if I use this query, it works:
thierry#thierry-VirtualBox:~$ ldapsearch -x -w myPassword -D 'uid=matt,ou=Users,dc=example,dc=com' -Z -b 'uid=matt,ou=Users,dc=example,dc=com' -LLL
dn: uid=matt,ou=Users,dc=example,dc=com
ou: Users
uid: matt
cn: Matt Butcher
sn: Butcher
givenName: Matt
givenName: Matthew
displayName: Matt Butcher
…
but if I use this one, I do not have an issue, but the result is different from the one in the first search. Why ?
thierry#thierry-VirtualBox:~$ ldapsearch -x -w myPassword -D 'uid=matt,ou=Users,dc=example,dc=com' -Z -b 'ou=Users,dc=example,dc=com' '(uid=matt)'
# extended LDIF
#
# LDAPv3
# base <ou=Users,dc=example,dc=com> with scope subtree
# filter: (uid=matt)
# requesting: ALL
#
# search result
search: 3
result: 32 No such object
# numResponses: 1
Thank you for your help.
my slapd.conf
thierry#thierry-VirtualBox:/etc/ldap$ cat slapd.conf
# slapd.conf - Configuration file for LDAP SLAPD
##########
# Basics #
##########
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel stats
modulepath /usr/lib/ldap
# modulepath /usr/local/libexec/openldap
moduleload back_mdb.la
###########
# SSL/TLS #
###########
TLSCACertificatePath /etc/ssl/certs/
TLSCertificateFile /etc/ldap/example.com.cert.pem
TLSCertificateKeyFile /etc/ldap/example.com.key.pem
##########################
# Database Configuration #
##########################
database mdb
suffix "dc=example,dc=com"
security ssf=112
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
# directory /usr/local/var/openldap-data
index objectClass,cn eq
########
# ACLs #
########
access to attrs=userPassword
by * auth
by anonymous auth
by dn="uid=authenticate,ou=system,dc=example,dc=com" auth
by self write
by * none
access to *
by self write
by anonymous read
by dn="uid=authenticate,ou=System,dc=example,dc=com" read
by * none
authz-policy from
authz-regexp
"^uid=([^,]+).*,cn=auth$"
"uid=$1,ou=Users,dc=example,dc=com"
and my ldap.conf
thierry#thierry-VirtualBox:/etc/ldap$ cat ldap.conf
# LDAP Client Settings
URI ldap://localhost
BASE dc=example,dc=com
BINDDN cn=Manager,dc=example,dc=com
SIZELIMIT 0
TIMELIMIT 0
TLS_CACERTDIR /etc/ssl/certs
TLS_REQCERT allow
Related
We have an openstack cluster build with openstack ansible, we are very happy with it. Actually i am trying to set an VPN. We have activate all necessary thing and tried successfully between our openstack and a sonicwall. We are trying now with a customer unfortunately the connection don't come up and i am looking to find some log but it seems that's nothing is logged.
We are on Openstack Ussuri and Ubuntu 20.04
We have activate Strongswan
Below some config file:
Controller-node:
/etc/neutron/neutron.conf
[DEFAULT]
# Disable stderr logging
use_stderr = false
debug = true
publish_errors = true
fatal_deprecations = False
use_journal = True
## Rpc all
executor_thread_pool_size = 64
rpc_response_timeout = 60
transport_url = hide
# Domain to use for building hostnames
dns_domain = openstacklocal
# Agent
[agent]
polling_interval = 5
report_interval = 60
root_helper = sudo /openstack/venvs/neutron-21.0.0/bin/neutron-rootwrap
/etc/neutron/rootwrap.conf
root_helper_daemon = sudo /openstack/venvs/neutron-21.0.0/bin/neutron-
rootwrap-daemon /etc/neutron/rootwrap.conf
# Messaging
[oslo_messaging_rabbit]
ssl = True
rpc_conn_pool_size = 30
# Notifications
[oslo_messaging_notifications]
topics = notifications
driver = messagingv2
transport_url = hide
# Concurrency (locking mechanisms)
[oslo_concurrency]
lock_path = /var/lock/neutron
/etc/neutron/l3_agent.ini:
[DEFAULT]
debug = True
# Drivers
interface_driver = linuxbridge
agent_mode = legacy
# Conventional failover
allow_automatic_l3agent_failover = True
# HA failover
ha_confs_path = /var/lib/neutron/ha_confs
ha_vrrp_advert_int = 2
ha_vrrp_auth_password = hide
ha_vrrp_auth_type = PASS
# Metadata
enable_metadata_proxy = True
# L3 plugins
# VPNaaS
[vpnagent]
vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver
[AGENT]
extensions = vpnaas
/etc/neutron/neutron_vpnaas.conf:
[service_providers]
service_provider = VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
/etc/neutron/rootwrap.conf:
[DEFAULT]
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
# Enable logging to syslog
# Default value is False
use_syslog = False
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility = syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level = ERROR
# Rootwrap daemon exits after this seconds of inactivity
daemon_timeout = 600
filters_path = /etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap
exec_dirs = /openstack/venvs/neutron- 21.0.0/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin
[xenapi]
