dovecot + ldap : ошибка авторизации на сервере

EXIM, sendmail, postfix, Dovecot и прочие. Решение проблем связанных с работой электронной почты

Модератор: xM

Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
Аватара пользователя
f0s
ст. лейтенант
Сообщения: 1082
Зарегистрирован: 2007-03-13 18:43:31
Откуда: Санкт-Петербург
Контактная информация:

dovecot + ldap : ошибка авторизации на сервере

Непрочитанное сообщение f0s » 2008-02-19 17:00:42

как ключить полные логи? в конфиге вроде как поставил опцию соотсветсвующую - не собо много нового появилось.. а вообщем-то вот что, при попытке войти в ящик, пишет: "ошибка регистрации на сервере".


вот что пишет:

Код: Выделить всё

Feb 19 16:49:40 mail dovecot: imap-login: Disconnected: user=<f0s>, method=PLAIN, rip=192.168.10.2, lip=192.168.10.8
Feb 19 16:51:32 mail dovecot: imap-login: Disconnected: user=<f0s>, method=PLAIN, rip=192.168.10.2, lip=192.168.10.8
вот конифги

(зы. непонятно как выложить конфиги, запрещено txt && conf расширения...)

ну ладно.

вот что касается лдапа:

Код: Выделить всё

[f0s@mail] /tmp/> cat dovecot-ldap.txt
# This file is opened as root, so it should be owned by root and mode 0600.
#
# http://wiki.dovecot.org/AuthDatabase/LDAP
#
# NOTE: If you're not using authentication binds, you'll need to give
# dovecot-auth read access to userPassword field in the LDAP server.
# With OpenLDAP this is done by modifying /etc/ldap/slapd.conf. There should
# already be something like this:

# access to attribute=userPassword
#        by dn="<dovecot's dn>" read # add this
#        by anonymous auth
#        by self write
#        by * none

# Space separated list of LDAP hosts to use. host:port is allowed too.
hosts = 127.0.0.1:389

# LDAP URIs to use. You can use this instead of hosts list. Note that this
# setting isn't supported by all LDAP libraries.
#uris =

# Distinguished Name - the username used to login to the LDAP server
dn = cn=root,dc=artpaint,dc=spb,dc=ru

# Password for LDAP server
dnpass = password

# Use SASL binding instead of the simple binding. Note that this changes
# ldap_version automatically to be 3 if it's lower. Also note that SASL binds
# and auth_bind=yes don't work together.
#sasl_bind = no
# SASL mechanism name to use.
#sasl_mech =
# SASL realm to use.
#sasl_realm =
# SASL authorization ID, ie. the dnpass is for this "master user", but the
# dn is still the logged in user. Normally you want to keep this empty.
#sasl_authz_id =

# Use TLS to connect to the LDAP server.
#tls = no

# Use authentication binding for verifying password's validity. This works by
# logging into LDAP server using the username and password given by client.
# The pass_filter is used to find the DN for the user. Note that the pass_attrs
# is still used, only the password field is ignored in it. Before doing any
# search, the binding is switched back to the default DN.
auth_bind = yes

# If authentication binding is used, you can save one LDAP request per login
# if users' DN can be specified with a common template. The template can use
# the standard %variables (see user_filter). Note that you can't
# use any pass_attrs if you use this setting.
#
# If you use this setting, it's a good idea to use a different
# dovecot-ldap.conf for userdb (it can even be a symlink, just as long as the
# filename is different in userdb's args). That way one connection is used only
# for LDAP binds and another connection is used for user lookups. Otherwise
# the binding is changed to the default DN before each user lookup.
#
# For example:
#   auth_bind_userdn = cn=%u,ou=people,o=org
#
#auth_bind_userdn =

# LDAP protocol version to use. Likely 2 or 3.
ldap_version = 3

# LDAP base. %variables can be used here.
base = ou=users,dc=artpaint,dc=spb,dc=ru

# Dereference: never, searching, finding, always
#deref = never

# Search scope: base, onelevel, subtree
scope = subtree

# User attributes are given in LDAP-name=dovecot-internal-name list. The
# internal names are:
#   uid - System UID
#   gid - System GID
#   home - Home directory
#   mail - Mail location
#
# There are also other special fields which can be returned, see
# http://wiki.dovecot.org/UserDatabase/ExtraFields
user_attrs = homeDirectory=home

# Filter for user lookup. Some variables can be used (see
# http://wiki.dovecot.org/Variables for full list):
#   %u - username
#   %n - user part in user@domain, same as %u if there's no domain
#   %d - domain part in user@domain, empty if user there's no domain
user_filter = (&(objectClass=dbmailUser)(mail=%u))

