 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
2 messages in net.sourceforge.lists.courier-maildropRe: [maildropl] trouble with maildrop...| From | Sent On | Attachments |
|---|---|---|
| Mata | Oct 15, 2007 11:42 pm | |
| Tony Earnshaw | Oct 16, 2007 1:10 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [maildropl] trouble with maildrop and LDAP | Actions... |
|---|---|---|
| From: | Tony Earnshaw (ton...@hetnet.nl) | |
| Date: | Oct 16, 2007 1:10:31 am | |
| List: | net.sourceforge.lists.courier-maildrop | |
Mata skrev, on 16-10-2007 08:42:
I'm despered. Since few days I search any solution of my problem in google and nothing. My distro is Suse 10.2.
I try configure postfix with sasl2, maildrop and LDAP like describe book (The Book of Postfix: State-of-the-Art Message Transport" write by Ralf Hildebrandt and Patrick Koetter. I have big problem with maildrop and authdaemon configuration. Postfix cannot receive any mails becouse:
Oct 15 13:46:50 Telelinux authdaemond: modules="authldap", daemons=5 Oct 15 13:46:50 Telelinux authdaemond: Installing libauthldap Oct 15 13:46:50 Telelinux authdaemond: Installation complete: authldap Oct 15 13:46:53 Telelinux slapd[3649]: conn=45 fd=17 ACCEPT from IP=127.0.0.1:19 755 (IP=127.0.0.1:389) Oct 15 13:46:53 Telelinux slapd[3649]: conn=45 op=0 BIND dn="" method=128 Oct 15 13:46:53 Telelinux slapd[3649]: conn=45 op=0 RESULT tag=97 err=0 text= Oct 15 13:46:53 Telelinux slapd[3649]: conn=45 op=1 SRCH base="dc=mail,dc=pl" scope=2 deref=0 filter="(mail=marc...@telelinux.hopto.org)" Oct 15 13:46:53 Telelinux slapd[3649]: conn=45 op=1 SRCH attr=homeDirectory mailbox cn userPassword mail Oct 15 13:46:53 Telelinux slapd[3649]: conn=45 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Oct 15 13:46:53 Telelinux authdaemond: authldaplib: refuse to authenticate marc...@telelinux.hopto.org: uid=0, gid=0 (zero uid or gid not permitted)
All the above has nothing to do with Postfix not being to receive mail. You must separate Postfix from Courier maildrop; the only thing they have in common is that Postfix delivers mail to maildrop for delivery - this is a single line in main.cf or a (different) single line in master.cf.
Also, separate OpenLDAP output from facility.mail output in your /etc/syslog.conf. Let slapd have its own log file.
authdaemonrc: authmodulelist="authldap" authmodulelistorig="authldap authcustom authcram authuserdb authmysql authpam" daemons=5 authdaemonvar=/var/run/authdaemon.courier-imap DEBUG_LOGIN=1 version="authdaemond.ldap"
Don't now what the rest is.
authldaprc LDAP_URI ldap://localhost LDAP_PROTOCOL_VERSION 3 LDAP_BASEDN dc=mail,dc=pl LDAP_TIMEOUT 5 LDAP_MAIL mail LDAP_FILTER (objectClass=inetOrgPerson) LDAP_HOMEDIR homeDirectory LDAP_MAILDIR mailbox LDAP_MAILDIRQUOTA quota LDAP_CRYPTPW userPassword LDAP_UID uidNumber LDAP_GID gidNumber LDAP_DEREF never LDAP_TLS 0
This is not good if you are running a setup with a static UID and GID and can never work.
