed mysql. I have changed dovecot,conf to next:
...
userdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
}
passdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
}
...
in dovecot-ldap.conf:
hosts           = da.rdomain.tld:389
ldap_version    = 3
auth_bind       = yes
dn              = vmail
dnpass          = vmail_pass
base            = dc=rdomain,dc=tld
scope           = subtree
deref           = never
user_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT
user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

When I'm trying to connect to dovecot with telnet in dovecot.log:
Nov 30 16:00:17 auth: Error: PLAIN(user@vdomain.tld,127.0.0.1): Request 31507.1 timeouted after 150 secs, state=1
Nov 30 16:00:32 imap-login: Info: Disconnected: Inactivity (disconnected while authenticating): method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Nov 30 16:00:34 auth: Error: ldap(user@vdomain.tld,127.0.0.1): Connection appears to be hanging, reconnecting
Nov 30 16:00:34 auth: Error: ldap(user@vdomain.tld,127.0.0.1): Request lost
Nov 30 16:00:34 auth: Error: LDAP: Reply with unknown msgid 2
Nov 30 16:01:01 auth: Error: ldap(user@vdomain.tld,127.0.0.1): ldap_search((&(userPrincipalName=user@vdomain.tld)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))) failed: Operations error
Nov 30 16:01:01 imap: Error: Internal auth failure (client-pid=31535 client-id=1)
Nov 30 16:01:01 imap-login: Info: Internal login failure (pid=31535 id=1) (auth failed, 1 attempts): user=<user@vdomain.tld>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=31536, secured
Nov 30 16:01:01 auth: Error: ldap(www@vdomain.tld): ldap_search((&(userPrincipalName=www@vdomain.tld)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))) failed: Operations error

When I make ldapsearch query I can get info about user@vdomain.tld. postmap -q commands return mail adress and mailbox path.

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: [SOLVED] dovecot-ldap + ADS 2

varchar wrote:

Nov 30 16:00:17 auth: Error: PLAIN(user@vdomain.tld,127.0.0.1): Request 31507.1 timeouted after 150 secs, state=1
...
When I make ldapsearch query I can get info about user@vdomain.tld. postmap -q commands return mail adress and mailbox path.

Seems Dovecot cannot connect to your AD server ("timeouted").

Do you have the same AD server address (IP address or hostname) in dovecot-ldap.conf and Postfix AD lookup files (e.g. /etc/postfix/ad_virtual_mailbox_maps.cf)?

Also, I see you have "base = dc=rdomain,dc=tld" in dovecot-ldap.conf, is it the same as "search_base" in Postfix AD lookup files?
Please double check settings in dovecot-ldap.conf and Postfix AD lookup files, make sure you're using the correct ones.

9 Reply by varchar

  • varchar
  • Member
  • Offline
  • Registered: 2011-10-13
  • Posts: 15

Re: [SOLVED] dovecot-ldap + ADS 2

ZhangHuangbin wrote:
varchar wrote:

Nov 30 16:00:17 auth: Error: PLAIN(user@vdomain.tld,127.0.0.1): Request 31507.1 timeouted after 150 secs, state=1
...
When I make ldapsearch query I can get info about user@vdomain.tld. postmap -q commands return mail adress and mailbox path.

Seems Dovecot cannot connect to your AD server ("timeouted").

Do you have the same AD server address (IP address or hostname) in dovecot-ldap.conf and Postfix AD lookup files (e.g. /etc/postfix/ad_virtual_mailbox_maps.cf)?

Also, I see you have "base = dc=rdomain,dc=tld" in dovecot-ldap.conf, is it the same as "search_base" in Postfix AD lookup files?
Please double check settings in dovecot-ldap.conf and Postfix AD lookup files, make sure you're using the correct ones.