# Password checking attributes:
#  user: Virtual user name (user@domain), if you wish to change the
#        user-given username to something else
#  password: Password, may optionally start with {type}, eg. {crypt}
# There are also other special fields which can be returned, see
# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
pass_attrs = mail=user,userPassword=password

# If you wish to avoid two LDAP lookups (passdb + userdb), you can use
# userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
# also have to include user_attrs in pass_attrs field prefixed with "userdb_"
# string. For example:
#pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid

# Filter for password lookups
pass_filter = (&(objectClass=dbmailUser)(mail=%u))

# Default password scheme. "{scheme}" before password overrides this.
# List of supported schemes is in: http://wiki.dovecot.org/Authentication
default_pass_scheme = CRYPT

# You can use same UID and GID for all user accounts if you really want to.
# If the UID/GID is still found from LDAP reply, it overrides these values.
#user_global_uid =
#user_global_gid =
named, named, what is my TTL value?..

[FidoNet 2:550/2 && 2:5030/4441]

Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2460 рублей (8 CPU, 8Gb RAM, 2x500Gb HDD, RAID 3ware 9750):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

Voronok
рядовой
Сообщения: 25
Зарегистрирован: 2006-06-29 18:53:59

Re: dovecot + ldap : ошибка авторизации на сервере

Непрочитанное сообщение Voronok » 2008-02-26 18:15:20

А в /var/log/debug.log у Вас случайно не похожая картина:

Код: Выделить всё

Feb 26 18:01:15 mail slapd[24513]: conn=1 fd=11 ACCEPT from IP=10.1.2.5:58144 (IP=0.0.0.0:389)
Feb 26 18:01:15 mail slapd[24513]: conn=1 op=0 BIND dn="cn=exim,ou=system,dc=sity,dc=tlt" method=128
Feb 26 18:01:15 mail slapd[24513]: conn=1 op=0 BIND dn="cn=exim,ou=system,dc=sity,dc=tlt" mech=SIMPLE ssf=0
Feb 26 18:01:15 mail slapd[24513]: conn=1 op=0 RESULT tag=97 err=0 text=
Feb 26 18:01:21 mail slapd[24513]: conn=1 op=1 SRCH base="ou=exim,dc=sity,dc=tlt" scope=2 deref=0 filter="(&(accountStatus=active)(mail=test@sity.tlt))"
Feb 26 18:01:21 mail slapd[24513]: conn=1 op=1 SRCH attr=mail clearPassword
Feb 26 18:01:21 mail slapd[24513]: <= bdb_equality_candidates: (accountStatus) not indexed
Feb 26 18:01:21 mail slapd[24513]: <= bdb_equality_candidates: (mail) not indexed
Feb 26 18:01:21 mail slapd[24513]: conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Так dovecot ищет в LDAP.
У меня, думаю, такая же проблема. Уже второй день колупаю и все никак.
Интересно посмотреть, как exim ищет в LDAP:

