How to integrate Dovecot with FreeAPI (LDAP)

mrkaleslie

New member
Joined
Dec 13, 2016
Messages
1
Hi,

I am new to dovecot but I spent nearly 2 weeks trying to work out how to get postfix with dovecot to Authorise a user with LDAP (FreeAPI)

I have created a account on FReeAPI and I hav also created a email group
on the FRee API server
I can sucessfully send a emil to the local user (redhat 7)
using :-
telnet localhost 25

but when I try to access LDAP i am getting permission denied

cat /var/log/maillog

connection established
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: master_notify: status 0
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: name_mask: resource
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: name_mask: software
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: connect from localhost[127.0.0.1]
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: match_list_match: localhost: no match
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: match_list_match: 127.0.0.1: no match
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: match_list_match: localhost: no match
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: match_list_match: 127.0.0.1: no match
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: smtp_stream_setup: maxtime=300 enable_deadline=0
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: match_hostname: localhost ~? 127.0.0.0/8
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 220 sandbox-kl-postfix8.nix.octon.org.uk ESMTP Postfix
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: xsasl_dovecot_server_create: SASL service=smtp, realm=(null)
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: name_mask: noanonymous
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: name_mask: noplaintext
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
Dec 13 13:24:20 sandbox-kl-postfix8 postfix/smtpd[12189]: xsasl_dovecot_server_mech_filter: keep mechanism: GSSAPI
Dec 13 13:24:31 sandbox-kl-postfix8 postfix/smtpd[12189]: < localhost[127.0.0.1]: ehlo kleslie1@localhost
Dec 13 13:24:31 sandbox-kl-postfix8 postfix/smtpd[12189]: match_list_match: localhost: no match
Dec 13 13:24:31 sandbox-kl-postfix8 postfix/smtpd[12189]: match_list_match: 127.0.0.1: no match
Dec 13 13:24:31 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 250-sandbox-kl-postfix8.nix.octon.org.uk
Dec 13 13:24:31 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 250-PIPELINING
Dec 13 13:24:31 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 250-SIZE 10240000
Dec 13 13:24:31 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 250-VRFY
Dec 13 13:24:31 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 250-ETRN
Dec 13 13:24:31 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 250-AUTH GSSAPI
Dec 13 13:24:31 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 250-AUTH=GSSAPI
Dec 13 13:24:31 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 250-ENHANCEDSTATUSCODES
Dec 13 13:24:31 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 250-8BITMIME
Dec 13 13:24:31 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 250 DSN
Dec 13 13:24:45 sandbox-kl-postfix8 postfix/smtpd[12189]: < localhost[127.0.0.1]: AUTH PLAIN AGtsZXNsaWUxLXRlc3QASjNubnlCM25ueSE=
Dec 13 13:24:45 sandbox-kl-postfix8 postfix/smtpd[12189]: xsasl_dovecot_server_first: sasl_method PLAIN, init_response AGtsZXNsaWUxLXRlc3QASjNubnlCM25ueSE=
Dec 13 13:24:45 sandbox-kl-postfix8 postfix/smtpd[12189]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed: Invalid authentication mechanism
Dec 13 13:24:45 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
Dec 13 13:24:56 sandbox-kl-postfix8 postfix/smtpd[12189]: < localhost[127.0.0.1]: AUTH GSSAPI AGtsZXNsaWUxLXRlc3QASjNubnlCM25ueSE=
Dec 13 13:24:56 sandbox-kl-postfix8 postfix/smtpd[12189]: xsasl_dovecot_server_first: sasl_method GSSAPI, init_response AGtsZXNsaWUxLXRlc3QASjNubnlCM25ueSE=
Dec 13 13:24:56 sandbox-kl-postfix8 dovecot: auth: Debug: client in: AUTH#0111#011GSSAPI#011service=smtp#011nologin#011lip=127.0.0.1#011rip=127.0.0.1#011resp=<hidden>
Dec 13 13:24:56 sandbox-kl-postfix8 dovecot: auth: Debug: gssapi(?,127.0.0.1): Obtaining credentials for smtp@
Dec 13 13:24:56 sandbox-kl-postfix8 dovecot: auth: gssapi(?,127.0.0.1): While acquiring service credentials: Unspecified GSS failure. Minor code may provide more information
Dec 13 13:24:56 sandbox-kl-postfix8 dovecot: auth: gssapi(?,127.0.0.1): While acquiring service credentials: Permission denied
Dec 13 13:24:58 sandbox-kl-postfix8 postfix/smtpd[12189]: xsasl_dovecot_handle_reply: auth reply: FAIL?1?temp
Dec 13 13:24:58 sandbox-kl-postfix8 postfix/smtpd[12189]: warning: localhost[127.0.0.1]: SASL GSSAPI authentication failed: Invalid authentication mechanism
Dec 13 13:24:58 sandbox-kl-postfix8 dovecot: auth: Debug: client passdb out: FAIL#0111#011temp
Dec 13 13:24:58 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
Dec 13 13:25:25 sandbox-kl-postfix8 postfix/smtpd[12189]: < localhost[127.0.0.1]: AUTH PLAIN GSSAPI AGtsZXNsaWUxLXRlc3QASjNubnlCM25ueSE=
Dec 13 13:25:25 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 501 5.5.4 Syntax: AUTH mechanism
Dec 13 13:25:53 sandbox-kl-postfix8 postfix/smtpd[12189]: < localhost[127.0.0.1]: AUTH LOGIN AGtsZXNsaWUxLXRlc3QASjNubnlCM25ueSE=
Dec 13 13:25:53 sandbox-kl-postfix8 postfix/smtpd[12189]: xsasl_dovecot_server_first: sasl_method LOGIN, init_response AGtsZXNsaWUxLXRlc3QASjNubnlCM25ueSE=
Dec 13 13:25:53 sandbox-kl-postfix8 postfix/smtpd[12189]: warning: localhost[127.0.0.1]: SASL LOGIN authentication failed: Invalid authentication mechanism
Dec 13 13:25:53 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
Dec 13 13:25:57 sandbox-kl-postfix8 postfix/smtpd[12189]: < localhost[127.0.0.1]:
Dec 13 13:25:57 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 500 5.5.2 Error: bad syntax
Dec 13 13:26:03 sandbox-kl-postfix8 postfix/smtpd[12189]: < localhost[127.0.0.1]: AUTH PLAIN AGtsZXNsaWUxLXRlc3QASjNubnlCM25ueSE=
Dec 13 13:26:03 sandbox-kl-postfix8 postfix/smtpd[12189]: xsasl_dovecot_server_first: sasl_method PLAIN, init_response AGtsZXNsaWUxLXRlc3QASjNubnlCM25ueSE=
Dec 13 13:26:03 sandbox-kl-postfix8 postfix/smtpd[12189]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed: Invalid authentication mechanism
Dec 13 13:26:03 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
Dec 13 13:26:08 sandbox-kl-postfix8 postfix/smtpd[12189]: < localhost[127.0.0.1]: q
Dec 13 13:26:08 sandbox-kl-postfix8 postfix/smtpd[12189]: match_string: q ~? CONNECT
Dec 13 13:26:08 sandbox-kl-postfix8 postfix/smtpd[12189]: match_string: q ~? GET
Dec 13 13:26:08 sandbox-kl-postfix8 postfix/smtpd[12189]: match_string: q ~? POST
Dec 13 13:26:08 sandbox-kl-postfix8 postfix/smtpd[12189]: match_list_match: q: no match
Dec 13 13:26:08 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 502 5.5.2 Error: command not recognized
Dec 13 13:26:11 sandbox-kl-postfix8 postfix/smtpd[12189]: < localhost[127.0.0.1]: ?????
Dec 13 13:26:11 sandbox-kl-postfix8 postfix/smtpd[12189]: match_string: ????? ~? CONNECT
Dec 13 13:26:11 sandbox-kl-postfix8 postfix/smtpd[12189]: match_string: ????? ~? GET
Dec 13 13:26:11 sandbox-kl-postfix8 postfix/smtpd[12189]: match_string: ????? ~? POST
Dec 13 13:26:11 sandbox-kl-postfix8 postfix/smtpd[12189]: match_list_match: ?????: no match
Dec 13 13:26:11 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 502 5.5.2 Error: command not recognized
Dec 13 13:26:13 sandbox-kl-postfix8 postfix/smtpd[12189]: < localhost[127.0.0.1]: quit
Dec 13 13:26:13 sandbox-kl-postfix8 postfix/smtpd[12189]: > localhost[127.0.0.1]: 221 2.0.0 Bye
Dec 13 13:26:13 sandbox-kl-postfix8 postfix/smtpd[12189]: match_hostname: localhost ~? 127.0.0.0/8
Dec 13 13:26:13 sandbox-kl-postfix8 postfix/smtpd[12189]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8
Dec 13 13:26:13 sandbox-kl-postfix8 postfix/smtpd[12189]: disconnect from localhost[127.0.0.1]
Dec 13 13:26:13 sandbox-kl-postfix8 postfix/smtpd[12189]: master_notify: status 1
Dec 13 13:26:13 sandbox-kl-postfix8 postfix/smtpd[12189]: connection closed