==== Provide basic information to help troubleshoot and get quick answer ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

I have the same AD server address in postfix configs and dovecot-ldap.conf. The only difference between these files is userPrincipalName. In postfix configs this attribute is %s and in dovecot-ldap.conf it is %u.
I have changed %u to %n in dovecot-ldap.conf -- result is the same:
Dec 01 08:36:36 auth: Error: PLAIN(user@vdomain.tld,127.0.0.1): Request 4754.1 timeouted after 151 secs, state=1
Dec 01 08:36:55 imap-login: Info: Disconnected: Inactivity (disconnected while authenticating): method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Dec 01 08:37:06 auth: Error: ldap(www@vdomain.tld): Connection appears to be hanging, reconnecting
Dec 01 08:37:06 auth: Error: ldap(www@vdomain.tld): Connection appears to be hanging, reconnecting
Dec 01 08:37:06 auth: Error: ldap(www@vdomain.tld): ldap_search((&(userPrincipalName=www)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))) failed: Operations error
Dec 01 08:37:06 auth: Error: ldap(user@vdomain.tld,127.0.0.1): Request lost
Dec 01 08:37:06 auth: Error: LDAP: Reply with unknown msgid 2
Dec 01 08:37:06 auth: Error: LDAP: Reply with unknown msgid 2
Dec 01 08:37:06 auth: Error: LDAP: Reply with unknown msgid 2
Dec 01 08:37:06 auth: Error: LDAP: Reply with unknown msgid 2
Dec 01 08:47:06 auth: Error: ldap(www@vdomain.tld): ldap_search((&(userPrincipalName=www)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))) failed: Operations error
Dec 01 08:47:06 auth: Error: ldap(www@vdomain.tld): ldap_search((&(userPrincipalName=www)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))) failed: Operations error
By the way user www (www@vdomain.tld) is absence in AD DB.

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: [SOLVED] dovecot-ldap + ADS 2

varchar wrote:

I have the same AD server address in postfix configs and dovecot-ldap.conf. The only difference between these files is userPrincipalName. In postfix configs this attribute is %s and in dovecot-ldap.conf it is %u.
I have changed %u to %n in dovecot-ldap.conf -- result is the same:

Don't change it. Dovecot is not Postfix, it has its own variable names.
In Dovecot, %u will be expanded to be a full email address, which is the same as %s in Postfix.
In Dovecot, %n is username part of email address, which is the same as %u in Postfix.

References:
- Postfix LDAP query_filter: http://www.postfix.org/ldap_table.5.html
- Dovecot: http://wiki.dovecot.org/Variables

Repeat my another question:
I see you have "base = dc=rdomain,dc=tld" in dovecot-ldap.conf, is it the same as "search_base" in Postfix AD lookup files? Could you please paste file content of /etc/postfix/ad_virtual_mailbox_maps.cf to help troubleshoot (remove password before posting)? Also, output of command "dovecot -n" helps a lot too.

11 Reply by varchar

  • varchar
  • Member
  • Offline
  • Registered: 2011-10-13
  • Posts: 15

Re: [SOLVED] dovecot-ldap + ADS 2

ZhangHuangbin wrote:
varchar wrote:

I have the same AD server address in postfix configs and dovecot-ldap.conf. The only difference between these files is userPrincipalName. In postfix configs this attribute is %s and in dovecot-ldap.conf it is %u.
I have changed %u to %n in dovecot-ldap.conf -- result is the same:

Don't change it. Dovecot is not Postfix, it has its own variable names.
In Dovecot, %u will be expanded to be a full email address, which is the same as %s in Postfix.
In Dovecot, %n is username part of email address, which is the same as %u in Postfix.

References:
- Postfix LDAP query_filter: http://www.postfix.org/ldap_table.5.html
- Dovecot: http://wiki.dovecot.org/Variables

Repeat my another question:
I see you have "base = dc=rdomain,dc=tld" in dovecot-ldap.conf, is it the same as "search_base" in Postfix AD lookup files? Could you please paste file content of /etc/postfix/ad_virtual_mailbox_maps.cf to help troubleshoot (remove password before posting)? Also, output of command "dovecot -n" helps a lot too.

