Re: Qmail-ldap + dovecot

Re: Qmail-ldap + dovecot

Hello,

This is another solution but If you use dovecot-ldap settings you will 
loose session forwarding(proxy) feature of auth_dovecot/auth_imap in 
multi-backend server environments.
With session forwarding feature, it does not matter which imap backend 
server you connect. the server will forward you request to account's 
imap server(mailserver attr).
at retrieve the mails.
Best Regards.

Ismail YENIGUL
Project Manager
Endersys Ltd
Phone :+90 216-4709423 | Mobile:+90 533 747 36 65
SurGATE: West Coast Labs Premium Anti-Spam Certificated
Twitter: http://www.twitter.com/endersys
Blog: http://blog.endersys.com

On 25.08.2011 19:54, Felipe Augusto van de Wiel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 25-08-2011 08:02, Nickitas wrote:
>> Hello list ,
>>
>>   I am trying to use dovecot in our qmail-ldap installation . I got the
>> qmail-ldap-1.03-20060201-dovecot.v0.5 patch from
>> "http://www.mail-archive.com/qmail-ldap <at> qmail-ldap.org/msg07158.html" .
>> The patch was done with some warnings (since our source has a spf patch
>> that is normal) , so i also made the changes by hand just to be sure ..
> [...]
>
> 	I don't use auth_dovecot, but I do use qmail-ldap+dovecot,
> customizing dovecot to take a look at the right parameters in LDAP.
> I'm using Debian 5.0 (a.k.a. Lenny), with dovecot from backports.
>
> dovecot-imapd  1:1.2.10-1~bpo
>
>
> My /etc/dovecot contains:
>
> dovecot.conf
> dovecot-ldap.conf
> dovecot-ldap-userdb.conf ->  dovecot-ldap.conf (yes, it's a symlink)
>
>
> - ----------8<----------8<----------8<----------8<----------
>
> The relevant part of dovecot.conf:
>
> protocols = imap imaps
> disable_plaintext_auth = yes
> log_path = /var/log/dovecot.log
> info_log_path = /var/log/dovecot-info.log
> log_timestamp = "%Y-%m-%d %H:%M:%S "
>
> ssl = required
> login_processes_count = 10
> login_max_processes_count = 512
>
> mail_location = maildir:~/Maildir
> mail_gid = vmail
> mail_privileged_group = mail
>
> protocol imap {
>    mail_plugins = quota imap_quota
>    mail_plugin_dir = /usr/lib/dovecot/modules/imap