# XenAPI configuration is only required by the L2 agent if it is to
# target a XenServer/XCP compute host's dom0.
xenapi_connection_url = <None>
xenapi_connection_username = root
xenapi_connection_password = <None>
/openstack/venvs/neutron-21.0.0/lib/python3.8/site-packages/neutron_vpnaas/services/vpn/device_drivers/template/strongswan/ipsec.conf.template:
# Configuration for {{vpnservice.id}}
config setup
charondebug="ike 4, knl 4,net 4,enc 4,chd 4,esp 4,cfg 2,dmn 4,mgr 4,asn 4"
conn %default
keylife=20m
rekeymargin=3m
keyingtries=1
authby=psk
mobike=no
{% for ipsec_site_connection in vpnservice.ipsec_site_connections%}
conn {{ipsec_site_connection.id}}
keyexchange={{ipsec_site_connection.ikepolicy.ike_version}}
left={{ipsec_site_connection.external_ip}}
leftsubnet={{ipsec_site_connection['local_cidrs']|join(',')}}
leftid={{ipsec_site_connection.local_id}}
leftfirewall=yes
right={{ipsec_site_connection.peer_address}}
rightsubnet={{ipsec_site_connection['peer_cidrs']|join(',')}}
rightid={{ipsec_site_connection.peer_id}}
auto=route
dpdaction={{ipsec_site_connection.dpd_action}}
dpddelay={{ipsec_site_connection.dpd_interval}}s
dpdtimeout={{ipsec_site_connection.dpd_timeout}}s
ike={{ipsec_site_connection.ikepolicy.encryption_algorithm}}-{{ipsec_site_connection.ikepolicy.auth_algorithm}}-{{ipsec_site_connection.ikepolicy.pfs}}
ikelifetime={{ipsec_site_connection.ikepolicy.lifetime_value}}s
{%- if ipsec_site_connection.ipsecpolicy.transform_protocol == "ah" %}
ah={{ipsec_site_connection.ipsecpolicy.auth_algorithm}}-{{ipsec_site_connection.ipsecpolicy.pfs}}
{%- else %}
esp={{ipsec_site_connection.ipsecpolicy.encryption_algorithm}}-{{ipsec_site_connection.ipsecpolicy.auth_algorithm}}-{{ipsec_site_connection.ipsecpolicy.pfs}}
{%- endif %}
lifetime={{ipsec_site_connection.ipsecpolicy.lifetime_value}}s
type={{ipsec_site_connection.ipsecpolicy.encapsulation_mode}}
{% endfor %}
If someone can help me to activate log that's will be great
Thanks
I've finally managed to activate the log, below my config in addition of the first post:
On controllers:
