Univention Bugzilla – Full Text Bug Listing |
Summary: | PAM changes email address to username | ||
---|---|---|---|
Product: | UCS | Reporter: | Daniel Tröder <troeder> |
Component: | Mail - Dovecot | Assignee: | Mail maintainers <mail-maintainers> |
Status: | RESOLVED WONTFIX | QA Contact: | |
Severity: | normal | ||
Priority: | P5 | CC: | best, birkefeld, schwardt |
Version: | UCS 4.0 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 1: Cosmetic issue or missing function but workaround exists |
Who will be affected by this bug?: | 5: Will affect all installed domains | How will those affected feel about the bug?: | 1: Nuisance – not a big deal but noticeable |
User Pain: | 0.029 | Enterprise Customer affected?: | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 38457, 39317 |
Description
Daniel Tröder
2015-04-29 15:08:14 CEST
Open tasks: - add dependency to libpam-univentionmailcyrus - provide a suitable PAM stack via univention-mail-dovecot * dependency to libpam-univentionmailcyrus: r60761 * PAM stack via univention-mail-dovecot: r60838 Leaving this OPEN until a decision is made regarding trying to make PAM to revert the "user" back to the "original_user" (email address). I think we can stick to the current status: pam stack converts mail address to username and user_filter is looking for uid=%s in LDAP. There is no benefit in changing this now. May be altered without problems later on. univentionmailcyrus.so does not honor univentionMailHomeServer. This results with Dovecot in an "Internal login failure", because for a user with a homeServer!=self PAM authentication succeeds, but the LDAP lookup fails. Dovecot interprets this as his own fault. This is not a problem for the functioning of Dovecot, just a ugly log message. Authentication should only succeed if the user has a mail account on the local server (univentionMailHomeServer=FQDN) or univentionMailHomeServer is empty. Split problem "univentionmailcyrus.so does not honor univentionMailHomeServer" into separate Bug #39317. (In reply to Sönke Schwardt-Krummrich from comment #3) > I think we can stick to the current status: > pam stack converts mail address to username and user_filter is looking for > uid=%s in LDAP. There is no benefit in changing this now. May be altered > without problems later on. Currently the logfile contains a mix of mail address and UID as dovecot username. If the PAM stack has been used, the UID is shown in logile, otherwise the mail address is used. Maybe we can fix this in conjunction with bug 39317. This issue has been filled against UCS 4.0. The maintenance with bug and security fixes for UCS 4.0 has ended on 31st of May 2016. Customers still on UCS 4.0 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you. |