********************Dovecot.conf ****************

auth_mechanisms = plain login gssapi
first_valid_uid = 1000
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
passdb {
driver = pam
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = postfix
mode = 0666
user = postfix
}
}
ssl = required
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
userdb {
driver = passwd
}
auth_debug = yes


################################################################################


****************** auth-ldap.conf.ext *****************

passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
driver = ldap

default_fields = home=/home/virtual/%u
}






################################################################################

*************** dovecot-ldap.conf.ext ******************

passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
default_fields = home=/home/virtual/%u
}
[root@sandbox-kl-postfix8 dovecot]# grep -v '^ *\(#.*\)\?$' dovecot-ldap.conf.ext
tls = yes
debug_level = -1
hosts = shared-ipa-3.nix.octon.org.uk
ldap_version = 3
auth_bind = yes
dnpass = J3nnyB3nny!
base = cn=users,dc=nix,dc=octon,dc=org,dc=uk
scope = subtree
deref = never
user_filter = (&(name=%u)(objectClass=person))
pass_filter = (&(name=%u)(objectClass=person))
auth_bind_userdn = CN=%u,CN=users,DC=sand2,DC=octon,DC=org,DC=uk
pass_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs = uid=user,userPassword=K3vinL12345
default_pass_scheme = CRYPT
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=posixAccount)(uid=%u))
default_pass_scheme = CRYPT
 
Back
Top