Here's my authldaprc for a similar setup:
LDAP_URI ldapi://%2fvar%2frun%2fslapd%2fldapi/, ldap://oikos.windows/ LDAP_PROTOCOL_VERSION 3 LDAP_BASEDN dc=domainpart,dc=nl LDAP_BINDDN cn=proxy,dc=domainpart,dc=nl LDAP_BINDPW EcyeddIl5 LDAP_TIMEOUT 5 LDAP_MAIL uid LDAP_FILTER (accountStatus=active) LDAP_GLOB_UID vmail LDAP_GLOB_GID vmail LDAP_HOMEDIR mailMessageStore LDAP_MAILDIR mailMessageStore LDAP_DEFAULTDELIVERY defaultDelivery LDAP_MAILDIRQUOTA quota LDAP_FULLNAME gecos LDAP_CLEARPW userPassword LDAP_CRYPTPW userPassword LDAP_DEREF never LDAP_TLS 0
I don't use encrypted passwords, because Postfix (with SASL auxprop) and Courier IMAP are configured to use MD5 passwords, which have to have cleartext entries. If you only use PLAIN or LOGIN auth, continue to use encrypted passwords, if you wish.
maildropldap.config hostname ldap://localhost basedn dc=mail,dc=teletorium,dc=pl binddn cn=mata,dc=mail,dc=pl bindpw password filter &(objectclass=inetOrgPerson) timeout 5 search_method mail mail_attr mail uid_attr uid uidnumber_attr uidNumber gidnumber_attr gidNumber maildir_attr mailbox homedirectory_attr homeDirectory quota_attr quota
I don't know SuSE at all, I run Red Hat derived systems, *BUT* there is no maildropldap.config with recent maildrop versions; that was for old versions. Current versions ask authdaemond's authldap module.
Example one of users in my LDAP base:
dn: uid=matyla_m,ou=IT,dc=mail,dc=pl uid: matyla_m cn: Marcin Matyla sn: Matyla givenname: Marcin objectclass: CourierMailAccount objectclass: inetOrgPerson mail: marc...@telelinux.hopto.org telephonenumber: 111222333 userPassword: password quota: 500 homeDirectory: /var/spool/mail/matyla_m mailbox: /var/spool/mail/matyla_m/Maildir description: IT uidnumber: 1100 gidnumber: 1100
My crystal ball tells me that what you're mistakenly trying to do is give all users the same uidNumber and gidNumber - this will completely break LDAP, which can never work for anything. Also, I miss objectClass descriptions - where are you getting attribute quota from?
postfix conf queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/lib/postfix mail_owner = postfix myhostname = telelinux.hopto.org unknown_local_recipient_reject_code = 450 debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = vmail biff = no masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient program_directory = /usr/lib/postfix mydestination = $myhostname, $mydomain myorigin= $mydomain mynetworks_style = subnet disable_dns_lookups = no mynetworks_style = subnet disable_dns_lookups = no local_transport = local local_recipient_maps = proxy:ldap:/etc/postfix/ldap/local_recipients.cf strict_8bitmime = no disable_mime_output_conversion = no smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_use_tls = no smtp_use_tls = no mailbox_size_limit = 0 message_size_limit = 10240000 smtpd_sasl_security_options= broken_sasl_auth_clients=yes smtpd_sasl_security_options=noanonymous
Firstly, don't give this kind of thing, give 'postconf -n' output. Secondly, I can't see anything telling Postfix to hand off to maildrop. You should have a mailbox_command line in main.cf or (much preferably) a pipe transport in master.cf with a corresponding entry in your transport map. See Postfix's MAILDROP_README.
However, please don't ask for Postfix help on this list, ask for it on the Postfix ML.
All users are virtual and all have the same uid and gid number in LDAP. The same uid and gid (1100) has vmail user in system.
As written above, you can't do this. By all means give maildrop (who should be a system user) uidNumber and gidNumber 1100, not your users.
Maildrop command has rwsr-x--- permissions. (Owner root, group - vmail).
1033 [root:mercurius.intern] /etc/authlib # l /usr/bin/maildrop -rwsr-sr-x 1 root mail 213851 Aug 10 06:44 /usr/bin/maildrop
Sasl2 works with LDAP
I have no idea what can I do, which permissions are incorrect.
HTH, if not, come back - but not with Postfix questions ;)
--Tonni
-- Tony Earnshaw Email: tonni at hetnet dot nl