无法删除权限:用户缺少 UID(请参阅 mail_uid 设置)

无法删除权限:用户缺少 UID(请参阅 mail_uid 设置)

我希望我能得到一些帮助。

我正在配置 dovecot_ldap,但似乎无法让 dovecot 对 ldap 用户进行身份验证。

以下是我的配置和日志信息:

hosts = 192.168.128.45:3268
dn = cn=Administrator,cn=Users,dc=company,dc=example,dc=com
dnpass = "passwd"
auth_bind = yes
ldap_version = 3
base = dc=company, dc=example, dc=com
user_attrs = sAMAccountName=home=/var/vmail/example.com/%$,uid=1001,gid=1001
user_filter = (&(sAMAccountName=%Ln))
pass_filter = (&(ObjectClass=person)(sAMAccountName=%u))

dovecot配置文件

# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-33-generic x86_64 Ubuntu 12.04 LTS
auth_mechanisms = plain login
auth_realms = example.com
auth_verbose = yes
disable_plaintext_auth = no
mail_access_groups = mail
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
passdb {
  driver = pam
}
passdb {
  driver = passwd
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
passdb {
  args = scheme=CRYPT username_format=%u /etc/dovecot/users
  driver = passwd-file
}
protocols = " imap pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
  driver = passwd
}
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
userdb {
  args = username_format=%u /etc/dovecot/users
  driver = passwd-file
}
protocol imap {
  imap_client_workarounds = tb-extra-mailbox-sep
  imap_logout_format = bytes=%i/%o
  mail_plugins =
}

邮件日志

Nov 29 10:51:44 mail dovecot: auth-worker: pam(charyorde,10.10.1.28): pam_authenticate() failed: Authentication failure (password mismatch?)
Nov 29 10:51:44 mail dovecot: auth-worker: passwd(charyorde,10.10.1.28): unknown user
Nov 29 10:51:44 mail dovecot: auth: passwd(charyorde,10.10.1.28): unknown user
Nov 29 10:51:44 mail dovecot: imap-login: Login: user=<charyorde>, method=PLAIN, rip=10.10.1.28, lip=10.10.1.30, mpid=1892, TLS
Nov 29 10:51:44 mail dovecot: imap(charyorde): Error: user charyorde: Couldn't drop privileges: User is missing UID (see mail_uid setting)
Nov 29 10:51:44 mail dovecot: imap(charyorde): Error: Internal error occurred. Refer to server log for more information.
Nov 29 10:51:46 mail dovecot: auth-worker: pam(charyorde,10.10.1.28): pam_authenticate() failed: Authentication failure (password mismatch?)
Nov 29 10:51:46 mail dovecot: auth-worker: passwd(charyorde,10.10.1.28): unknown user
Nov 29 10:51:46 mail dovecot: auth: passwd(charyorde,10.10.1.28): unknown user
Nov 29 10:51:46 mail dovecot: imap-login: Login: user=<charyorde>, method=PLAIN, rip=10.10.1.28, lip=10.10.1.30, mpid=1894, TLS
Nov 29 10:51:46 mail dovecot: imap(charyorde): Error: user charyorde: Couldn't drop privileges: User is missing UID (see mail_uid setting)
Nov 29 10:51:46 mail dovecot: imap(charyorde): Error: Internal error occurred. Refer to server log for more information.
Nov 29 10:51:48 mail dovecot: auth-worker: pam([email protected],10.10.1.28): pam_authenticate() failed: Authentication failure (password mismatch?)
Nov 29 10:51:48 mail dovecot: auth-worker: passwd([email protected],10.10.1.28): unknown user
Nov 29 10:51:48 mail dovecot: auth: ldap([email protected],10.10.1.28): unknown user
Nov 29 10:51:48 mail dovecot: auth: passwd-file([email protected],10.10.1.28): unknown user
Nov 29 10:51:54 mail postfix/smtpd[1880]: idle timeout -- exiting
Nov 29 10:51:54 mail postfix/smtpd[1879]: idle timeout -- exiting
Nov 29 10:51:54 mail postfix/smtpd[1886]: proxymap stream disconnect
Nov 29 10:51:54 mail postfix/smtpd[1887]: proxymap stream disconnect
Nov 29 10:51:54 mail postfix/smtpd[1886]: auto_clnt_close: disconnect private/tlsmgr stream
Nov 29 10:51:54 mail postfix/smtpd[1887]: auto_clnt_close: disconnect private/tlsmgr stream
Nov 29 10:51:54 mail postfix/smtpd[1887]: idle timeout -- exiting
Nov 29 10:51:54 mail postfix/smtpd[1886]: idle timeout -- exiting
Nov 29 10:51:56 mail dovecot: auth-worker: pam([email protected],10.10.1.28): pam_authenticate() failed: Authentication failure (password mismatch?)
Nov 29 10:51:56 mail dovecot: auth-worker: passwd([email protected],10.10.1.28): unknown user
Nov 29 10:51:56 mail dovecot: auth: ldap([email protected],10.10.1.28): unknown user
Nov 29 10:51:56 mail dovecot: auth: passwd-file([email protected],10.10.1.28): unknown user
Nov 29 10:52:04 mail dovecot: auth-worker: pam([email protected],10.10.1.28): pam_authenticate() failed: Authentication failure (password mismatch?)
Nov 29 10:52:04 mail dovecot: auth-worker: passwd([email protected],10.10.1.28): unknown user
Nov 29 10:52:04 mail dovecot: auth: ldap([email protected],10.10.1.28): unknown user
Nov 29 10:52:04 mail dovecot: auth: passwd-file([email protected],10.10.1.28): unknown user
Nov 29 10:52:06 mail dovecot: imap-login: Disconnected (auth failed, 3 attempts): user=<[email protected]>, method=PLAIN, rip=10.10.1.28, lip=10.10.1.30, TLS

感谢您对此进行调查。

答案1

如果您不需要 dovecot 了解您的用户的任何特殊信息,除了普通 unix 系统用户的元数据(即主目录、gid 等),那么配置 dovecot 进行 pam 身份验证并使用 pam 与 ldap 通信要简单得多。

dovecot.conf看起来会像这样:

passdb {
        driver = pam
        args = %s
}
userdb {
        driver = passwd
}

然后你必须输入一些内容/etc/pam.d/dovecot。如果你已经为系统用户使用了 LDAP 身份验证,那么你可能只需包含适当的上下文,如下所示:

auth      include   system-remote-login
password  include   system-remote-login

另一方面,如果你还没有设置 pam_ldap 来验证系统上的用户,那么你可能需要一个自定义方案来做到这一点:

auth      sufficient pam_ldap.so     minimum_uid=1000
auth      required   pam_unix.so     try_first_pass nullok
auth      required   pam_env.so
password  sufficient pam_ldap.so     minimum_uid=1000
password  required   pam_unix.so     try_first_pass nullok

您还需要告诉您的系统 NSS 如何与 ldap 通信,通常通过/etc/nslcd.conf类似下面的方式:

uri ldap://localhost/
base dc=example,dc=com
base   group  ou=Groups,dc=example,dc=com
base   passwd ou=People,dc=example,dc=com
base   shadow ou=People,dc=example,dc=com
nss_min_uid 1000

顺便说一句,如果您忽略了文件userdb { driver = password }中的位dovecot.conf,您将会得到与 dovecot 的 LDAP 查找相同的错误。

相关内容