Dovecot用户没有文件权限

Dovecot用户没有文件权限

我想通过 LDAP(基于 Samba 4 的 AD)对 dovecot 进行身份验证。文件存储在 /var/mail/vmail/ 中,其所有者为 vmail:vmail 。一个用户正在工作,因为它使用 vmail 作为 uid 和 gid:

$ sudo doveadm user du
field   value
uid vmail
gid vmail
home    
mail    maildir:/var/mail/vmail//du

所有其他用户都无法更改目录(因此不存储任何邮件),它们看起来像这样:

$ sudo doveadm user sh
field   value
uid 2035
gid 5074
home    
mail    maildir:/var/mail/vmail//sh

我不知道为什么该用户不使用 vmail 作为虚拟用户来更改 maildir。

相关配置如下:

disable_plaintext_auth = no
auth_mechanisms = plain login
mail_uid = vmail
mail_gid = vmail
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.key
login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
mail_plugins = quota
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
log_timestamp = "%Y-%m-%d %H:%M:%S "
protocols = imap
listen = *
mail_location = maildir:/var/mail/vmail/%d/%n
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
service auth {
  unix_listener /var/spool/postfix/private/auth_dovecot {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
  user = root
}
service dict {
    unix_listener dict {
        mode = 0660
        user = vmail
        group = vmail
    }
}
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix =
}
protocol imap {
  mail_plugins = quota imap_quota
}
plugin {
  quota = maildir:User quota
}

还有 Dovecot LDAP:

uris = ldaps://ucs01.domain.tld 
dn = cn=ldap-read,ou=Users,ou=domain,dc=domain,dc=tld
dnpass = ***********
tls_ca_cert_dir = /etc/ssl/certs/
tls_require_cert = never
auth_bind = yes
ldap_version = 3
base = ou=domain,dc=domain,dc=tld
scope = subtree
user_filter = (sAMAccountName=%Ln)
pass_filter = (sAMAccountName=%Ln)
iterate_attrs = uid=user
iterate_filter = (objectClass=person)
default_pass_scheme = CRYPT

答案1

home从 LDAP 目录中获取 dovecot 虚拟用户和的数值 uid 和数值 gid 似乎很常见maildir。也就是说,由于您没有预取设置,因此应该结合user_filteruser_attrs从中获取用户/组信息dovecot-ldap.conf.ext

我只能推测,但我在你的文件中找不到,user_attrs而且由于 dovecot 的示例配置文件通常包含默认设置,所以我查看了pass_attrsdovecot-ldap.conf.extdovecot-ldap.conf.扩展名来自官方 github repo。结果发现,它包含一个数字 uid 和 gid 映射。以下是代码片段的最后一行。

# User attributes are given in LDAP-name=dovecot-internal-name list. The
# internal names are:
#   uid - System UID
#   gid - System GID
#   home - Home directory
#   mail - Mail location
#
# There are also other special fields which can be returned, see
# http://wiki2.dovecot.org/UserDatabase/ExtraFields
#user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid

现在开始讨论最有趣的部分:您是否碰巧在 LDAP 实体上查询了属性(通常是某些属性uidNumber或objectClass )?如果是这样,请检查您在 dovecot 的 vmail 文件夹中观察到的 uid/gid 值是否与存储在 LDAP 中的值相对应。gidNumberpersonaccount

相关内容