<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8"><title></title><meta name="GENERATOR" content="OpenOffice.org 1.1.2 (Linux)"><meta name="CREATED" content="20060608;16433000"><meta name="CHANGED" content="16010101;0">
<style>
<!--
@page { size: 8.27in 11.69in; margin: 0.79in }
P { margin-bottom: 0.08in }
-->
</style>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">I
have a Samba PDC with LDAP (samba version 3.0.21c with Openldap
2.3.19). where i have all the users.<br>
I
have configured sendmail on another system with dovecot as IMAP and
POP3 server. I wanted<br>
to
enable user authentication from LDAP server which is on samba PDC.</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><br>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">So
configured /etc/dovecot.conf </font></font>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">################################################################</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">protocols
= pop3 imap<br>
imap_listen
= [::]<br>
pop3_listen
= [::]<br>
login_dir
= /var/run/dovecot-login<br>
login
= imap<br>
login_user
= testuser<br>
login
= pop3<br>
verbose_proctitle
= yes<br>
maildir_copy_with_hardlinks
= yes<br>
mbox_locks
= fcntl<br>
auth
= default<br>
auth_mechanisms
= plain digest-md5<br>
auth_userdb
= ldap /etc/dovecot-ldap.conf<br>
auth_passdb
= ldap /etc/dovecot-ldap.conf<br>
auth_user
= dovecot<br>
auth_username_chars
= abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@<br>
################################################################</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">configured
/etc/dovecot-ldap.conf<br>
#######################################################################<br>
#
NOTE: We don't support "authentication binds", so you'll
have to give<br>
#
dovecot-auth read access to userPassword field in LDAP server. With
OpenLDAP<br>
#
this is done by modifying /etc/ldap/slapd.conf. There should already
be<br>
#
something like this:<br>
#</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
access to attribute=userPassword<br>
#
by dn="<dovecot's dn>" read # add this<br>
#
by anonymous auth<br>
#
by self write<br>
#
by * none</font></font><br>
<br>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Space separated list of LDAP hosts to use. host:port is allowed too.<br>
hosts
= <a href="http://192.168.129.18">192.168.129.18</a></font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><br>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Distinguished Name - the username used to login to the LDAP server</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">dn
= uid=root,ou=People,dc=msdpl,dc=com</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><br>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Password for LDAP server</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">dnpass
= mobil5@b1d</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><br>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
LDAP protocol version to use. Likely 2 or 3.</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">ldap_version
= 3</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><br>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
LDAP base</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">base
= dc=msdpl,dc=com</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><br>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Dereference: never, searching, finding, always</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">deref
= never</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><br>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Search scope: base, onelevel, subtree</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">scope
= subtree</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
User attributes in order:</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Virtual user name (user@domain)</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Home directory</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
MAIL environment</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
System user name (for initgroups())</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
System UID</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
System GID</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#user_attrs
= uid,homeDirectory,,uid,uidNumber,gidNumber</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">user_attrs
= uid,homeDirectory,,uid,,</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><br>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Filter for user lookup. Some variables can be used:</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
%u - username</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
%n - user part in user@domain, same as %u if there's no domain</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
%d - domain part in user@domain, empty if user there's no domain</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">user_filter
= (&(objectClass=posixAccount)(uid=%u))</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#ser_filter
= (&(objectClass=sambaSamAccount)(uid=%u))</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><br>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Password checking attributes in order:</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Virtual user name (user@domain)</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Password, may optionally start with {type}, eg. {crypt}</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">pass_attrs
= uid,userPassword</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><br>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Filter for password lookups</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#pass_filter
= (&(objectClass=posixAccount)(uid=%u))</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><br>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Default password scheme. "{scheme}" before password
overrides this.</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5,
CRYPT</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#default_pass_scheme
= CRYPT</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><br>
</p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
You can use same UID and GID for all user accounts if you really want
to.</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#
If the UID/GID is still found from LDAP reply, it overrides these
values.</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#user_global_uid
= 100</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#user_global_gid
= 100</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">#######################################################################</font></font></p>
The following is the error when we check using <br>
[root]#telnet mymailserverip 110<br>
Trying <a href="http://192.168.129.248">192.168.129.248</a><br>
Connected to <a href="http://testmail.mydomain.com">testmail.mydomain.com</a> (<a href="http://192.168.129.248">192.168.129.248</a>)<br>
Escape character is '^]`.<br>
user dcadmin<br>
pass mypass<br>
ERR-Authentication Failure<br>
<br>
The following is the log output of /var/log/maillog<br>
#########################################################################<br>
Jun
8 13:09:16 testmail dovecot-auth: ldap(dcadmin): No password in
reply<br>
Jun
8 13:10:16 testmail pop3-login: Disconnected: Inactivity
[::ffff:<a href="http://127.0.0.1">127.0.0.1</a>]<br>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">Jun
8 13:10:26 testmail dovecot-auth: ldap(root): No password in reply<br>
Jun
8 13:11:26 testmail pop3-login: Disconnected: Inactivity
[::ffff:<a href="http://127.0.0.1">127.0.0.1</a>]<br>
Jun
8 13:11:38 testmail dovecot-auth: LDAP: ldap_result() failed: Can't
contact LDAP server<br>
Jun
8 13:13:46 testmail dovecot-auth: ldap(root): No password in reply<br>
Jun
8 13:13:46 testmail imap-login: Disconnected [::ffff:<a href="http://127.0.0.1">127.0.0.1</a>]<br>
Jun
8 13:14:03 testmail dovecot-auth: ldap(dcadmin): No password in
reply<br>
Jun
8 13:14:03 testmail imap-login: Disconnected [::ffff:<a href="http://127.0.0.1">127.0.0.1</a>]<br>
############################################################################<br>
</font></font></p>
<p style="margin-bottom: 0in;" align="left" lang="en-US"><font face="Arial, sans-serif"><font size="2">Regards<br>
Niranjan<br>
<br>
</font></font></p>