postfix/dovecotを使ったメールサーバを作成する際、そのサーバ上でユーザ向けメールサービスを提供する場合にLDA設定を行う必要がある。
調べると dovecot-lda を使って保存するのがよさそうではある
参考資料
dovecot側 「Dovecot LDA」「Dovecot LDA Examples」「Dovecot LDA with Postfix」
ただ、これをActive Directory/LDAPと連携させる場合の記述についてがいまいちはっきりしない。
ベースとするのは「Dovecot LDA with Postfix」の「Virtual users」にある記述で、/etc/postfix/master.cf に dovecotの記述を追加して、 /etc/postfix/main.cf に dovecot_destination_recipient_limit , virtual_mailbox_domains , virtual_transport の設定を追加する、と読める。
ただ、これだけだとメールを格納する場所について書いてないなぁ、と思いつつ試してみた
その結果、 virtual_transport=dovecot を設定した場合は、 postfix側で “virtual_mailbox_maps= ldap:/etc/postfix/ldap-mailbox.cf”とか”virtual_mailbox_base= /var/vmail”とかの設定を入れて /etc/postfix/ldap-mailbox.cf でLDAPに関する設定を書いたりする必要なく、dovecot側で行ったLDAP連携設定をもとにdovecot側で処理してくれる、ということが分かった
で・・・これの確認をするための副産物として、 virtual_transport=dovecotとしているのに virtual_mailbox_maps= ldap:/etc/postfix/ldap-mailbox.cf とかpostfix側でLDAPを直接見に行くような設定をしてしまうとどうなるの?というのを確認していた(意図せずに・・・
gihyoにあるそろそろLDAPにしてみないか?第15回「FDS+Postfixでメールサーバ管理」と「デージーネットのOSS postLDAPadmin Appendix」を参照しつついろいろ検討
まず、今回、/etc/postfix/master.cf の最下行にdovecotに関する2行を追加した
[root@mail postfix]# tail /etc/postfix/master.cf
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
[root@mail postfix]#
そして、/etc/postfix/main.cf には以下を追加した
[root@mail postfix]# tail -10 /etc/postfix/main.cf
#
#
virtual_mailbox_domains = adsample.local
virtual_mailbox_maps= ldap:/etc/postfix/ldap-mailbox.cf
virtual_mailbox_base= /var/vmail
virtual_uid_maps= static:1000
virtual_gid_maps= static:1000
virtual_transport= dovecot
dovecot_destination_recipient_limit = 1
[root@mail postfix]#
で、postfix側のLDAP連携設定は以下とした
[root@mail postfix]# cat /etc/postfix/ldap-mailbox.cf
#server_host=192.168.122.10
server_host=ldaps://192.168.122.10
#server_port=636
#search_base=dc=adsample,dc=local
search_base=cn=Users,dc=adsample,dc=local
scope=sub
#query_filter = (&(objectClass=user)(mail=%s))
query_filter = (&(objectClass=user)(userPrincipalName=%s))
result_attribute = samAccountName
result_filter = /var/mail/%s/Maildir/
bind=yes
bind_dn=vmail@adsample.local
bind_pw=パスワード
version=3
#start_tls=yes
#debuglevel=10
[root@mail postfix]#
とりあえず「debuglevel=10」というのは調査中に有効にしていた値
virtual_mailbox_maps で取得できる情報として期待されているものは メールを保存するディレクトリ名 の模様
コメントとなっている「query_filter = (&(objectClass=user)(mail=%s))」はActive Directoryベースだとmailってないので使わない。ユーザ名のみの場合は「samAccountName=%s」、ドメイン名付きの場合は「userPrincipalName=%s」かな、というところで設定
取得できてるかどうかは「postmap -q ユーザ名 ldap:/~」で確認
[root@mail ~]# postmap -q testuser1@adsample.local ldap:/etc/postfix/ldap-mailbox.cf
/var/mail/testuser1/Maildir/
[root@mail ~]#
想定しているディレクトリ名が出力されればOK
-vオプションをつけると検索内容の詳細が確認できる。
[root@mail ~]# postmap -v -q testuser1@adsample.local ldap:/etc/postfix/ldap-mailbox.cf
postmap: name_mask: all
postmap: inet_addr_local: configured 2 IPv4 addresses
postmap: inet_addr_local: configured 2 IPv6 addresses
postmap: dict_ldap_open: Using LDAP source /etc/postfix/_ldap-mailbox.cf
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: server_host = ldaps://192.168.122.10
postmap: cfg_get_int: /etc/postfix/_ldap-mailbox.cf: server_port = 389