==== Provide basic information to help troubleshoot and get quick answer ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====
ad_virtual_mailbox_maps.cf:
server_host     = ads.rdomain.tld
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail
bind_pw         = vmail_pass
search_base     = dc=rdomain,dc=tld
scope           = sub
query_filter    = (&(objectClass=person)(userPrincipalName=%s))
result_attribute= mail    I CHANGED THIS LINE
result_format   = %d/%u/Maildir/
debuglevel      = 0

dovecot-ldap.conf:
hosts           = ads.rdomain.tld:389
ldap_version    = 3
auth_bind       = yes
dn              = vmail
dnpass          = vmail_pass
base            = dc=rdomain,dc=tld
scope           = subtree
deref           = never
user_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs      = userPassword=password
default_pass_scheme = CRYPT
user_attrs      = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

dovecot -n:
# OS: Linux 2.6.32-71.29.1.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final)
auth_default_realm = vdomain.tld
auth_mechanisms = PLAIN LOGIN
dict {
  expire = db:/var/lib/dovecot/expire/expire.db
  quotadict = mysql:/etc/dovecot/used-quota.conf
}
disable_plaintext_auth = no
first_valid_uid = 501
last_valid_uid = 501
listen = *
log_path = /var/log/dovecot.log
mail_gid = 501
mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
mail_uid = 501
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date
passdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
plugin {
  auth_socket_path = /var/run/dovecot/auth-master
  autocreate = INBOX
  autocreate2 = Sent
  autocreate3 = Trash
  autocreate4 = Drafts
  autocreate5 = Junk
  autosubscribe = INBOX
  autosubscribe2 = Sent
  autosubscribe3 = Trash
  autosubscribe4 = Drafts
  autosubscribe5 = Junk
  expire = Trash 7 Trash/* 7 Junk 30
  expire_dict = proxy::expire
  quota = dict:user::proxy::quotadict
  quota_rule = *:storage=1G
  quota_warning = storage=85%% quota-warning 85 %u
  quota_warning2 = storage=90%% quota-warning 90 %u
  quota_warning3 = storage=95%% quota-warning 95 %u
  sieve = /%Lh/sieve/dovecot.sieve
  sieve_dir = /%Lh/sieve
  sieve_global_dir = /var/vmail/sieve
  sieve_global_path = /var/vmail/sieve/dovecot.sieve
}
protocols = pop3 imap sieve
service auth {
  unix_listener /var/spool/postfix/dovecot-auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-master {
    group = vmail
    mode = 0666
    user = vmail
  }
}
service dict {
  unix_listener dict {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service quota-warning {
  executable = script /usr/local/bin/dovecot-quota-warning.sh
  unix_listener quota-warning {
    group = vmail
    mode = 0660
    user = vmail
  }
}
ssl_cert = </etc/pki/tls/certs/iRedMail_CA.pem
ssl_key = </etc/pki/tls/private/iRedMail.key
userdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
  lda_mailbox_autocreate = yes
  log_path = /var/log/sieve.log
  mail_plugins = quota sieve autocreate
  postmaster_address = root
}
protocol imap {
  imap_client_workarounds = tb-extra-mailbox-sep
  mail_plugins = quota imap_quota autocreate
}
protocol pop3 {
  mail_plugins = quota
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  pop3_uidl_format = %08Xu%08Xv
}

12 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: [SOLVED] dovecot-ldap + ADS 2

I cannot figure out why it happened. Could you please turn on debug mode in Dovecot and test it again? Paste related log here to help troubleshoot.
To turn on debug mode in Dovecot, just change value of "mail_debug =" to "yes", then restart Dovecot service.

13 Reply by varchar

  • varchar
  • Member
  • Offline
  • Registered: 2011-10-13
  • Posts: 15

Re: [SOLVED] dovecot-ldap + ADS 2

ZhangHuangbin wrote:

I cannot figure out why it happened. Could you please turn on debug mode in Dovecot and test it again? Paste related log here to help troubleshoot.
To turn on debug mode in Dovecot, just change value of "mail_debug =" to "yes", then restart Dovecot service.

==== Provide basic information to help troubleshoot and get quick answer ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

