Dovecot & LDAP Take #2: Authentication failed and logging
Paolo Cravero
paolo.cravero at csi.it
Fri Feb 27 15:00:59 UTC 2015
This is the user DN:
> cn=Klara Fall,ou=People,dc=[domainname],dc=de
According to your Dovecot configuration
> auth_bind_userdn = cn=%u,ou=People,dc=**[domainname]**,dc=de
if you login with "klarafall" it will be expanded into
cn=klarafall,ou=People,dc=[domainname],dc=de
which is not the correct DN for Mrs Klara.
So if you login with "Klara Fall" it should work, but that will probably
mess up the things on Dovecot filesystem.
I am strongly against setting a static DN when dealing with LDAP
authentication. LDAP servers are optimized to serve search requests, so let
yours do the job. Allow Dovecot to lookup the correct DN based on the
attribute you supply (uid) and then authenticate.
This should be achieved if you comment out the auth_bind_userdn line.
Paolo Cravero
More information about the dovecot
mailing list