> }
>
> protocol pop3 {
>    pop3_uidl_format = %08Xu%08Xv
> }
>
> auth default {
>    mechanisms = plain
>    passdb pam {
>    }
>
>    passdb ldap {
>      args = /etc/dovecot/dovecot-ldap.conf
>    }
>
>    userdb ldap {
>      args = /etc/dovecot/dovecot-ldap-userdb.conf
>    }
>
>    user = root
> }
>
> plugin {
>    quota = maildir:User quota
>    quota_rule = *:storage=2560M
> }
>
> - ----------8<----------8<----------8<----------8<----------
>
> The relevant part of dovecot-ldap.conf:
>
> hosts = YOUR-SERVER-IP
> auth_bind = yes
> auth_bind_userdn = uid=%u,ou=People,dc=example,dc=net
> ldap_version = 3
> base = dc=example,dc=net
> user_attrs = qmailUID=uid,mailMessageStore=home=/var/qmail/maildirs/%$,mailQuotaSize=quota_rule=*:bytes=%$
> user_filter = (&(objectClass=qmailUser)(uid=%u)(!(accountStatus=noaccess))(!(accountStatus=disabled)))
> pass_attrs = mail=user,userPassword=password
> pass_filter = (&(objectClass=qmailUser)(!(accountStatus=disabled))(!(accountStatus=noaccess)))
> default_pass_scheme = SSHA
>
>
> Kind regards,
> - -- 
> Felipe Augusto van de Wiel<felipe.wiel <at> complexopequenoprincipe.org.br>
> Tecnologia da Informação (TI) - Complexo Pequeno Príncipe
> http://www.pequenoprincipe.org.br/    T: +55 41 3310 1747
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBCgAGBQJOVn5bAAoJECCPPxLgxLxP41IP/RRW+zeylXSDlmfinbu9D7un
> 0ALwsmTKJkv05RIAPlyCvInEHa0Gfh9MS6+kUE0LmOifblJYok9X/cRhTnREf1Up
> 2Z4T8y7TVsOI0MOuEKs4smXixGMLMi7XaSDkxPWO5mHlQ6CZdmw8hPa2JkIVSGKx
> /DQmd87uwcRc9+6P0+WU8baQsMG/6og8+jvM6iE/QL4A1csHyYo1IJ82NnMnrhuX
> QtYiSijRV+WhSvq8CzPxcRImara0ZBckMsTF5AQPXiFutqWepDVNtbLVwK3gINJp
> rKJ+Yr/hL3Qj/4sdU2Sh/oSs2glAoNNW5xUy8IQkQItNKsEoTxM+v5W5C9UIoMol
> d0WLGuLFSLo+HEGN9wrjeNW9KKZs2cjqwfHKaKaUkiQRhmjMCRcMgQu+bO7PDSCQ
> FCKoaNqTRqytb76DvYq6f8211M1UPl63wCa5rCPEr8LvC6tBM0O/KG63q0DLfiMz
> /W4c0XalxaTbu1+b4h154wThcxmze5QjGMorhnpyQtp18zy76jJx8PvBW8lpSqVe
> EvwEP09/f6c6pdmVVG7uyOZAG9aUwfMRU7+7mpnWFXugG2IJE6ffc8/DoBMslelr
> LOlzGN04q4y3qpwPj+687u//A7SdmP9FcStrtO2h7zgIzxRTHGilYHxhlitXpDwf
> Trgc67TIbjG8j/AAUZgZ
> =Y5QH
> -----END PGP SIGNATURE-----
>

