[GH-ISSUE #1273] Webmail authentication failed by LDAP user #1029

New issue

Closed

opened 2026-02-27 11:14:49 +03:00 by kerem · 7 comments

kerem commented 2026-02-27 11:14:49 +03:00

Owner

Copy link

Originally created by @yiminfantw on GitHub (Oct 12, 2017).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/1273

Impacted versions

• Modoboa: 1.9.0
• installer used: Yes
• Webserver: Nginx
• Ubuntu 16.04 (Xenial)

Steps to reproduce

Fresh installation, following http://modoboa.readthedocs.io/en/latest/configuration.html to enable LDAP authentication, filling out LDAP settings and rebooting server, logging in by LDAP user and switching to webmail page.

Current behavior

Getting "Error: ['[AUTHENTICATIONFAILED] Authentication failed.']" when switching to webmail page.

Expected behavior

Normal webmail page as non-LDAP user has.

More info

Through admin account I can see the LDAP user mailbox has been created in Identities page. The user role is "Simple user", quota is disabled by "Use domain default value" checkbox ticked. User name and email are [name]@[domain].

Originally created by @yiminfantw on GitHub (Oct 12, 2017). Original GitHub issue: https://github.com/modoboa/modoboa/issues/1273 # Impacted versions * Modoboa: 1.9.0 * installer used: Yes * Webserver: Nginx * Ubuntu 16.04 (Xenial) # Steps to reproduce Fresh installation, following http://modoboa.readthedocs.io/en/latest/configuration.html to enable LDAP authentication, filling out LDAP settings and rebooting server, logging in by LDAP user and switching to webmail page. # Current behavior Getting "Error: ['[AUTHENTICATIONFAILED] Authentication failed.']" when switching to webmail page. # Expected behavior Normal webmail page as non-LDAP user has. # More info Through admin account I can see the LDAP user mailbox has been created in Identities page. The user role is "Simple user", quota is disabled by "Use domain default value" checkbox ticked. User name and email are [name]@[domain].

kerem closed this issue 2026-02-27 11:14:49 +03:00

kerem commented 2026-02-27 11:14:50 +03:00

Author

Owner

Copy link

@tonioo commented on GitHub (Oct 12, 2017):

Have you configured dovecot too? (https://wiki.dovecot.org/HowTo/DovecotOpenLdap)

<!-- gh-comment-id:336108115 --> @tonioo commented on GitHub (Oct 12, 2017): Have you configured dovecot too? (https://wiki.dovecot.org/HowTo/DovecotOpenLdap)

kerem commented 2026-02-27 11:14:50 +03:00

Author

Owner

Copy link

@yiminfantw commented on GitHub (Oct 13, 2017):

Hi @tonioo, I haven't configured dovecot yet, will get on that. Thx for pointing this out.

<!-- gh-comment-id:336349772 --> @yiminfantw commented on GitHub (Oct 13, 2017): Hi @tonioo, I haven't configured dovecot yet, will get on that. Thx for pointing this out.

kerem commented 2026-02-27 11:14:50 +03:00

Author

Owner

Copy link

@yiminfantw commented on GitHub (Oct 13, 2017):

Hi @tonioo,

I managed to configure dovecot-ldap.conf.ext and now the authentication seems passing through, but I got the following error:

Error: ['[SERVERBUG] Internal error occurred. Refer to server log for more information. [2017-10-13 07:20:04] (0.000 + 0.000 secs).']

