Postfix + Dovecot / Slapd Authentication - dovecot lda uidnumber Error

[ryan_m021]

I'm Trying to Configure Postfix and Dovecot with Openldap/Slapd Authentication and the mailing panel is Squirrelmail.

[Slapd Server]--------------[Postfix/Dovecot/Squirrelmail(SRV2)]--------------[Client]

Linux Distribution: Debian Wheezy 7.5
Dovecot Version: 2.1.7
Postfix Version: 2.9.6
Slapd Version: 2.4.31

Slapd Directory and LDAP User Objects are Configured Correctly and all users can login to Squirrelmail panel which means that dovecot and postfix ldap queries will be searched on ldap directories and get users attributes and it succeeds.

The Problem Is That, When Someone for example user:tom with uidnumber:1002 Sends an email, dovecot-lda will have an error on user uidnumber which says:

> SRV2 dovecot: lda(tom@mh.com): Fatal: setuid(1002 from
> userdb lookup) failed with euid=1001(admin): Operation not permitted
> (This binary should probably be called with process user set to 1002
> instead of 1001(admin))

But When user:admin with uidnumber:1001 Sends an email It Will Work Perfectly. So By This Issue, Everyone Except user:admin Cannot Send emails.

On Slapd, uid and ObjectClass are indexed and "everyone" is able to read ldap directories.

Summary of main.cf

inet_protocols = ipv4

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination

virtual_mailbox_domains = mh.com
virtual_mailbox_maps = ldap:/etc/postfix/ldap.cf
virtual_transport = dovecot
local_recipient_maps =

myhostname = SRV2
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

master.cf

dovecot  unix  -       n       n       -       -       pipe
  flags=DRhu user=admin:admin argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

/etc/postfix/ldap.cf

server_host = 192.168.10.1
bind = yes
bind_dn = cn=admin,dc=mh,dc=com
bind_pw = xxxxx
search_base = ou=People,dc=mh,dc=com
query_filter = (uid=%u)
result_attribute = uid

Summary of doveconf -n

auth_default_realm = mh.com
disable_plaintext_auth = no
mail_gid = admin
mail_uid = admin
mail_location = maildir:/home/%n/Maildir
passdb {
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
protocols = " imap pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0777    
    group = postfix
    user = postfix
  }
  unix_listener auth-userdb {
    mode = 0777
  }
}
service dict {
  unix_listener dict {
      mode = 0777
  }
}
service lmtp {
  unix_listener lmtp {
    mode = 0777
  }
}
ssl = no
userdb {
  driver = passwd
}
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocol lda {
  postmaster_address = root
}

on mail server i've added admin user:

security things doesn't matter right now... :)

useradd -m admin
chgrp admin /home
chmod -R 777 /home

Summary of /etc/dovecot/dovecot-ldap.conf.ext

hosts = 192.168.10.1   
dn = cn=admin,dc=mh,dc=com
dnpass = xxxxx
auth_bind = yes
ldap_version = 3
base = ou=People,dc=mh,dc=com
user_filter = (uid=%n)
pass_filter = (uid=%n)

[Christian Boltz]

Let me steal Simon's post (in another thread):

This is not a general Postfix help forum - this is for the separate package Postfix Admin which configures/maintains virtual domains & mailboxes using Postfix (plus MySQL, optionally maildrop, and Courier or Dovecot).
For Postfix help you should head over to postfix.org and check out the Postfix mailing lists.

In this case, a dovecot-specific mailinglist might be a better choice.

(Personally, I avoid LDAP. At any cost ;-)

[Robert Moskowitz]

Christian,

I know this is an old thread, but I am working with Nethserver's mailserver function and they do not support muliple domains. Thus I am looking at bolting postfixadmin onto their system.

Thing is their 'simple' user and group management is openLDAP, and I would like to see if I can use that. In the past I have used mysql (now mariadb). So if no openLDAP, I will also be bolting on mariadb.