Код: Выделить всё

Feb 26 18:09:05 mail slapd[24513]: conn=2 fd=13 ACCEPT from IP=10.1.2.5:65439 (IP=0.0.0.0:389)
Feb 26 18:09:05 mail slapd[24513]: conn=2 op=0 BIND dn="cn=exim,ou=system,dc=sity,dc=tlt" method=128
Feb 26 18:09:05 mail slapd[24513]: conn=2 op=0 BIND dn="cn=exim,ou=system,dc=sity,dc=tlt" mech=SIMPLE ssf=0
Feb 26 18:09:05 mail slapd[24513]: conn=2 op=0 RESULT tag=97 err=0 text=
Feb 26 18:09:05 mail slapd[24513]: conn=2 op=1 SRCH base="ou=exim,dc=sity,dc=tlt" scope=2 deref=0 filter="(&(accountStatus=active)(mail=test@sity.tlt)(clearPassword=qwerty))"
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (accountStatus) not indexed
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (mail) not indexed
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (clearPassword) not indexed
Feb 26 18:09:05 mail slapd[24513]: conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb 26 18:09:05 mail slapd[24513]: conn=2 op=2 SRCH base="ou=exim,dc=sity,dc=tlt" scope=2 deref=0 filter="(&(accountStatus=active)(mailAlternateAddress=test@sity.tlt))"
Feb 26 18:09:05 mail slapd[24513]: conn=2 op=2 SRCH attr=mail
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (accountStatus) not indexed
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (mailAlternateAddress) not indexed
Feb 26 18:09:05 mail slapd[24513]: conn=2 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Feb 26 18:09:05 mail slapd[24513]: conn=2 op=3 SRCH base="ou=exim,dc=sity,dc=tlt" scope=2 deref=0 filter="(&(accountStatus=active)(mail=test@sity.tlt))"
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (accountStatus) not indexed
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (mail) not indexed
Feb 26 18:09:05 mail slapd[24513]: conn=2 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb 26 18:09:05 mail slapd[24513]: conn=2 op=4 UNBIND
Feb 26 18:09:05 mail slapd[24513]: conn=2 fd=13 closed
Feb 26 18:09:05 mail slapd[24513]: conn=3 fd=13 ACCEPT from IP=10.1.2.5:49390 (IP=0.0.0.0:389)
Feb 26 18:09:05 mail slapd[24513]: conn=3 op=0 BIND dn="cn=exim,ou=system,dc=sity,dc=tlt" method=128
Feb 26 18:09:05 mail slapd[24513]: conn=3 op=0 BIND dn="cn=exim,ou=system,dc=sity,dc=tlt" mech=SIMPLE ssf=0
Feb 26 18:09:05 mail slapd[24513]: conn=3 op=0 RESULT tag=97 err=0 text=
Feb 26 18:09:05 mail slapd[24513]: conn=3 op=1 SRCH base="ou=exim,dc=sity,dc=tlt" scope=2 deref=0 filter="(&(accountStatus=active)(mailAlternateAddress=test@sity.tlt))"
Feb 26 18:09:05 mail slapd[24513]: conn=3 op=1 SRCH attr=mail
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (accountStatus) not indexed
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (mailAlternateAddress) not indexed
Feb 26 18:09:05 mail slapd[24513]: conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Feb 26 18:09:05 mail slapd[24513]: conn=3 op=2 SRCH base="ou=exim,dc=sity,dc=tlt" scope=2 deref=0 filter="(&(accountStatus=active)(mail=test@sity.tlt))"
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (accountStatus) not indexed
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (mail) not indexed
Feb 26 18:09:05 mail slapd[24513]: conn=3 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb 26 18:09:05 mail slapd[24513]: conn=3 op=3 UNBIND
Feb 26 18:09:05 mail slapd[24513]: conn=3 fd=13 closed
Feb 26 18:09:05 mail slapd[24513]: conn=4 fd=13 ACCEPT from IP=10.1.2.5:57137 (IP=0.0.0.0:389)
Feb 26 18:09:05 mail slapd[24513]: conn=4 op=0 BIND dn="cn=exim,ou=system,dc=sity,dc=tlt" method=128
Feb 26 18:09:05 mail slapd[24513]: conn=4 op=0 BIND dn="cn=exim,ou=system,dc=sity,dc=tlt" mech=SIMPLE ssf=0
Feb 26 18:09:05 mail slapd[24513]: conn=4 op=0 RESULT tag=97 err=0 text=
Feb 26 18:09:05 mail slapd[24513]: conn=4 op=1 SRCH base="ou=exim,dc=sity,dc=tlt" scope=2 deref=0 filter="(&(accountStatus=active)(mail=test@sity.tlt))"
Feb 26 18:09:05 mail slapd[24513]: conn=4 op=1 SRCH attr=mailQuotaSize
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (accountStatus) not indexed
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (mail) not indexed
Feb 26 18:09:05 mail slapd[24513]: conn=4 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb 26 18:09:05 mail slapd[24513]: conn=4 op=2 SRCH base="ou=exim,dc=sity,dc=tlt" scope=2 deref=0 filter="(&(accountStatus=active)(mail=test@sity.tlt))"
Feb 26 18:09:05 mail slapd[24513]: conn=4 op=2 SRCH attr=homeDirectory
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (accountStatus) not indexed
Feb 26 18:09:05 mail slapd[24513]: <= bdb_equality_candidates: (mail) not indexed
Feb 26 18:09:05 mail slapd[24513]: conn=4 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb 26 18:09:05 mail slapd[24513]: conn=4 op=3 UNBIND
Feb 26 18:09:05 mail slapd[24513]: conn=4 fd=13 closed
У меня такое ощущение, что dovecot тоже находит в LDAP'е пользователя, только почему-то ведет себя так как будто бы не нашел. Правда не знаю, у Вас в логах есть что-то похожее или нет. Может у нас и разные проблемы.

Аватара пользователя
f0s
ст. лейтенант
Сообщения: 1082
Зарегистрирован: 2007-03-13 18:43:31
Откуда: Санкт-Петербург
Контактная информация:

Re: dovecot + ldap : ошибка авторизации на сервере

Непрочитанное сообщение f0s » 2008-02-27 10:06:58

я же вроде писал.. тоа видимо в другой теме. я настроил более парвильно dovecot-ldap.con и все ок
named, named, what is my TTL value?..

[FidoNet 2:550/2 && 2:5030/4441]