Re: Qmail-ldap + dovecot

Hi ,

  This configuration seems to work for me .

  Thanx a lot :)

On 08/26/2011 04:54 PM, ismail.yenigul <at> endersys.com wrote:
> Hi
>
> here is my working config.
> The key part is passdb.
>
> # 2.0.13: /usr/local/etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-71.el6.x86_64 x86_64 CentOS Linux release 6.0 (Final)
> auth_debug = yes
> auth_verbose = yes
> base_dir = /var/run/dovecot
> disable_plaintext_auth = no
> first_valid_gid = 500
> last_valid_gid = 65000
> last_valid_uid = 65000
> listen = *
> log_path = /var/log/dovecot
> mail_debug = yes
> mail_location = maildir:~/Maildir
> passdb {
>     args = /var/qmail/bin/auth_dovecot ./Maildir/
>     driver = checkpassword
> }
> plugin {
>     mail_log_events = delete undelete expunge copy mailbox_delete
> mailbox_rename
>     mail_log_fields = uid box msgid from subject
>     mail_log_group_events =
>     mechanisms = plain login
>     quota = maildir
>     quota_rule = *:storage=10240000
>     quota_rule2 = Trash:storage=1024000
>     quota_rule3 = SPAM:ignore
>     trash = /usr/local/etc/dovecot/dovecot-trash.conf
> }
> protocols = imap pop3
> service imap-login {
>     inet_listener imaps {
>       port = 993
>       ssl = yes
>     }
>     process_min_avail = 1
> }
> service pop3-login {
>     inet_listener pop3s {
>       port = 995
>       ssl = yes
>     }
>     process_min_avail = 1
> }
> ssl_cert =</etc/ssl/certs/mailcertificate.pem
> ssl_cipher_list = ALL
> ssl_key =</etc/ssl/private/mailcertificate.pem
> userdb {
>     driver = prefetch
> }
> verbose_proctitle = yes
> verbose_ssl = yes
> protocol imap {
>     mail_plugins = quota mail_log notify imap_quota
>     ssl_cert =</etc/ssl/certs/mailcertificate.pem
>     ssl_key =</etc/ssl/private/mailcertificate.pem
> }
> protocol pop3 {
>     mail_plugins = quota mail_log notify
>     ssl_cert =</etc/ssl/certs/mailcertificate.pem
>     ssl_key =</etc/ssl/private/mailcertificate.pem
> }
>
> -sent via mobile device
>
> -- orijinal mesaj --
> Konu: Re: Qmail-ldap + dovecot
> Kimden: Nickitas<immortal <at> internet.gr>
> Tarih: 26.08.2011 15:19
>
> Thank you Russel , I am definitely  gonna try it when I get the chance
> cause your setup is almost identical to ours :)
>
> On 08/26/2011 02:47 PM, Russell Simpkins wrote:
>> On 8/26/11 7:12 AM, Nickitas wrote:
>>> Thanx all for the answers :)
>>>
>>>   I added strsalloc.o at both sections in Makefile and it worked ok
>>> (for the compilation) . I keep getting an error 111 though using this
>>> method (test pop connection) ..
>>>
>>>   I ve also tried the Felipe's implementation , but I can't pass the
>>> authentication , think there is something that has to do with ldap
>>> config , will look more in this later ..
>>>
>>> Thank you again :)
>> I too use dovecot for imap and simply configure dovecot to auth
>> against the ldap server. I do not use the patch you listed, I use
>> stock qmail-1.0.3 with qmail-ldap-1.03-20060201.patch. I use a similar
>> method to Felipe, configuring dovecot to auth directly against LDAP
>> and configuring qmail to use auth_smtp. If you can login using qmail,
>> then there's no reason you shouldn't be able to log in with dovecot,
>> it may just be a case of making sure you have the correct password
>> scheme configured for dovecot.
>>
>> ## dovecot.conf
>> protocols = imap imaps
>> syslog_facility = mail
>> ssl_cert_file = /etc/httpd/conf/certs/mail.crt
>> ssl_key_file = /etc/httpd/conf/keys/mail.key
>> mail_location = maildir:%h
>> namespace private {
>>    prefix = INBOX.
>>    inbox = yes
>> }
>> mail_debug = yes
>> maildir_copy_with_hardlinks = yes
>> protocol imap {
>> }
>> protocol pop3 {
>> }
>> protocol lda {
>>    postmaster_address = postmaster <at> cttechhosting.net
>> }
>> auth_verbose = yes
>> auth default {
>>    mechanisms = plain
>>    passdb ldap {
>>      args = /etc/dovecot-ldap.conf
>>    }
>>    userdb ldap {
>>      args = /etc/dovecot-ldap.conf
>>    }
>> }
>> dict {
>> }
>> plugin {
>> }
>>
>> ## dovecot-ldap conf
>>
>> hosts =YOUR_LDAP_SERVER_IP:389
>> dn=cn=Manager,dc=cttechhosting,dc=net
>> auth_bind = yes
>> # this should match up to how you did your ldap accounts
>> auth_bind_userdn = uid=%u,ou=accounts,dc=cttechhosting,dc=net
>> ldap_version=3
>> base = ou=accounts,dc=cttechhosting,dc=net
>> # tell dovecot what fields to use
>> user_attrs =
>> mailMessageStore=home,qmailUID=uid,qmailGID=gid,mailMessageStore=mail
>> user_filter = (&(objectClass=qmailUser)(uid=%u))
>> pass_attrs = mail=user,userPassword=password
>> pass_filter = (&(objectClass=qmailUser)(uid=%u))
>> default_pass_scheme = LDAP-SHA
>>
>>
>>
>
>
>

Re: Qmail-ldap + dovecot

Oh , my bad , haven't tested that for ages ... Just included 
qmail.schema on a 2.4 openldap ...