/etc/strongswan.d/charon-logging.conf
charon {
# Section to define file loggers, see LOGGER CONFIGURATION in
# strongswan.conf(5).
filelog {
# <name> may be the full path to the log file if it only contains
# characters permitted in section names. Is ignored if path is
# specified.
charon {
# Loglevel for a specific subsystem.
# <subsystem> = <default>
# If this option is enabled log entries are appended to the existing
# file.
append = no
# Default loglevel.
default = 3
# Enabling this option disables block buffering and enables line
# buffering.
flush_line = yes
# Prefix each log entry with the connection name and a unique
# numerical identifier for each IKE_SA.
ike_name = yes
# Optional path to the log file. Overrides the section name. Must be
# used if the path contains characters that aren't allowed in
# section names.
path = /var/log/charon-ike.log
# Adds the milliseconds within the current second after the
# timestamp (separated by a dot, so time_format should end with %S
# or %T).
time_add_ms = yes
# Prefix each log entry with a timestamp. The option accepts a
# format string as passed to strftime(3).
time_format = %b %e %T
}
}
# Section to define syslog loggers, see LOGGER CONFIGURATION in
# strongswan.conf(5).
syslog {
# Identifier for use with openlog(3).
# identifier = CHARON
# <facility> is one of the supported syslog facilities, see LOGGER
# CONFIGURATION in strongswan.conf(5).
# auth {
# Loglevel for a specific subsystem.
# <subsystem> = <default>
# Default loglevel.
# default = 2
# Prefix each log entry with the connection name and a unique
# numerical identifier for each IKE_SA.
# ike_name = yes
# }
}
}
And most important:
sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.charon
With this config you will have a log file under /var/log/charon-ike.log .
Maybe you need to restart neutron
Thanks for the help ;)
This it not an answer but it makes it more readable. We didn't touch the charon configs, but this is the /etc/strongswan.d/charon-logging.conf:
charon {
# Section to define file loggers, see LOGGER CONFIGURATION in
# strongswan.conf(5).
filelog {
# <filename> is the full path to the log file.
# <filename> {
# Loglevel for a specific subsystem.
# <subsystem> = <default>
# If this option is enabled log entries are appended to the existing
# file.
# append = yes
# Default loglevel.
# default = 1
# Enabling this option disables block buffering and enables line
# buffering.
# flush_line = no
# Prefix each log entry with the connection name and a unique
# numerical identifier for each IKE_SA.
# ike_name = no
# Prefix each log entry with a timestamp. The option accepts a
# format string as passed to strftime(3).
# time_format =
# }
}
# Section to define syslog loggers, see LOGGER CONFIGURATION in
# strongswan.conf(5).
syslog {
# Identifier for use with openlog(3).
# identifier =
# <facility> is one of the supported syslog facilities, see LOGGER
# CONFIGURATION in strongswan.conf(5).
# <facility> {
# Loglevel for a specific subsystem.
# <subsystem> = <default>
# Default loglevel.
# default = 1
# Prefix each log entry with the connection name and a unique
# numerical identifier for each IKE_SA.
# ike_name = no
# }
}
}
I'm trying to schedule an expect script that I have written with Cron. It is not working as expected. This is my code, my entry in the cron file, and the shell file containing the command to run the script. Any help is appreciated.
#!/usr/bin/expect
# Set timeout
set timeout 1
# Set the user and pass
set user "user"
set pass "pass"
# Get the lists of hosts, one per line
set f [open "hosts.txt"]
set hosts [split [read $f] "\n"]
close $f
# Get the commands to run, one per line
set f [open "commands.txt"]
set commands [split [read -nonewline $f] "\n"]
close $f
# Iterate over the hosts
foreach host $hosts {
# Establish ssh conn
spawn ssh $user#$host
expect "password:"
send "$pass\r"
# Iterate over the commands
foreach cmd $commands {
expect "$ "
send "$cmd\r"
expect "password:"
send "$pass\r"
expect "$ "
}
}
0,15,30,45 * * * * /home/car02fv/updatelogs.sh #fetch application logs (dbg,api,ch)
#!/bin/sh
rm goxsd1697/* goxsd1698/* goxsd1699/* goxsd1700/* | /home/car02fv/getlogs.sh
This answer comes from the discussion I had with Camilo above.
To check the error log and running the script every 15 minutes,
*/15 * * * * /home/car02fv/updatelogs.sh >/tmp/cron_out 2>&1
was run to check the output file /tmp/cron_out, using
vi /tmp/cron_out
Also, you need to give permission to the file by chmod u+x /home/car02fv/updatelogs.sh to make the script executable.
You are not providing the full path to the files you need to read. Cron scripts usually have PWD as /.
Assuming the "hosts.txt" and "commands.txt" are in /home/car02fv, you can do
0,15,30,45 * * * * cd /home/car02fv && ./updatelogs.sh
However, this is more robust: assuming you keep those text files in the same place as the script file: add to the expect script (near the top)
set dir [file dirname [info script]]
then, open the files like this:
set hostfile [file join $dir hosts.txt]
if {![file exists $hostfile]} {error "$hostfile does not exist"}
set f [open $hostfile]
# ...
set cmdfile [file join $dir commands.txt]
if {![file exists $cmdfile]} {error "$cmdfile does not exist"}
set f [open $hoscmdfiletfile]
and the cron entry stays like you have it.