dovecot.conf:
mail_debug = yes
auth_verbose = yes
auth_debug = yes
dovecot.log:
Dec 02 08:19:30 auth: Debug: auth client connected (pid=11806)
Dec 02 08:19:42 auth: Debug: client in: AUTH    1    PLAIN    service=imap    secured    lip=127.0.0.1    rip=127.0.0.1    lport=143    rport=58944    resp=<hidden>
Dec 02 08:19:42 auth: Debug: ldap(user@vdomain.tld,127.0.0.1): bind search: base=dc=rdomain,dc=tld filter=(&(userPrincipalName=user@vdomain.tld)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Dec 02 08:19:42 auth: Debug: ldap(user@vdomain.tld,127.0.0.1): result: objectClass(?unknown?)= cn(?unknown?)= sn(?unknown?)= title(?unknown?)= givenName(?unknown?)= distinguishedName(?unknown?)= instanceType(?unknown?)= whenCreated(?unknown?)= whenChanged(?unknown?)= displayName(?unknown?)= uSNCreated(?unknown?)= memberOf(?unknown?)= uSNChanged(?unknown?)= department(?unknown?)= homeMTA(?unknown?)= proxyAddresses(?unknown?)= homeMDB(?unknown?)= mDBStorageQuota(?unknown?)= mDBOverQuotaLimit(?unknown?)= mDBUseDefaults(?unknown?)= mailNickname(?unknown?)= protocolSettings(?unknown?)= name(?unknown?)= objectGUID(?unknown?)= userAccountControl(?unknown?)= badPwdCount(?unknown?)= codePage(?unknown?)= countryCode(?unknown?)= homeDirectory(?unknown?)= homeDrive(?unknown?)= badPasswordTime(?unknown?)= lastLogoff(?unknown?)= lastLogon(?unknown?)= pwdLastSet(?unknown?)= primaryGroupID(?unknown?)= userParameters(?unknown?)= objectSid(?unknown?)= adminCount(?unknown?)= accountExpires(?unknown?)= logonCount(?unknown?)= sAMAccountName(?unknown?)= sAMAccountType(?unknown?)= showInAddressBook(?unknown?)= legacyExchangeDN(?unknown?)= userPrincipalName(?unknown?)= servicePrincipalName(?unknown?)= objectCategory(?unknown?)= mSMQSignCertificates(?unknown?)= mSMQDigests(?unknown?)= msNPAllowDialin(?unknown?)= dSCorePropagationData(?unknown?)= lastLogonTimestamp(?unknown?)= textEncodedORAddress(?unknown?)= mail(?unknown?)= msExchHomeServerName(?unknown?)= msExchALObjectVersion(?unknown?)= msExchMailboxSecurityDescriptor(?unknown?)= msExchUserAccountControl(?unknown?)= msExchMailboxGuid(?unknown?)= msExchPoliciesIncluded(?unknown?)= msExchRecipientDisplayType(?unknown?)= msExchUserCulture(?unknown?)= msExchVersion(?unknown?)= msExchRecipientTypeDetails(?unknown?)=
Dec 02 08:22:12 auth: Error: PLAIN(user@vdomain.tld,127.0.0.1): Request 11806.1 timeouted after 150 secs, state=1
Dec 02 08:22:30 imap-login: Info: Disconnected: Inactivity (disconnected while authenticating): method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Dec 02 08:22:30 auth: Debug: client in: CANCEL    1
Dec 02 08:22:41 auth: Debug: master in: USER    1    www@vdomain.tld    service=lda
Dec 02 08:22:41 auth: Debug: ldap(www@vdomain.tld): user search: base=dc=rdomain,dc=tld scope=subtree filter=(&(userPrincipalName=www@vdomain.tld)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) fields=
Dec 02 08:22:41 auth: Error: ldap(www@vdomain.tld): Connection appears to be hanging, reconnecting
Dec 02 08:22:41 auth: Debug: master in: USER    1    www@vdomain.tld    service=lda
Dec 02 08:22:41 auth: Debug: ldap(www@vdomain.tld): user search: base=dc=rdomain,dc=tld scope=subtree filter=(&(userPrincipalName=www@vdomain.tld)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) fields=
Dec 02 08:22:41 auth: Error: ldap(www@vdomain.tld): Connection appears to be hanging, reconnecting
Dec 02 08:22:41 auth: Error: ldap(user@vdomain.tld,127.0.0.1): pass_filter matched multiple objects, aborting
Dec 02 08:22:41 auth: Info: ldap(www@vdomain.tld): unknown user
Dec 02 08:22:41 auth: Debug: master out: NOTFOUND    1
Dec 02 08:22:41 auth: Debug: master in: USER    1    www@vdomain.tld    service=lda
Dec 02 08:22:41 auth: Debug: ldap(www@vdomain.tld): user search: base=dc=rdomain,dc=tld scope=subtree filter=(&(userPrincipalName=www@vdomain.tld)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) fields=
Dec 02 08:22:41 auth: Error: ldap(www@vdomain.tld): ldap_search((&(userPrincipalName=www@vdomain.tld)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))) failed: Operations error
Dec 02 08:22:41 auth: Debug: master out: FAIL    1
Dec 02 08:22:43 auth: Debug: client out: FAIL    1    user=user@vdomain.tld    temp

