6 messages in net.sourceforge.lists.courier-maildropRe: [maildropl] non-suid Maildrop won...
FromSent OnAttachments
Petri RiihikallioOct 12, 2003 1:00 pm 
Andreas StollarOct 13, 2003 8:55 am 
Petri RiihikallioOct 13, 2003 9:24 am 
Andreas StollarOct 13, 2003 9:38 am 
Petri RiihikallioOct 13, 2003 11:35 am 
Arnaud PignardOct 13, 2003 6:26 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [maildropl] non-suid Maildrop won't talk to LDAP serverActions...
From:Andreas Stollar (andr@speakeasy.net)
Date:Oct 13, 2003 8:55:39 am
List:net.sourceforge.lists.courier-maildrop

On Sun, 12 Oct 2003, Petri Riihikallio wrote:

Hello

I am using Maildrop as the virtual delivery agent with Postfix. I am moving my users to an OpenLDAP server. All the mailboxes are owned by vmail:vmail, so Maildrop should work without root privileges. The problem is that it won't.

Postfix will run maildrop as user vmail. I have compiled maildrop with --enable-maildrop-uid=vmail and --enable-maildrop-gid=vmail. My maildropldap.config is readable by vmail and the path to it is in the binary.

Why can't I run Maildrop as vmail?

The symptoms are that Maildrop will not contact LDAP server at all (from the LDAP logs). Instead I get "(user unknown. Command output: Invalid user specified. )" in the Postfix log. The cure is to make Maildrop suid root.

The only clue I have left is RESET_GID. If Maildrop is running as normal user it can't change it's group. Shouldn't maildrop complain if changing group fails? I have tried setting RESET_GID to 0 and exporting it to the configure script. It won't make a difference to the binary (by their behavior or md5 checksums) so I guess it was zero to begin with. What is the proper way of setting these variables?

You should not have to setuid/setgid for this to work. I am using maildrop with LDAP and qmail for over a year. I only used "'--enable-maildropldap' '--enable-maildirquota'" when building. My /etc/maildropldap.config file is 600 and owned by the virtual user. It sounds like something is not configured right in you maildropldap.config file. The key parts of mine look like:

hostname ldapmaster.speakeasy.net basedn dc=speakeasy,dc=net binddn cn=manager,dc=speakeasy,dc=net bindpw heh heh timeout 5 search_method mail default_uidnumber 1000 (uid of vmail user) default_gidnumber 1000 (ditto) mail_attr mail ("mail:" attribute in LDAP) uid_attr uid ("cn:" attribute in LDAP) uidnumber_attr uidnumber gidnumber_attr gidnumber maildir_attr mailMessageStore homedirectory_attr mailMessageStore quota_attr mailQuota

This took me a bit of time to get working right, it was tweaking this file for my setup that was needed.

Andreas