postmap: cfg_get_int: /etc/postfix/_ldap-mailbox.cf: version = 3
postmap: dict_ldap_open: /etc/postfix/_ldap-mailbox.cf server_host URL is ldaps://192.168.122.10
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: scope = sub
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: search_base = cn=Users,dc=adsample,dc=local
postmap: cfg_get_int: /etc/postfix/_ldap-mailbox.cf: timeout = 10
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: query_filter = (&(objectClass=user)(userPrincipalName=%s))
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: result_format = <NULL>
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: result_filter = /var/mail/%s/Maildir/
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: domain =
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: terminal_result_attribute =
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: leaf_result_attribute =
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: result_attribute = samAccountName
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: special_result_attribute =
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: bind = yes
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: bind_dn = vmail@adsample.local
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: bind_pw = パスワード
postmap: cfg_get_bool: /etc/postfix/_ldap-mailbox.cf: cache = off
postmap: cfg_get_int: /etc/postfix/_ldap-mailbox.cf: cache_expiry = -1
postmap: cfg_get_int: /etc/postfix/_ldap-mailbox.cf: cache_size = -1
postmap: cfg_get_int: /etc/postfix/_ldap-mailbox.cf: recursion_limit = 1000
postmap: cfg_get_int: /etc/postfix/_ldap-mailbox.cf: expansion_limit = 0
postmap: cfg_get_int: /etc/postfix/_ldap-mailbox.cf: size_limit = 0
postmap: cfg_get_int: /etc/postfix/_ldap-mailbox.cf: dereference = 0
postmap: cfg_get_bool: /etc/postfix/_ldap-mailbox.cf: chase_referrals = off
postmap: cfg_get_bool: /etc/postfix/_ldap-mailbox.cf: start_tls = off
postmap: cfg_get_bool: /etc/postfix/_ldap-mailbox.cf: tls_require_cert = off
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: tls_ca_cert_file =
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: tls_ca_cert_dir =
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: tls_cert =
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: tls_key =
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: tls_random_file =
postmap: cfg_get_str: /etc/postfix/_ldap-mailbox.cf: tls_cipher_suite =
postmap: cfg_get_int: /etc/postfix/_ldap-mailbox.cf: debuglevel = 0
postmap: dict_open: ldap:/etc/postfix/_ldap-mailbox.cf
postmap: dict_ldap_lookup: In dict_ldap_lookup
postmap: dict_ldap_lookup: No existing connection for LDAP source /etc/postfix/_ldap-mailbox.cf, reopening
postmap: dict_ldap_connect: Connecting to server ldaps://192.168.122.10
postmap: dict_ldap_connect: Actual Protocol version used is 3.
postmap: dict_ldap_connect: Binding to server ldaps://192.168.122.10 with dn vmail@adsample.local
postmap: dict_ldap_connect: Successful bind to server ldaps://192.168.122.10 with dn vmail@adsample.local
postmap: dict_ldap_connect: Cached connection handle for LDAP source /etc/postfix/_ldap-mailbox.cf