By checking dovecot status, I got the following info(cuz I set debug_level=-1):

Oct 13 07:32:10 localhost dovecot[9774]: auth: Error: ldap_chkResponseList returns ld 0x555f5009f7a0 NULL
Oct 13 07:32:10 localhost dovecot[9774]: auth: Error: ldap_int_select
Oct 13 07:32:10 localhost dovecot[9774]: imap-login: Login: user=<ldapservice@yiminfan.tech>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=9814, TLS, session=<KeeVp2hbhoZ/AAAB>
Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: net_connect_unix(/var/run/dovecot/dict) failed: Permission denied (euid=5006(<unknown>) egid=5006(<unknown>) ...0:0 mode=0755)
Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: Failed to autocreate mailbox Drafts: Permission denied
Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: Failed to autocreate mailbox Junk: Permission denied
Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: Failed to autocreate mailbox Trash: Permission denied
Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: Failed to autocreate mailbox Sent: Permission denied
Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: mkdir(/home/ldapservice/Maildir/cur) failed: Permission denied (euid=5006(<unknown>) egid=5006(<unknown>) mis...0:0 mode=0755)
Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: mkdir(/home/ldapservice/Maildir/cur) failed: Permission denied (euid=5006(<unknown>) egid=5006(<unknown>) mis...0:0 mode=0755)

Although I'm not sure what does the auth: error mean for the first two lines, but it seems passing through and encountering permission issue on modoboa(or dovecot?) admin side. Should it create user folder in /home? Creating local user(say domain admin) doesn't create user folder in /home though...

Any suggestion? FYI, I upgraded to v1.9.1.

Cheers,
YiMin

<!-- gh-comment-id:336372895 --> @yiminfantw commented on GitHub (Oct 13, 2017): Hi @tonioo, I managed to configure dovecot-ldap.conf.ext and now the authentication seems passing through, but I got the following error: ``` Error: ['[SERVERBUG] Internal error occurred. Refer to server log for more information. [2017-10-13 07:20:04] (0.000 + 0.000 secs).'] ``` By checking dovecot status, I got the following info(cuz I set debug_level=-1): ``` Oct 13 07:32:10 localhost dovecot[9774]: auth: Error: ldap_chkResponseList returns ld 0x555f5009f7a0 NULL Oct 13 07:32:10 localhost dovecot[9774]: auth: Error: ldap_int_select Oct 13 07:32:10 localhost dovecot[9774]: imap-login: Login: user=<ldapservice@yiminfan.tech>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=9814, TLS, session=<KeeVp2hbhoZ/AAAB> Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: net_connect_unix(/var/run/dovecot/dict) failed: Permission denied (euid=5006(<unknown>) egid=5006(<unknown>) ...0:0 mode=0755) Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: Failed to autocreate mailbox Drafts: Permission denied Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: Failed to autocreate mailbox Junk: Permission denied Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: Failed to autocreate mailbox Trash: Permission denied Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: Failed to autocreate mailbox Sent: Permission denied Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: mkdir(/home/ldapservice/Maildir/cur) failed: Permission denied (euid=5006(<unknown>) egid=5006(<unknown>) mis...0:0 mode=0755) Oct 13 07:32:10 localhost dovecot[9774]: imap(ldapservice@yiminfan.tech): Error: mkdir(/home/ldapservice/Maildir/cur) failed: Permission denied (euid=5006(<unknown>) egid=5006(<unknown>) mis...0:0 mode=0755) ``` Although I'm not sure what does the **auth: error** mean for the first two lines, but it seems passing through and encountering permission issue on modoboa(or dovecot?) admin side. Should it create user folder in /home? Creating local user(say domain admin) doesn't create user folder in /home though... Any suggestion? FYI, I upgraded to v1.9.1. Cheers, YiMin

kerem commented 2026-02-27 11:14:50 +03:00

Author

Owner

Copy link

@ProCreator commented on GitHub (Oct 14, 2017):

@tonioo,

I am having the same problem. So if I understand correctly what is being said is that the Modoboa ldap authentication only work for the Modoboa administration and now webmail? I am running my Modoboa config on Ubuntu and am having a real difficult time following the complexities of of the dovecot wiki for setting up the authentication even though I have successfully setup the Modoboa authentication. Is there any way you could assist by simplifying the implementation?