On 08/31/2011 04:46 PM, ismail.yenigul <at> endersys.com wrote:
> Hi,
>
> what is the problem with openldap 2.4?
> I  had a problem with duplicate mail attr. I simply commented misc.schema to solve the issue.
>
> -ismail
>
> -sent via mobile device
>
> -- orijinal mesaj --
> Konu: Re: Qmail-ldap + dovecot
> Kimden: Nickitas<immortal <at> internet.gr>
> Tarih: 31.08.2011 13:16
>
> That would be nice .. Looking forward for the final patch too - sorry
> cant help on that , not C programmer :(
>
> Other question now , has anyone implemented a new qmail schema that
> should work with latest versions of openldap ?
>
>
>
> On 08/30/2011 09:11 PM, Ismail YENIGUL wrote:
>> Hi,
>>
>> It is good to know :). I think I should  write a document about this
>> issue.
>> Actually I have a plan to create a toaster contain all necessary
>> patches about qmail-ldap.
>> Currently, I merged auth_dovecot, spf and domain alias patch.  But I
>> guess the most important patch is qmail-ipv6 patch.
>> I tried to merge the patch at
>> http://member.wide.ad.jp/~fujiwara/files/qmail-1.03-v6-20021006.diff
>> but I stuck at qmail qmqp part.
>>
>> If someone can help on this case we may create another patch or
>> tarball contain those patches.
>>
>> Thanks
>>
>> Ismail YENIGUL
>> Project Manager
>> Endersys Ltd
>> Phone :+90 216-4709423 | Mobile:+90 533 747 36 65
>> SurGATE: West Coast Labs Premium Anti-Spam Certificated
>> Twitter: http://www.twitter.com/endersys
>> Blog: http://blog.endersys.com
>>
>> On 30.08.2011 18:29, Nickitas wrote:
>>> Hi ,
>>>
>>>   This configuration seems to work for me .
>>>
>>>   Thanx a lot :)
>>>
>>>
>>> On 08/26/2011 04:54 PM, ismail.yenigul <at> endersys.com wrote:
>>>> Hi
>>>>
>>>> here is my working config.
>>>> The key part is passdb.
>>>>
>>>> # 2.0.13: /usr/local/etc/dovecot/dovecot.conf
>>>> # OS: Linux 2.6.32-71.el6.x86_64 x86_64 CentOS Linux release 6.0
>>>> (Final)
>>>> auth_debug = yes
>>>> auth_verbose = yes
>>>> base_dir = /var/run/dovecot
>>>> disable_plaintext_auth = no
>>>> first_valid_gid = 500
>>>> last_valid_gid = 65000
>>>> last_valid_uid = 65000
>>>> listen = *
>>>> log_path = /var/log/dovecot
>>>> mail_debug = yes
>>>> mail_location = maildir:~/Maildir
>>>> passdb {
>>>>      args = /var/qmail/bin/auth_dovecot ./Maildir/
>>>>      driver = checkpassword
>>>> }
>>>> plugin {
>>>>      mail_log_events = delete undelete expunge copy mailbox_delete
>>>> mailbox_rename
>>>>      mail_log_fields = uid box msgid from subject
>>>>      mail_log_group_events =
>>>>      mechanisms = plain login
>>>>      quota = maildir
>>>>      quota_rule = *:storage=10240000
>>>>      quota_rule2 = Trash:storage=1024000
>>>>      quota_rule3 = SPAM:ignore
>>>>      trash = /usr/local/etc/dovecot/dovecot-trash.conf
>>>> }
>>>> protocols = imap pop3
>>>> service imap-login {
>>>>      inet_listener imaps {
>>>>        port = 993
>>>>        ssl = yes
>>>>      }
>>>>      process_min_avail = 1
>>>> }
>>>> service pop3-login {
>>>>      inet_listener pop3s {
>>>>        port = 995
>>>>        ssl = yes
>>>>      }
>>>>      process_min_avail = 1
>>>> }
>>>> ssl_cert =</etc/ssl/certs/mailcertificate.pem
>>>> ssl_cipher_list = ALL
>>>> ssl_key =</etc/ssl/private/mailcertificate.pem
>>>> userdb {
>>>>      driver = prefetch
>>>> }
>>>> verbose_proctitle = yes
>>>> verbose_ssl = yes
>>>> protocol imap {