14 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: [SOLVED] dovecot-ldap + ADS 2

Dovecot complains:

Dec 02 08:22:41 auth: Error: ldap(user@vdomain.tld,127.0.0.1): pass_filter matched multiple objects, aborting

Do you have multiple users which have "userPrincipalName=www@vdomain.tld"?

15 Reply by varchar

  • varchar
  • Member
  • Offline
  • Registered: 2011-10-13
  • Posts: 15

Re: [SOLVED] dovecot-ldap + ADS 2

ZhangHuangbin wrote:

Dovecot complains:

Dec 02 08:22:41 auth: Error: ldap(user@vdomain.tld,127.0.0.1): pass_filter matched multiple objects, aborting

Do you have multiple users which have "userPrincipalName=www@vdomain.tld"?

==== Provide basic information to help troubleshoot and get quick answer ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

There is no www@vdomain.tld in AD.
I found next entries in /etc/openldap/slapd.conf:
...
# Allow users to change their own passwords and mail forwarding addresses.
access to attrs="userPassword,mailForwardingAddress"
    by anonymous    auth
    by self         write
    by dn.exact="cn=vmail,dc=rdomain,dc=tld"   read
    by dn.exact="cn=vmailadmin,dc=rdomain,dc=tld"  write
    by users        none
...
# Set ACL for vmail/vmailadmin.
#
access to dn="cn=vmail,dc=rdomain,dc=tld"
    by anonymous                    auth
    by self                         write
    by dn.exact="cn=vmailadmin,dc=rdomain,dc=tld"  write
    by users                        none

access to dn="cn=vmailadmin,dc=rdomain,dc=tld"
    by anonymous                    auth
    by self                         write
    by users                        none
...
#######################################################################
# BDB database definitions
#######################################################################

database    bdb
suffix      dc=rdomain,dc=tld
directory   /var/lib/ldap/rdomain.tld

rootdn      cn=Manager,dc=rdomain,dc=tld
rootpw

sizelimit   1000
cachesize   1000
I have /var/lib/ldap/rdomain.tld only, but don't have vdomain.tld in that directory.
Should be openldap-server installed or is enough installed packages?
rpm -qa | grep ldap
apr-util-ldap-1.3.9-3.el6_0.1.x86_64
openldap-clients-2.4.19-15.el6_0.2.x86_64
php-ldap-5.3.2-6.el6_0.1.x86_64
openldap-2.4.19-15.el6_0.2.x86_64
python-ldap-2.3.10-1.el6.x86_64

16 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: [SOLVED] dovecot-ldap + ADS 2

varchar wrote:

There is no www@vdomain.tld in AD.
I found next entries in /etc/openldap/slapd.conf:

I'm confused.

- If there's no 'www@vdomain.tld' in AD, why you try to login with this email address?
- If you already configure Dovecot to query users from AD, you don't need to care about OpenLDAP server at all, because you won't use it anymore.

17 Reply by varchar

  • varchar
  • Member
  • Offline
  • Registered: 2011-10-13
  • Posts: 15

Re: [SOLVED] dovecot-ldap + ADS 2

ZhangHuangbin wrote:
varchar wrote:

There is no www@vdomain.tld in AD.
I found next entries in /etc/openldap/slapd.conf:

I'm confused.

- If there's no 'www@vdomain.tld' in AD, why you try to login with this email address?
- If you already configure Dovecot to query users from AD, you don't need to care about OpenLDAP server at all, because you won't use it anymore.