<!-- gh-comment-id:336602730 --> @ProCreator commented on GitHub (Oct 14, 2017): @tonioo, I am having the same problem. So if I understand correctly what is being said is that the Modoboa ldap authentication only work for the Modoboa administration and now webmail? I am running my Modoboa config on Ubuntu and am having a real difficult time following the complexities of of the dovecot wiki for setting up the authentication even though I have successfully setup the Modoboa authentication. Is there any way you could assist by simplifying the implementation?

kerem commented 2026-02-27 11:14:50 +03:00

Author

Owner

Copy link

@yiminfantw commented on GitHub (Oct 14, 2017):

Ya, the Modoboa ldap only works for Modoboa administration and has nothing to do with webmail (because dovecot takes different ldap config). Here is how I set it up, took me a while and looked up many internet resources though:

• Editing /etc/dovecot/conf.d/10-auth.conf

#!include auth-sql.conf.ext
!include auth-ldap.conf.ext 

• Editing /etc/dovecot/dovecot-ldap.conf.ext

hosts = ldap.jumpcloud.com
dn = uid=samplebinduser,ou=Users,o=sampleorganizationid,dc=jumpcloud,dc=com
dnpass = samplebinduser
tls = yes
debug_level = -1
auth_bind = yes
ldap_version = 3
base = o=sampleorganizationid,dc=jumpcloud,dc=com
deref = never
scope = subtree
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=posixAccount)(uid=%n))
pass_attrs = mail=user,userPassword=password
pass_filter = (&(objectClass=posixAccount)(uid=%n))
default_pass_scheme = BLF-CRYPT

Btw, I just figured that the internal error is due the fact that I commented !include auth-sql.conf.ext in 10-auth.conf. After uncommenting it, my ldap user can open webmail page and send/receive emails. I thought sql and ldap are different authentication mechanism(sql is for local user?) and shouldn't affect each other. Do you have any idea why commenting !include auth-sql.conf.ext makes IMAP try to create user folder in /home?

Oct 14 07:15:24 localhost dovecot[5022]: imap(tester@yiminfan.tech): Error: User initialization failed: Namespace '': mkdir(/home/tester/Maildir) failed: Permission denied (euid=5007(<unk...0:0 mode=0755)

Also, even though the ldap user can now log in to Modoboa administration and webmail, I can still notice some ldap errors from dovecot status:

● dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2017-10-14 07:35:51 UTC; 37s ago
     Docs: man:dovecot(1)
           http://wiki2.dovecot.org/
  Process: 6959 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
  Process: 6964 ExecStart=/usr/sbin/dovecot (code=exited, status=0/SUCCESS)
 Main PID: 6966 (dovecot)
   CGroup: /system.slice/dovecot.service
           ├─6966 /usr/sbin/dovecot
           ├─6984 dovecot/anvil
           ├─6985 dovecot/log
           ├─6987 dovecot/config
           ├─7059 dovecot/imap-login
           ├─7060 dovecot/auth
           ├─7063 dovecot/ssl-params
           └─7064 dovecot/imap postlogin

Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: ** ld 0x55b2b02e01d0 Outstanding Requests:
Oct 14 07:36:28 localhost dovecot[6985]: auth: Error:    Empty
Oct 14 07:36:28 localhost dovecot[6985]: auth: Error:   ld 0x55b2b02e01d0 request count 0 (abandoned 0)
Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: ** ld 0x55b2b02e01d0 Response Queue:
Oct 14 07:36:28 localhost dovecot[6985]: auth: Error:    Empty
Oct 14 07:36:28 localhost dovecot[6985]: auth: Error:   ld 0x55b2b02e01d0 response count 0
Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: ldap_chkResponseList ld 0x55b2b02e01d0 msgid -1 all 0
Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: ldap_chkResponseList returns ld 0x55b2b02e01d0 NULL
Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: ldap_int_select
Oct 14 07:36:28 localhost dovecot[6985]: imap-login: Login: user=<tester@yiminfan.tech>, method=PLAIN, rip=70.79.37.210, lip=23.92.24.49, mpid=7064, TLS, session=<oRTT1HxbytNGTyXS>

Any idea what is going on?