postmap: dict_ldap_lookup: /etc/postfix/_ldap-mailbox.cf: Searching with filter (&(objectClass=user)(userPrincipalName=testuser1@adsample.local))
postmap: dict_ldap_get_values[1]: Search found 1 match(es)
postmap: dict_ldap_get_values[1]: search returned 1 value(s) for requested result attribute sAMAccountName
postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
postmap: dict_ldap_lookup: Search returned /var/mail/testuser1/Maildir/
/var/mail/testuser1/Maildir/
postmap: dict_ldap_close: Closed connection handle for LDAP source /etc/postfix/_ldap-mailbox.cf
[root@mail ~]#
それっぽい動作をすることを確認して、postfixを再起動してみたところ”virtual_transport= dovecot”設定を無視して postfix側でLDAPを見に行くことを確認。(/etc/postfix/ldap-mailbox.cfにdebuglevel=10を設定すると、 /var/log/maillog に詳細ログが出ているので)
どうやら、2025年5月時点では postfix/dovecotでActive Directory連携するときは、postfix側ではLDAP連携をする必要はないようだ(aliasなどをAD側で設定している場合は別)
最終的に行った設定内容
結局のところ「Dovecot LDA with Postfix」の Virutal users記載ベースで/etc/postfix/master.cfの末尾にdovecot用設定2行追加。(元ネタでは /usr/local/libexec以下にあるけどRHEL9では/usr/libexecという違いに注意)
[root@mail ~]# tail /etc/postfix/master.cf
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
[root@mail ~]#
/etc/postfix/main.cf に以下を追加
[root@mail ~]# tail -5 /etc/postfix/main.cf
#
virtual_mailbox_domains = adsample.local
virtual_transport= dovecot
dovecot_destination_recipient_limit = 1
[root@mail ~]#
なお、この時にdovecot側のLDAP連携設定は以下となっている。(メールソフト側でIMAP/POP3用に入力するユーザ名をドメイン名付きにしたい場合はuserPrincipalName、ユーザ名のみにしたい場合は samAccountName を使う)
[root@mail ~]# cat /etc/dovecot/dovecot-ldap.conf.ext
dn= cn=vmail,cn=Users,dc=adsample,dc=local
dnpass= パスワード
#pass_filter= (samAccountName=%u)
#user_filter= (samAccountName=%u)
user_filter= (userPrincipalName=%u)
pass_filter= (userPrincipalName=%u)
user_attrs = =uid=1000, =gid=1000
pass_attrs = =uid=1000, =gid=1000
auth_bind=yes
uris=ldaps://192.168.122.10
base= cn=Users,dc=adsample,dc=local
scope=subtree
[root@mail ~]# cat /etc/dovecot/conf.d/auth-ldap.conf.ext
# Authentication for LDAP users. Included from 10-auth.conf.
#
# <doc/wiki/AuthDatabase.LDAP.txt>
passdb {
driver = ldap
# Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
args = /etc/dovecot/dovecot-ldap.conf.ext
}
# "prefetch" user database means that the passdb already provided the
# needed information and there's no need to do a separate userdb lookup.
# <doc/wiki/UserDatabase.Prefetch.txt>
#userdb {
# driver = prefetch
#}
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
# Default fields can be used to specify defaults that LDAP may override
#default_fields = home=/home/virtual/%u
default_fields = uid=vmail gid=vmail
}
# If you don't have any user-specific settings, you can avoid the userdb LDAP
# lookup by using userdb static instead of userdb ldap, for example:
# <doc/wiki/UserDatabase.Static.txt>
#userdb {
#driver = static
#args = uid=vmail gid=vmail home=/var/vmail/%u
#}
[root@mail ~]#
また /etc/dovecot/conf.d/10-mail.conf に mail_location = maildir:/var/mail/%n/Maildir という設定を追加している。
[root@mail ~]# diff -u /etc/dovecot/conf.d/10-mail.conf.org /etc/dovecot/conf.d/10-mail.conf