==== Provide basic information to help troubleshoot and get quick answer ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

I'm not trying to login as www@vdomain.tld. I don't know why but when I try to connect to dovecot with telnet I see in dovecot.log next messages:
Dec 02 08:22:12 auth: Error: PLAIN(user@vdomain.tld,127.0.0.1): Request 11806.1 timeouted after 150 secs, state=1
Dec 02 08:22:30 imap-login: Info: Disconnected: Inactivity (disconnected while authenticating): method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Dec 02 08:22:30 auth: Debug: client in: CANCEL    1
Dec 02 08:22:41 auth: Debug: master in: USER    1    www@vdomain.tld    service=lda
Dec 02 08:22:41 auth: Debug: ldap(www@vdomain.tld): user search: base=dc=rdomain,dc=tld scope=subtree filter=(&(userPrincipalName=www@vdomain.tld)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) fields=
Dec 02 08:22:41 auth: Error: ldap(www@vdomain.tld): Connection appears to be hanging, reconnecting
(http://www.iredmail.org/forum/post12730.html#p12730)
So I would like to know how can I get working dovecot with AD because postfix has access to AD and dovecot speak:
Debug: ldap(user@vdomain.tld,127.0.0.1): result: objectClass(?unknown?)= cn(?unknown?)= sn(?unknown?)= title(?unknown?)= givenName(?unknown?)= distinguishedName(?unknown?)= instanceType(?unknown?)= whenCreated(?unknown?)= whenChanged(?unknown?)= displayName(?unknown?)= uSNCreated(?unknown?)= memberOf(?unknown?)= uSNChanged(?unknown?)= department(?unknown?)= homeMTA(?unknown?)= proxyAddresses(?unknown?)= homeMDB(?unknown?)= mDBStorageQuota(?unknown?)= mDBOverQuotaLimit(?unknown?)= mDBUseDefaults(?unknown?)= mailNickname(?unknown?)= protocolSettings(?unknown?)= name(?unknown?)= objectGUID(?unknown?)= userAccountControl(?unknown?)= badPwdCount(?unknown?)= codePage(?unknown?)= countryCode(?unknown?)= homeDirectory(?unknown?)= homeDrive(?unknown?)= badPasswordTime(?unknown?)= lastLogoff(?unknown?)= lastLogon(?unknown?)= pwdLastSet(?unknown?)= primaryGroupID(?unknown?)= userParameters(?unknown?)= objectSid(?unknown?)= adminCount(?unknown?)= accountExpires(?unknown?)= logonCount(?unknown?)= sAMAccountName(?unknown?)= sAMAccountType(?unknown?)= showInAddressBook(?unknown?)= legacyExchangeDN(?unknown?)= userPrincipalName(?unknown?)= servicePrincipalName(?unknown?)= objectCategory(?unknown?)= mSMQSignCertificates(?unknown?)= mSMQDigests(?unknown?)= msNPAllowDialin(?unknown?)= dSCorePropagationData(?unknown?)= lastLogonTimestamp(?unknown?)= textEncodedORAddress(?unknown?)= mail(?unknown?)= msExchHomeServerName(?unknown?)= msExchALObjectVersion(?unknown?)= msExchMailboxSecurityDescriptor(?unknown?)= msExchUserAccountControl(?unknown?)= msExchMailboxGuid(?unknown?)= msExchPoliciesIncluded(?unknown?)= msExchRecipientDisplayType(?unknown?)= msExchUserCulture(?unknown?)= msExchVersion(?unknown?)= msExchRecipientTypeDetails(?unknown?)=
Dec 02 08:22:12 auth: Error: PLAIN(user@vdomain.tld,127.0.0.1): Request 11806.1 timeouted after 150 secs, state=1

18 Reply by varchar

  • varchar
  • Member
  • Offline
  • Registered: 2011-10-13
  • Posts: 15

Re: [SOLVED] dovecot-ldap + ADS 2

I solved this problem this way (according http://www.linuxmail.info/postfix-dovec … centos-5/):
/etc/dovecot/dovecot.conf:
...
userdb {
    driver = static
    args = uid=501 gid=501 home=/var/vmail/%Ld/%Lu
in original args = /etc/dovecot/dovecot-ldap.conf
}

passdb {
    driver = ldap
    args = /etc/dovecot/dovecot-ldap.conf
}

I added next lines to /etc/dovecot/conf.d/10-auth.conf:
auth_username_format = %Lu

passdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap.conf
}

userdb {
  driver = static
  args = uid=501 gid=501 home=/var/vmail/%Ld/%Lu
}

telnet login ip.add.re.ss 143
Connected to ip.add.re.ss.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
. login user@vdomain.tld userpass
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in

Thanks.