Thanks,
YiMin

<!-- gh-comment-id:336617131 --> @yiminfantw commented on GitHub (Oct 14, 2017): Ya, the Modoboa ldap only works for Modoboa administration and has nothing to do with webmail (because dovecot takes different ldap config). Here is how I set it up, took me a while and looked up many internet resources though: - Editing /etc/dovecot/conf.d/10-auth.conf ``` #!include auth-sql.conf.ext !include auth-ldap.conf.ext ``` - Editing /etc/dovecot/dovecot-ldap.conf.ext ``` hosts = ldap.jumpcloud.com dn = uid=samplebinduser,ou=Users,o=sampleorganizationid,dc=jumpcloud,dc=com dnpass = samplebinduser tls = yes debug_level = -1 auth_bind = yes ldap_version = 3 base = o=sampleorganizationid,dc=jumpcloud,dc=com deref = never scope = subtree user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%n)) pass_attrs = mail=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%n)) default_pass_scheme = BLF-CRYPT ``` Btw, I just figured that the internal error is due the fact that I commented `!include auth-sql.conf.ext` in 10-auth.conf. After uncommenting it, my ldap user can open webmail page and send/receive emails. I thought sql and ldap are different authentication mechanism(sql is for local user?) and shouldn't affect each other. Do you have any idea why commenting `!include auth-sql.conf.ext` makes IMAP try to create user folder in /home? ``` Oct 14 07:15:24 localhost dovecot[5022]: imap(tester@yiminfan.tech): Error: User initialization failed: Namespace '': mkdir(/home/tester/Maildir) failed: Permission denied (euid=5007(<unk...0:0 mode=0755) ``` Also, even though the ldap user can now log in to Modoboa administration and webmail, I can still notice some ldap errors from dovecot status: ``` ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2017-10-14 07:35:51 UTC; 37s ago Docs: man:dovecot(1) http://wiki2.dovecot.org/ Process: 6959 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS) Process: 6964 ExecStart=/usr/sbin/dovecot (code=exited, status=0/SUCCESS) Main PID: 6966 (dovecot) CGroup: /system.slice/dovecot.service ├─6966 /usr/sbin/dovecot ├─6984 dovecot/anvil ├─6985 dovecot/log ├─6987 dovecot/config ├─7059 dovecot/imap-login ├─7060 dovecot/auth ├─7063 dovecot/ssl-params └─7064 dovecot/imap postlogin Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: ** ld 0x55b2b02e01d0 Outstanding Requests: Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: Empty Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: ld 0x55b2b02e01d0 request count 0 (abandoned 0) Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: ** ld 0x55b2b02e01d0 Response Queue: Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: Empty Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: ld 0x55b2b02e01d0 response count 0 Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: ldap_chkResponseList ld 0x55b2b02e01d0 msgid -1 all 0 Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: ldap_chkResponseList returns ld 0x55b2b02e01d0 NULL Oct 14 07:36:28 localhost dovecot[6985]: auth: Error: ldap_int_select Oct 14 07:36:28 localhost dovecot[6985]: imap-login: Login: user=<tester@yiminfan.tech>, method=PLAIN, rip=70.79.37.210, lip=23.92.24.49, mpid=7064, TLS, session=<oRTT1HxbytNGTyXS> ``` Any idea what is going on? Thanks, YiMin

kerem commented 2026-02-27 11:14:50 +03:00

Author

Owner

Copy link

@tonioo commented on GitHub (Oct 27, 2017):

I think your LDAP config file does not declare any userdb lookup. So, if you deactivate the sql default one, there is no userdb at all. In this case, and because the authentication works, dovecot tries to initiate a mailbox in the user home directory (default behaviour).