>>>>      mail_plugins = quota mail_log notify imap_quota
>>>>      ssl_cert =</etc/ssl/certs/mailcertificate.pem
>>>>      ssl_key =</etc/ssl/private/mailcertificate.pem
>>>> }
>>>> protocol pop3 {
>>>>      mail_plugins = quota mail_log notify
>>>>      ssl_cert =</etc/ssl/certs/mailcertificate.pem
>>>>      ssl_key =</etc/ssl/private/mailcertificate.pem
>>>> }
>>>>
>>>> -sent via mobile device
>>>>
>>>> -- orijinal mesaj --
>>>> Konu: Re: Qmail-ldap + dovecot
>>>> Kimden: Nickitas<immortal <at> internet.gr>
>>>> Tarih: 26.08.2011 15:19
>>>>
>>>> Thank you Russel , I am definitely  gonna try it when I get the chance
>>>> cause your setup is almost identical to ours :)
>>>>
>>>> On 08/26/2011 02:47 PM, Russell Simpkins wrote:
>>>>> On 8/26/11 7:12 AM, Nickitas wrote:
>>>>>> Thanx all for the answers :)
>>>>>>
>>>>>>    I added strsalloc.o at both sections in Makefile and it worked ok
>>>>>> (for the compilation) . I keep getting an error 111 though using this
>>>>>> method (test pop connection) ..
>>>>>>
>>>>>>    I ve also tried the Felipe's implementation , but I can't pass the
>>>>>> authentication , think there is something that has to do with ldap
>>>>>> config , will look more in this later ..
>>>>>>
>>>>>> Thank you again :)
>>>>> I too use dovecot for imap and simply configure dovecot to auth
>>>>> against the ldap server. I do not use the patch you listed, I use
>>>>> stock qmail-1.0.3 with qmail-ldap-1.03-20060201.patch. I use a similar
>>>>> method to Felipe, configuring dovecot to auth directly against LDAP
>>>>> and configuring qmail to use auth_smtp. If you can login using qmail,
>>>>> then there's no reason you shouldn't be able to log in with dovecot,
>>>>> it may just be a case of making sure you have the correct password
>>>>> scheme configured for dovecot.
>>>>>
>>>>> ## dovecot.conf
>>>>> protocols = imap imaps
>>>>> syslog_facility = mail
>>>>> ssl_cert_file = /etc/httpd/conf/certs/mail.crt
>>>>> ssl_key_file = /etc/httpd/conf/keys/mail.key
>>>>> mail_location = maildir:%h
>>>>> namespace private {
>>>>>     prefix = INBOX.
>>>>>     inbox = yes
>>>>> }
>>>>> mail_debug = yes
>>>>> maildir_copy_with_hardlinks = yes
>>>>> protocol imap {
>>>>> }
>>>>> protocol pop3 {
>>>>> }
>>>>> protocol lda {
>>>>>     postmaster_address = postmaster <at> cttechhosting.net
>>>>> }
>>>>> auth_verbose = yes
>>>>> auth default {
>>>>>     mechanisms = plain
>>>>>     passdb ldap {
>>>>>       args = /etc/dovecot-ldap.conf
>>>>>     }
>>>>>     userdb ldap {
>>>>>       args = /etc/dovecot-ldap.conf
>>>>>     }
>>>>> }
>>>>> dict {
>>>>> }
>>>>> plugin {
>>>>> }
>>>>>
>>>>> ## dovecot-ldap conf
>>>>>
>>>>> hosts =YOUR_LDAP_SERVER_IP:389
>>>>> dn=cn=Manager,dc=cttechhosting,dc=net
>>>>> auth_bind = yes
>>>>> # this should match up to how you did your ldap accounts
>>>>> auth_bind_userdn = uid=%u,ou=accounts,dc=cttechhosting,dc=net
>>>>> ldap_version=3
>>>>> base = ou=accounts,dc=cttechhosting,dc=net
>>>>> # tell dovecot what fields to use
>>>>> user_attrs =
>>>>> mailMessageStore=home,qmailUID=uid,qmailGID=gid,mailMessageStore=mail
>>>>> user_filter = (&(objectClass=qmailUser)(uid=%u))
>>>>> pass_attrs = mail=user,userPassword=password
>>>>> pass_filter = (&(objectClass=qmailUser)(uid=%u))
>>>>> default_pass_scheme = LDAP-SHA
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>
>
>