I'm Trying to Configure Postfix and Dovecot with Openldap/Slapd Authentication and the mailing panel is Squirrelmail.
**[Slapd Server]**--------------**[Postfix/Dovecot/Squirrelmail(SRV2)]**--------------**[Client]**
Linux Distribution: Debian Wheezy 7.5
Dovecot Version: 2.1.7
Postfix Version: 2.9.6
Slapd Version: 2.4.31
Slapd Directory and LDAP User Objects are Configured Correctly and all users can login to Squirrelmail panel which means that dovecot and postfix ldap queries will be searched on ldap directories and get users attributes and it succeeds.
The Problem Is That, When Someone for example user:tom with uidnumber:1002 Sends an email, dovecot-lda will have an error on user uidnumber which says:
> SRV2 dovecot: lda([email protected]): Fatal: setuid(1002 from
> userdb lookup) failed with euid=1001(admin): Operation not permitted
> (This binary should probably be called with process user set to 1002
> instead of 1001(admin))
But When user:admin with uidnumber:1001 Sends an email It Will Work Perfectly. So By This Issue, Everyone Except user:admin Cannot Send emails.
On Slapd, uid and ObjectClass are indexed and "everyone" is able to read ldap directories.
***admin attributes:***
dn: cn=admin,dc=mh,dc=com
cn: admin
description:LDAP administrator
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword:{SSHA}Ht4yyhgKbrKlk/Um5yNeh6THvRCDzwA0
***tom attributes:***
cn: tom
homeDirectory: /home/tom
objectClass: person
objectClass: posixAccount
objectClass: top
userPassword:: e01ENX1JSkY4aFJ4S1ZQS2dWRGtOckpDRnR3PT0=
sn: tom
uid: tom
gidNumber: 1002
uidNumber: 1002
***Summary of main.cf***
inet_protocols = ipv4
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
virtual_mailbox_domains = mh.com
virtual_mailbox_maps = ldap:/etc/postfix/ldap.cf
virtual_transport = dovecot
local_recipient_maps =
myhostname = SRV2
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
***master.cf***
dovecot unix - n n - - pipe
flags=DRhu user=admin:admin argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
***/etc/postfix/ldap.cf***
server_host = 192.168.10.1
bind = yes
bind_dn = cn=admin,dc=mh,dc=com
bind_pw = xxxxx
search_base = ou=People,dc=mh,dc=com
query_filter = (uid=%u)
result_attribute = uid
***Summary of doveconf -n***
auth_default_realm = mh.com
disable_plaintext_auth = no
mail_gid = admin
mail_uid = admin
mail_location = maildir:/home/%n/Maildir
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = " imap pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0777
group = postfix
user = postfix
}
unix_listener auth-userdb {
mode = 0777
}
}
service dict {
unix_listener dict {
mode = 0777
}
}
service lmtp {
unix_listener lmtp {
mode = 0777
}
}
ssl = no
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lda {
postmaster_address = root
}
> ***on mail server i've added admin user:***
>
> ***security things doesn't matter right now... ***
>
> useradd -m admin
> chgrp admin /home
> chmod -R 777 /home
***Summary of /etc/dovecot/dovecot-ldap.conf.ext***
hosts = 192.168.10.1
dn = cn=admin,dc=mh,dc=com
dnpass = xxxxx
auth_bind = yes
ldap_version = 3
base = ou=People,dc=mh,dc=com
user_filter = (uid=%n)
pass_filter = (uid=%n)
**[Slapd Server]**--------------**[Postfix/Dovecot/Squirrelmail(SRV2)]**--------------**[Client]**
Linux Distribution: Debian Wheezy 7.5
Dovecot Version: 2.1.7
Postfix Version: 2.9.6
Slapd Version: 2.4.31
Slapd Directory and LDAP User Objects are Configured Correctly and all users can login to Squirrelmail panel which means that dovecot and postfix ldap queries will be searched on ldap directories and get users attributes and it succeeds.
The Problem Is That, When Someone for example user:tom with uidnumber:1002 Sends an email, dovecot-lda will have an error on user uidnumber which says:
> SRV2 dovecot: lda([email protected]): Fatal: setuid(1002 from
> userdb lookup) failed with euid=1001(admin): Operation not permitted
> (This binary should probably be called with process user set to 1002
> instead of 1001(admin))
But When user:admin with uidnumber:1001 Sends an email It Will Work Perfectly. So By This Issue, Everyone Except user:admin Cannot Send emails.
On Slapd, uid and ObjectClass are indexed and "everyone" is able to read ldap directories.
***admin attributes:***
dn: cn=admin,dc=mh,dc=com
cn: admin
description:LDAP administrator
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword:{SSHA}Ht4yyhgKbrKlk/Um5yNeh6THvRCDzwA0
***tom attributes:***
cn: tom
homeDirectory: /home/tom
objectClass: person
objectClass: posixAccount
objectClass: top
userPassword:: e01ENX1JSkY4aFJ4S1ZQS2dWRGtOckpDRnR3PT0=
sn: tom
uid: tom
gidNumber: 1002
uidNumber: 1002
***Summary of main.cf***
inet_protocols = ipv4
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
virtual_mailbox_domains = mh.com
virtual_mailbox_maps = ldap:/etc/postfix/ldap.cf
virtual_transport = dovecot
local_recipient_maps =
myhostname = SRV2
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
***master.cf***
dovecot unix - n n - - pipe
flags=DRhu user=admin:admin argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
***/etc/postfix/ldap.cf***
server_host = 192.168.10.1
bind = yes
bind_dn = cn=admin,dc=mh,dc=com
bind_pw = xxxxx
search_base = ou=People,dc=mh,dc=com
query_filter = (uid=%u)
result_attribute = uid
***Summary of doveconf -n***
auth_default_realm = mh.com
disable_plaintext_auth = no
mail_gid = admin
mail_uid = admin
mail_location = maildir:/home/%n/Maildir
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = " imap pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0777
group = postfix
user = postfix
}
unix_listener auth-userdb {
mode = 0777
}
}
service dict {
unix_listener dict {
mode = 0777
}
}
service lmtp {
unix_listener lmtp {
mode = 0777
}
}
ssl = no
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lda {
postmaster_address = root
}
> ***on mail server i've added admin user:***
>
> ***security things doesn't matter right now... ***
>
> useradd -m admin
> chgrp admin /home
> chmod -R 777 /home
***Summary of /etc/dovecot/dovecot-ldap.conf.ext***
hosts = 192.168.10.1
dn = cn=admin,dc=mh,dc=com
dnpass = xxxxx
auth_bind = yes
ldap_version = 3
base = ou=People,dc=mh,dc=com
user_filter = (uid=%n)
pass_filter = (uid=%n)