<!-- gh-comment-id:340041178 --> @tonioo commented on GitHub (Oct 27, 2017): I think your LDAP config file does not declare any userdb lookup. So, if you deactivate the sql default one, there is no userdb at all. In this case, and because the authentication works, dovecot tries to initiate a mailbox in the user home directory (default behaviour).

kerem commented 2026-02-27 11:14:50 +03:00

Author

Owner

Copy link

@tonioo commented on GitHub (Oct 27, 2017):

And regarding your errors, I don't know. I think you should ask on dovecot mailing list, you'll certainly have a better answer there.

<!-- gh-comment-id:340041367 --> @tonioo commented on GitHub (Oct 27, 2017): And regarding your errors, I don't know. I think you should ask on dovecot mailing list, you'll certainly have a better answer there.

kerem referenced this issue 2026-02-27 11:20:51 +03:00

[PR #1029] [CLOSED] Dovecot MySQL queries update #2095

kerem referenced this issue 2026-02-27 11:20:52 +03:00

[PR #1039] [MERGED] Fixed queries. #2098

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

fix/sievefilters-allow-email-in-rule-name

dependabot/npm_and_yarn/frontend/axios-1.15.0

translations_04c0b653215cb5fa48ab101eae1a1917_ja_JP

translations_5d93982e9fd6dab991db4faf93ce9ded_ja_JP

fix/login-issue-3995

fix/sievefilters-issues

add-vitepress-openapi

2974-dmarc-empty-email

2.3.x

updated-doc-2.3.0

feature/OIDC

delete-all-alarms

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_af_ZA

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ar

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ca

1.x

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_sk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_tr

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_es_ES

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_uk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_zh_CN

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_de_DE

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_da_DK

1.8.x

1.7.x

1.6.x

1.4.x

1.3.x

1.2.x

2.8.2

2.8.1

2.8.0

2.7.2

2.7.1

2.7.0

2.6.5

2.6.4

2.6.3

2.6.2

2.6.1

2.6.0

2.5.1

2.5.0

2.4.11

2.4.10

2.4.9

2.4.8

2.4.7

2.4.6

2.4.5

2.4.4

2.4.3

2.4.2

2.4.1

2.4.0

2.3.6

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.3.0-beta.4

2.3.0-beta.3

2.3.0-beta.2

2.3.0-beta.1

2.2.4

2.2.3

2.2.2

2.2.1

2.2.0

2.1.2

2.1.1

2.1.0

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

2.0.0-beta.3

2.0.0-beta.2

2.0.0-beta.1

1.17.0

1.16.1

1.16.0

1.15.0

1.14.0

1.13.1

1.13.0

1.12.2

1.12.1

1.12.0

1.11.1

1.11.0

1.10.7

1.10.6

1.10.5

1.10.4

1.10.3

1.10.2

1.10.1

1.10.0

1.9.1

1.9.0

1.8.3

1.8.2

1.8.1

1.8.0

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.3

1.6.2

1.6.1

1.6.0

1.5.3

1.5.2

1.5.1

1.5.0

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.5

1.3.4

1.2.2

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.2.0-rc2

1.2.0-rc1

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8.8

0.8.7

0.8.6.1

0.8.6

0.8.5

0.8.4

0.8.3

0.8.3-rc1

0.8.2

0.8.1

0.8

0.8-rc2

0.8-rc1

0.7.2

0.7.1

0.7

0.6.1

0.6

0.5

0.3

0.2

0.1

Labels

Clear labels   

bug

  

bug

  

dependencies

  

design

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

feedback-needed

  

help-needed

  

help-needed

  

installer

  

invalid

  

looking-for-sponsors

  

modoboa-contacts

  

new-ui

  

new-ui

  

pr

  

pull-request

Mirrored from GitHub Pull Request

  

pyconfr

  

python

  

question

  

security

  

stale

  

webmail

  

wontfix

No labels

bug

bug

dependencies

design

documentation

duplicate

enhancement

enhancement

enhancement

feedback-needed

help-needed

help-needed

installer

invalid

looking-for-sponsors

modoboa-contacts

new-ui

new-ui

pr

pull-request

pyconfr

python

question

security

stale

webmail

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/modoboa-modoboa#1029

No description provided.