BTW, ".sh" is a misleading file extension for an expect file.
#!/bin/sh
while true; do
rm goxsd1697/* goxsd1698/* goxsd1699/* goxsd1700/* | /home/car02fv/getlogs.sh
sleep 120
done
I am trying to generate the lets-encrypt certificate and here are the steps that I followed:
Under /srv/salt/pillars/minion I added the file init.sls
letsencrypt:
config: |
email = email
auth:
method: standalone
type: http-01
port: 8080
agree-tos = True
renew-by-default = True
domainsets:
mydomain:
- mydomain.com
After that I updated the salt_pillar:
# . update_salt.sh
# salt 'minion' state.sls letsencrypt
I got this result:
ID: letsencrypt-crontab-mydomain.com
Function: cron.present
Name: /usr/local/bin/renew_letsencrypt_cert.sh mydomain.com
Result: False
Comment: One or more requisite failed: letsencrypt.domains.create-initial-
cert-mydomain.com
Started:
Duration:
Changes:
------------
ID: create-fullchain-privkey-pem-for-mydomain.com
Function: cmd.run
Name: cat /etc/letsencrypt/live/mydomain.com/fullchain.pem \
/etc/letsencrypt/live/mydomain.com/privkey.pem \
> /etc/letsencrypt/live/mydomain.com/fullchain-privkey.pem && \
chmod 600 /etc/letsencrypt/live/mydomain.com/fullchain-privkey.pem
Result: False
Comment: One or more requisite failed: letsencrypt.domains.create-initial-cert-mydomain.com
Started:
Duration:
Changes:
What should I modify in my configuration to get the certificate?
I'm setting up my mail server and I followed that tutorial https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql to help me doing so. Everything went fine during the setup and configuration but when it went to test problem started. From what I've tested I can log in just fine and the logs shows me that the connection has been accepted, but when I want to receive or to send a email I start to see errors like the following line :
server postfix/smtpd[28557]: error: unsupported dictionary type: lmtp
I searched a lot online but I can't seems to find any resources about that specific error. Running postconf -m doesn't show me "lmtp" but I'm not sure if it's normal or not.
Would anyone have any suggestions?
Here are my configuration files :
main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_cert_file=/etc/dovecot/dovecot.pem
smtpd_tls_key_file=/etc/dovecot/private/dovecot.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
#Enabling SMTP for authenticated users, and handing off authentication to Dovecot
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
#Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp
#Virtual domains, users, and aliases
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = server.brunodelor.info
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost
relayhost =
#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
submission inet n - - - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup unix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