--- /etc/dovecot/conf.d/10-mail.conf.org 2025-04-25 03:13:54.044373479 +0900
+++ /etc/dovecot/conf.d/10-mail.conf 2025-04-30 10:59:12.661404241 +0900
@@ -27,7 +27,7 @@
#
# <doc/wiki/MailLocation.txt>
#
-#mail_location =
+mail_location = maildir:/var/mail/%n/Maildir
# If you need to set multiple mailbox locations or want to change default
# namespace settings, you can do it by defining namespace sections.
[root@mail ~]#
エラー対処
/var/log/maillog を見てたら下記のようなpermission問題があった
May 1 18:28:19 mail dovecot[924]: auth: Debug: userdb out: USER#0111#011testuser2@adsample.local#011uid=1000#011gid=1000
May 1 18:28:19 mail dovecot[2244]: lda(testuser2@adsample.local)<2244></OWMMLM+E2jECAAAOg3h0A>: msgid=<9da96806-84e5-4f26-9752-acf16b48d4dc@adsample.local>: saved mail to INBOX
May 1 18:28:19 mail postfix/pipe[2238]: AD3C12037F14: to=<testuser2@adsample.local>, orig_to=<testuser2@adosakana.local>, relay=dovecot, delay=0.13, delays=0.02/0/0/0.11, dsn=2.0.0, status=sent (delivered via dovecot service (lda(testuser2@adsample.local): Error: net_connect_unix(/run/dovecot/stats-writer) failed: Permission))
May 1 18:28:19 mail postfix/qmgr[2205]: AD3C12037F14: removed
エラー対処を調べると2019年1月のiredmailフォーラムの「Re: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed」 が出てくる
これだと /etc/dovecot/dovecot.conf に直接追加しているが、 /etc/dovecot/conf.d/に新しいファイルを作って追加することにした
[root@mail conf.d]# vi /etc/dovecot/conf.d/12-stat.conf
[root@mail conf.d]# cat /etc/dovecot/conf.d/12-stat.conf
service stats {
unix_listener stats-reader {
user = vmail
group = vmail
mode = 0660
}
unix_listener stats-writer {
user = vmail
group = vmail
mode = 0660
}
}
[root@mail conf.d]# systemctl restart dovecot
[root@mail conf.d]#
これで出力されなくなった
メール送信時の細かい設定について
/etc/dovecot/dovecot-ldap.conf.ext と /etc/dovecot/conf.d/auth-ldap.conf.ext のそれぞれでuid/gidに関する設定を入れているが、それぞれの必要性について再検証
というのは、設定してるなかで、片方だけ設定を入れているとmissingログが出てたから両方入れた・・・はずだったんだけど、それって正しいの?という検証
まずは/etc/dovecot/conf.d/99-debug.conf にdebugログ出力設定を書いて 実施
[root@mail ~]# cat /etc/dovecot/conf.d/99-debug.conf
auth_debug=yes
auth_debug_passwords=yes
auth_verbose=yes
auth_verbose_passwords=yes
verbose_proctitle=yes
verbose_ssl=yes
[root@mail ~]#
ケース1
conf.d/auth-ldap.conf.ext に 「default_fields = uid=vmail gid=vmail」
dovecot-ldap.conf.ext で user_atrrs,pass_attrsの設定なし
この時メールを送信すると以下のような”result: uid missing”, “result: homeDirectory missing; uidNumber missing; gidNumber missing”ログがある
May 2 09:45:39 mail dovecot[1564]: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011session=BnUjeBw0hcjAqHoB#011lip=192.168.122.12#011rip=192.168.122.1#011lport=143#011rport=51333
May 2 09:45:39 mail dovecot[1564]: auth: Debug: client passdb out: CONT#0111
May 2 09:45:39 mail dovecot[1564]: auth: Debug: client in: CONT#0111#011AHRlc3R1c2VyMkBhZHNhbXBsZS5sb2NhbABkaWdpdGFsMTIzQSM= (previous base64 data may contain sensitive data)
May 2 09:45:39 mail dovecot[1564]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<BnUjeBw0hcjAqHoB>): Performing passdb lookup
May 2 09:45:39 mail dovecot[1564]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<BnUjeBw0hcjAqHoB>): bind search: base=cn=Users,dc=adsample,dc=local filter=(userPrincipalName=testuser2@adsample.local)
May 2 09:45:39 mail dovecot[1564]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<BnUjeBw0hcjAqHoB>): no fields returned by the server
May 2 09:45:39 mail dovecot[1564]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<BnUjeBw0hcjAqHoB>): result: uid missing
May 2 09:45:39 mail dovecot[1564]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<BnUjeBw0hcjAqHoB>): Finished passdb lookup
May 2 09:45:39 mail dovecot[1564]: auth: Debug: auth(testuser2@adsample.local,192.168.122.1,<BnUjeBw0hcjAqHoB>): Auth request finished
May 2 09:45:39 mail dovecot[1564]: auth: Debug: client passdb out: OK#0111#011user=testuser2@adsample.local
May 2 09:45:39 mail dovecot[1564]: auth: Debug: master in: REQUEST#0112287206401#0111566#0111#011bef1c5eb0e8a2b05cf297e143bfb1cc6#011session_pid=1569#011request_auth_token
May 2 09:45:39 mail dovecot[1564]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<BnUjeBw0hcjAqHoB>): Performing userdb lookup
May 2 09:45:39 mail dovecot[1564]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<BnUjeBw0hcjAqHoB>): user search: base=cn=Users,dc=adsample,dc=local scope=subtree filter=(userPrincipalName=testuser2@adsample.local) fields=homeDirectory,uidNumber,gidNumber
May 2 09:45:39 mail dovecot[1564]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<BnUjeBw0hcjAqHoB>): no fields returned by the server
May 2 09:45:39 mail dovecot[1564]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<BnUjeBw0hcjAqHoB>): result: homeDirectory missing; uidNumber missing; gidNumber missing
May 2 09:45:39 mail dovecot[1564]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<BnUjeBw0hcjAqHoB>): Finished userdb lookup
May 2 09:45:39 mail dovecot[1564]: auth: Debug: master userdb out: USER#0112287206401#011testuser2@adsample.local#011uid=1000#011gid=1000#011auth_mech=PLAIN#011auth_token=aaa072efd8fc1ceb4051c9c51b1fdbc9437e7f81
ケース2
conf.d/auth-ldap.conf.ext に default_fields 設定なし
dovecot-ldap.conf.ext で “user_attrs = =uid=1000, =gid=1000″,”pass_attrs = =uid=1000, =gid=1000” 設定あり
この場合、ログに xxx missing が出ない?
