• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Postfix + Dovecot / Slapd Authentication - dovecot lda uidnumber Error

AhmadR

New Pleskian
I'm Trying to Configure Postfix and Dovecot with Openldap/Slapd Authentication and the mailing panel is Squirrelmail.

**[Slapd Server]**--------------**[Postfix/Dovecot/Squirrelmail(SRV2)]**--------------**[Client]**

Linux Distribution: Debian Wheezy 7.5
Dovecot Version: 2.1.7
Postfix Version: 2.9.6
Slapd Version: 2.4.31


Slapd Directory and LDAP User Objects are Configured Correctly and all users can login to Squirrelmail panel which means that dovecot and postfix ldap queries will be searched on ldap directories and get users attributes and it succeeds.

The Problem Is That, When Someone for example user:tom with uidnumber:1002 Sends an email, dovecot-lda will have an error on user uidnumber which says:

> SRV2 dovecot: lda([email protected]): Fatal: setuid(1002 from
> userdb lookup) failed with euid=1001(admin): Operation not permitted
> (This binary should probably be called with process user set to 1002
> instead of 1001(admin))

But When user:admin with uidnumber:1001 Sends an email It Will Work Perfectly. So By This Issue, Everyone Except user:admin Cannot Send emails.

On Slapd, uid and ObjectClass are indexed and "everyone" is able to read ldap directories.

***admin attributes:***

dn: cn=admin,dc=mh,dc=com
cn: admin
description:LDAP administrator
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword:{SSHA}Ht4yyhgKbrKlk/Um5yNeh6THvRCDzwA0

***tom attributes:***

cn: tom
homeDirectory: /home/tom
objectClass: person
objectClass: posixAccount
objectClass: top
userPassword:: e01ENX1JSkY4aFJ4S1ZQS2dWRGtOckpDRnR3PT0=
sn: tom
uid: tom
gidNumber: 1002
uidNumber: 1002


***Summary of main.cf***

inet_protocols = ipv4

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination

virtual_mailbox_domains = mh.com
virtual_mailbox_maps = ldap:/etc/postfix/ldap.cf
virtual_transport = dovecot
local_recipient_maps =

myhostname = SRV2
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all


***master.cf***

dovecot unix - n n - - pipe
flags=DRhu user=admin:admin argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}


***/etc/postfix/ldap.cf***

server_host = 192.168.10.1
bind = yes
bind_dn = cn=admin,dc=mh,dc=com
bind_pw = xxxxx
search_base = ou=People,dc=mh,dc=com
query_filter = (uid=%u)
result_attribute = uid


***Summary of doveconf -n***

auth_default_realm = mh.com
disable_plaintext_auth = no
mail_gid = admin
mail_uid = admin
mail_location = maildir:/home/%n/Maildir
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = " imap pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0777
group = postfix
user = postfix
}
unix_listener auth-userdb {
mode = 0777
}
}
service dict {
unix_listener dict {
mode = 0777
}
}
service lmtp {
unix_listener lmtp {
mode = 0777
}
}
ssl = no
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lda {
postmaster_address = root
}


> ***on mail server i've added admin user:***
>
> ***security things doesn't matter right now... :)***
>
> useradd -m admin
> chgrp admin /home
> chmod -R 777 /home

***Summary of /etc/dovecot/dovecot-ldap.conf.ext***

hosts = 192.168.10.1
dn = cn=admin,dc=mh,dc=com
dnpass = xxxxx
auth_bind = yes
ldap_version = 3
base = ou=People,dc=mh,dc=com
user_filter = (uid=%n)
pass_filter = (uid=%n)
 
Back
Top