dovecot.conf
## Dovecot configuration file
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
protocols = imap lmtp
##
## Dictionary server settings
##
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
# Most of the actual configuration gets included below. The filenames are
# first sorted by their ASCII value and parsed in that order. The 00-prefixes
# in filenames are intended to make it easier to understand the ordering.
!include conf.d/*.conf
# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf
10-master.conf
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
#port = 993
#ssl = yes
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
#port = 995
#ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
# Create inet listener only if you can't use the above UNIX socket
#inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
#address =
#port =
#}
}
service imap {
# Most of the memory goes to mmap()ing files. You may need to increase this
# limit if you have huge mailboxes.
#vsz_limit = $default_vsz_limit
# Max. number of IMAP processes (connections)
#process_limit = 1024
}
service pop3 {
# Max. number of POP3 processes (connections)
#process_limit = 1024
}
service auth {
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
#group = vmail
}
# Postfix smtp-auth
#unix_listener /var/spool/postfix/private/auth {
# mode = 0666
#}
# Auth process is run as this user.
user = dovecot
}
service auth-worker {
# Auth worker process is run as root by default, so that it can access
# /etc/shadow. If this isn't necessary, the user should be changed to
# $default_internal_user.
user = vmail
}
service dict {
# If dict proxy is used, mail processes should have access to its socket.
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
unix_listener dict {
#mode = 0600
#user =
#group =
}
}
10-mail.conf
##
## Mailbox locations and namespaces
##
# Location for users' mailboxes. The default is empty, which means that Dovecot
# tries to find the mailboxes automatically. This won't work if the user
# doesn't yet have any mail, so you should explicitly tell Dovecot the full
# location.
#
mail_location = maildir:/var/mail/vhosts/%d/%n
# If you need to set multiple mailbox locations or want to change default
# namespace settings, you can do it by defining namespace sections.
#
# You can have private, shared and public namespaces. Private namespaces
# are for user's personal mails. Shared namespaces are for accessing other
# users' mailboxes that have been shared. Public namespaces are for shared
# mailboxes that are managed by sysadmin. If you create any shared or public
# namespaces you'll typically want to enable ACL plugin also, otherwise all
# users can access all the shared mailboxes, assuming they have permissions
# on filesystem level to do so.
namespace inbox {
# Namespace type: private, shared or public
#type = private
# Hierarchy separator to use. You should use the same separator for all
# namespaces or some clients get confused. '/' is usually a good one.
# The default however depends on the underlying mail storage format.
#separator =
# Prefix required to access this namespace. This needs to be different for
# all namespaces. For example "Public/".
#prefix =
# Physical location of the mailbox. This is in same format as
# mail_location, which is also the default for it.
#location =
# There can be only one INBOX, and this setting defines which namespace
# has it.
inbox = yes
}
Thanks for reading :)
You should remove space at beginning of the line:
virtual_transport = lmtp:unix:private/dovecot-lmtp
And the same for next lines.
i have problem with deploying symfony2 app to my server with capifony. I tried to pull with git directly to my server and that works.
here is my deploy.rb file
# Sylius default deployment configuration.
# Capifony documentation: http://capifony.org
# Capistrano documentation: https://github.com/capistrano/capistrano/wiki
# Be more verbose by uncommenting the following line
# logger.level = Logger::MAX_LEVEL
set :application, "myapp"
set :domain, "xx.xx.xx.xx"
set :deploy_to, "/home/user"
set :user, "user"
role :web, domain
role :app, domain
role :db, domain, :primary => true
set :scm, :git
set :repository, "user#xxx.xxx.xxx.xx:/var/www/user/user.git"
set :branch, "master"
set :deploy_via, :remote_cache
ssh_options[:forward_agent] = true
set :use_composer, true
set :update_vendors, true
set :dump_assetic_assets, true
set :writable_dirs, ["app/cache", "app/logs"]
set :webserver_user, "www-data"
set :permission_method, :acl
set :shared_files, ["app/config/parameters.yml", "web/.htaccess", "web/robots.txt"]
set :shared_children, ["app/logs"]
set :model_manager, "doctrine"
set :use_sudo, false
set :keep_releases, 3
before 'symfony:composer:update', 'symfony:copy_vendors'
namespace :symfony do
desc "Copy vendors from previous release"
task :copy_vendors, :except => { :no_release => true } do
if Capistrano::CLI.ui.agree("Do you want to copy last release vendor dir then do composer install ?: (y/N)")
capifony_pretty_print "--> Copying vendors from previous release"
run "cp -a #{previous_release}/vendor #{latest_release}/"
capifony_puts_ok
end
end
end
after "deploy:update", "deploy:cleanup"
after "deploy", "deploy:set_permissions"
and here is my error
failed: "sh -c 'if [ -d /home/user/shared/cached-copy ]; then cd /home/user/shared/cached-copy && git fetch -q origin && git fetch --tags -q origin && git reset -q --hard f90495dc7d5c62d1bc61415b5c10b762a7e96ee6 && git clean -q -d -x -f; else git clone -q -b master user#xx.xx.xx.xx:/var/www/user/user.git /home/user/shared/cached-copy && cd /home/user/shared/cached-copy && git checkout -q -b deploy f90495dc7d5c62d1bc61415b5c10b762a7e96ee6; fi'" on xxx.xxx.xxx.xxx
I also tried to run this on my server directly through ssh and that works well.
Any idea? thnx
You don't seem to have set your SSH password. Either put the setting in your deploy.rb (not recommended) or let capifony ask you for it:
#set :password, "password" # the ssh password
set(:password){ Capistrano::CLI.password_prompt("Type your SSH password for user \"#{user}\": ") }
It's easier to find what's causing your deployment to fail if you increase the log verbosity level using the logger.level setting in your deploy.rb.
# IMPORTANT = 0
# INFO = 1
# DEBUG = 2
# TRACE = 3
# MAX_LEVEL = 3
logger.level = Logger::MAX_LEVEL
( documentation )