May 2 09:54:48 mail dovecot[959]: auth: Debug: client in: CONT#0111#011AHRlc3R1c2VyMkBhZHNhbXBsZS5sb2NhbABkaWdpdGFsMTIzQSM= (previous base64 data may contain sensitive data)
May 2 09:54:48 mail dovecot[959]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<D2PcmBw0S8rAqHoB>): Performing passdb lookup
May 2 09:54:48 mail dovecot[959]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<D2PcmBw0S8rAqHoB>): bind search: base=cn=Users,dc=adsample,dc=local filter=(userPrincipalName=testuser2@adsample.local)
May 2 09:54:48 mail dovecot[959]: auth: Debug: master in: USER#0111#011testuser1@adsample.local#011service=lda
May 2 09:54:48 mail dovecot[959]: auth: Debug: ldap(testuser1@adsample.local): Performing userdb lookup
May 2 09:54:48 mail dovecot[959]: auth: Debug: ldap(testuser1@adsample.local): user search: base=cn=Users,dc=adsample,dc=local scope=subtree filter=(userPrincipalName=testuser1@adsample.local) fields=
May 2 09:54:48 mail dovecot[959]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<D2PcmBw0S8rAqHoB>): result: objectClass=top,top,top,top cn=testuser2 givenName=testuser2 distinguishedName=CN=testuser2,CN=Users,DC=adsample,DC=local instanceType=4 whenCreated=20250417094639.0Z whenChanged=20250430015944.0Z displayName=testuser2 uSNCreated=12616 uSNChanged=40983 name=testuser2 objectGUID=�u&#016$|-E�Z#034\O?�#036 userAccountControl=66048 badPwdCount=0 codePage=0 countryCode=0 badPasswordTime=133893655225944004 lastLogoff=0 lastLogon=133894260848965097 pwdLastSet=133893567990887154 primaryGroupID=513 objectSid=<no values> accountExpires=9223372036854775807 logonCount=16 sAMAccountName=testuser2 sAMAccountType=805306368 userPrincipalName=testuser2@adsample.local objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=adsample,DC=local dSCorePropagationData=20250418015428.0Z,20250418015428.0Z lastLogonTimestamp=133904519848472342; objectGUID,uSNCreated,objectCategory,objectClass,primaryGroupID,cn,givenName,objectSid,sAMAccountType,dSCorePropagationData,userAccountControl,name,codePage,lastLogon,logonCount,countryCode,lastLogoff,uSNChanged,pwdLastSet,distinguishedName,sAMAccountName,whenChanged,userPrincipalName,instanceType,badPwdCount,accountExpires,whenCreated,displayName,badPasswordTime,lastLogonTimestamp unused
May 2 09:54:48 mail dovecot[959]: auth: Debug: ldap(testuser1@adsample.local): result: objectClass=top,top,top,top cn=testuser1 givenName=testuser1 distinguishedName=CN=testuser1,CN=Users,DC=adsample,DC=local instanceType=4 whenCreated=20250417094618.0Z whenChanged=20250425001141.0Z displayName=testuser1 uSNCreated=12609 uSNChanged=36883 name=testuser1 objectGUID=#037��#�!#020F�j#020#010��#011x userAccountControl=66048 badPwdCount=0 codePage=0 countryCode=0 badPasswordTime=133900339076624909 lastLogoff=0 lastLogon=133900339256453379 pwdLastSet=133893567784742554 primaryGroupID=513 objectSid=<no values> accountExpires=9223372036854775807 logonCount=0 sAMAccountName=testuser1 sAMAccountType=805306368 userPrincipalName=testuser1@adsample.local objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=adsample,DC=local dSCorePropagationData=20250418015428.0Z,20250418015428.0Z lastLogonTimestamp=133900135017739905 mail=testuser1@example.com; objectGUID,uSNCreated,objectCategory,objectClass,primaryGroupID,cn,givenName,objectSid,sAMAccountType,dSCorePropagationData,userAccountControl,name,mail,codePage,lastLogon,logonCount,countryCode,lastLogoff,uSNChanged,pwdLastSet,distinguishedName,sAMAccountName,whenChanged,userPrincipalName,instanceType,badPwdCount,accountExpires,whenCreated,displayName,badPasswordTime,lastLogonTimestamp unused
