Menu

Postfix + Dovecot / Slapd Authentication - dovecot lda uidnumber Error

ryan_m021
2014-08-04
2018-10-16
  • ryan_m021

    ryan_m021 - 2014-08-04

    I'm Trying to Configure Postfix and Dovecot with Openldap/Slapd Authentication and the mailing panel is Squirrelmail.

    [Slapd Server]--------------[Postfix/Dovecot/Squirrelmail(SRV2)]--------------[Client]

    Linux Distribution: Debian Wheezy 7.5
    Dovecot Version: 2.1.7
    Postfix Version: 2.9.6
    Slapd Version: 2.4.31
    

    Slapd Directory and LDAP User Objects are Configured Correctly and all users can login to Squirrelmail panel which means that dovecot and postfix ldap queries will be searched on ldap directories and get users attributes and it succeeds.

    The Problem Is That, When Someone for example user:tom with uidnumber:1002 Sends an email, dovecot-lda will have an error on user uidnumber which says:

    > SRV2 dovecot: lda(tom@mh.com): Fatal: setuid(1002 from
    > userdb lookup) failed with euid=1001(admin): Operation not permitted
    > (This binary should probably be called with process user set to 1002
    > instead of 1001(admin))
    

    But When user:admin with uidnumber:1001 Sends an email It Will Work Perfectly. So By This Issue, Everyone Except user:admin Cannot Send emails.

    On Slapd, uid and ObjectClass are indexed and "everyone" is able to read ldap directories.

    Summary of main.cf

    inet_protocols = ipv4
    
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_auth_enable = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
    
    virtual_mailbox_domains = mh.com
    virtual_mailbox_maps = ldap:/etc/postfix/ldap.cf
    virtual_transport = dovecot
    local_recipient_maps =
    
    myhostname = SRV2
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    relayhost = 
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_command = /usr/lib/dovecot/deliver
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    

    master.cf

    dovecot  unix  -       n       n       -       -       pipe
      flags=DRhu user=admin:admin argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
    

    /etc/postfix/ldap.cf

    server_host = 192.168.10.1
    bind = yes
    bind_dn = cn=admin,dc=mh,dc=com
    bind_pw = xxxxx
    search_base = ou=People,dc=mh,dc=com
    query_filter = (uid=%u)
    result_attribute = uid
    

    Summary of doveconf -n

    auth_default_realm = mh.com
    disable_plaintext_auth = no
    mail_gid = admin
    mail_uid = admin
    mail_location = maildir:/home/%n/Maildir
    passdb {
      driver = pam
    }
    passdb {
      args = /etc/dovecot/dovecot-ldap.conf.ext
      driver = ldap
    }
    plugin {
      sieve = ~/.dovecot.sieve
      sieve_dir = ~/sieve
    }
    protocols = " imap pop3"
    service auth {
      unix_listener /var/spool/postfix/private/auth {
        mode = 0777    
        group = postfix
        user = postfix
      }
      unix_listener auth-userdb {
        mode = 0777
      }
    }
    service dict {
      unix_listener dict {
          mode = 0777
      }
    }
    service lmtp {
      unix_listener lmtp {
        mode = 0777
      }
    }
    ssl = no
    userdb {
      driver = passwd
    }
    userdb {
      args = /etc/dovecot/dovecot-ldap.conf.ext
      driver = ldap
    }
    protocol lda {
      postmaster_address = root
    }
    

    on mail server i've added admin user:

    security things doesn't matter right now... :)

    useradd -m admin
    chgrp admin /home
    chmod -R 777 /home
    

    Summary of /etc/dovecot/dovecot-ldap.conf.ext

    hosts = 192.168.10.1   
    dn = cn=admin,dc=mh,dc=com
    dnpass = xxxxx
    auth_bind = yes
    ldap_version = 3
    base = ou=People,dc=mh,dc=com
    user_filter = (uid=%n)
    pass_filter = (uid=%n)
    
     
  • Christian Boltz

    Christian Boltz - 2014-08-15

    Let me steal Simon's post (in another thread):

    This is not a general Postfix help forum - this is for the separate package Postfix Admin which configures/maintains virtual domains & mailboxes using Postfix (plus MySQL, optionally maildrop, and Courier or Dovecot).
    For Postfix help you should head over to postfix.org and check out the Postfix mailing lists.

    In this case, a dovecot-specific mailinglist might be a better choice.

    (Personally, I avoid LDAP. At any cost ;-)

     
  • Robert Moskowitz

    Christian,

    I know this is an old thread, but I am working with Nethserver's mailserver function and they do not support muliple domains. Thus I am looking at bolting postfixadmin onto their system.

    Thing is their 'simple' user and group management is openLDAP, and I would like to see if I can use that. In the past I have used mysql (now mariadb). So if no openLDAP, I will also be bolting on mariadb.

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.