May 2 09:54:48 mail dovecot[959]: auth: Debug: ldap(testuser1@adsample.local): Finished userdb lookup
May 2 09:54:48 mail dovecot[959]: auth: Debug: userdb out: USER#0111#011testuser1@adsample.local#011uid=1000#011gid=1000
May 2 09:54:48 mail dovecot[959]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<D2PcmBw0S8rAqHoB>): Finished passdb lookup
May 2 09:54:48 mail dovecot[959]: auth: Debug: auth(testuser2@adsample.local,192.168.122.1,<D2PcmBw0S8rAqHoB>): Auth request finished
May 2 09:54:48 mail dovecot[959]: auth: Debug: client passdb out: OK#0111#011user=testuser2@adsample.local#011uid=1000#011gid=1000
May 2 09:54:48 mail dovecot[1423]: lda(testuser1@adsample.local)<1423><jFPYJdgXFGiPBQAAOg3h0A>: msgid=<c923fd79-8135-46e3-aa56-afd1a1282ff8@adsample.local>: saved mail to INBOX
May 2 09:54:48 mail postfix/pipe[1422]: 7FF342020373: to=<testuser1@adsample.local>, orig_to=<testuser1@adosakana.local>, relay=dovecot, delay=0.15, delays=0.03/0.01/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
May 2 09:54:48 mail postfix/qmgr[884]: 7FF342020373: removed
May 2 09:54:48 mail dovecot[959]: auth: Debug: master in: REQUEST#0113980787713#0111424#0111#011d2548dbb496c7cf3c62e2637869d2d69#011session_pid=1425#011request_auth_token
May 2 09:54:48 mail dovecot[959]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<D2PcmBw0S8rAqHoB>): Performing userdb lookup
May 2 09:54:48 mail dovecot[959]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<D2PcmBw0S8rAqHoB>): user search: base=cn=Users,dc=adsample,dc=local scope=subtree filter=(userPrincipalName=testuser2@adsample.local) fields=
May 2 09:54:48 mail dovecot[959]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<D2PcmBw0S8rAqHoB>): result: objectClass=top,top,top,top cn=testuser2 givenName=testuser2 distinguishedName=CN=testuser2,CN=Users,DC=adsample,DC=local instanceType=4 whenCreated=20250417094639.0Z whenChanged=20250430015944.0Z displayName=testuser2 uSNCreated=12616 uSNChanged=40983 name=testuser2 objectGUID=�u&#016$|-E�Z#034\O?�#036 userAccountControl=66048 badPwdCount=0 codePage=0 countryCode=0 badPasswordTime=133893655225944004 lastLogoff=0 lastLogon=133894260848965097 pwdLastSet=133893567990887154 primaryGroupID=513 objectSid=<no values> accountExpires=9223372036854775807 logonCount=16 sAMAccountName=testuser2 sAMAccountType=805306368 userPrincipalName=testuser2@adsample.local objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=adsample,DC=local dSCorePropagationData=20250418015428.0Z,20250418015428.0Z lastLogonTimestamp=133904519848472342; objectGUID,uSNCreated,objectCategory,objectClass,primaryGroupID,cn,givenName,objectSid,sAMAccountType,dSCorePropagationData,userAccountControl,name,codePage,lastLogon,logonCount,countryCode,lastLogoff,uSNChanged,pwdLastSet,distinguishedName,sAMAccountName,whenChanged,userPrincipalName,instanceType,badPwdCount,accountExpires,whenCreated,displayName,badPasswordTime,lastLogonTimestamp unused
May 2 09:54:48 mail dovecot[959]: auth: Debug: ldap(testuser2@adsample.local,192.168.122.1,<D2PcmBw0S8rAqHoB>): Finished userdb lookup
May 2 09:54:48 mail dovecot[959]: auth: Debug: master userdb out: USER#0113980787713#011testuser2@adsample.local#011uid=1000#011gid=1000#011auth_mech=PLAIN#011auth_token=68518eb1e5a886522b5dcabaae828704633386c9
missing 出力がない??
そもそも、同じログレベル出力なのに、出力された内容に差がありすぎるんですが・・・
dovecot-ldap.conf.ext に “user_attrs = =uid=1000, =gid=1000″,”pass_attrs = =uid=1000, =gid=1000” を設定するだけでいける?