<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 10 (filtered)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 69.6pt 72.0pt 69.6pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Hi,</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>I first posted this problem a day or two ago and have
not seen any responses yet.</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>To clarify my problem, I am authenticating virtual
users against Active Directory on Win2k3, where their login id is their email
address. I am using an almost identical setup to Suranga's below, however my
initial bind user doesn’t have access to the userPassword attribute, so I
am using:</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>auth_bind = yes</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>This is working fine when users enter their correct
email address & password, or if the email address is not found, however if
a valid email address is given but the password is incorrect, it seems to kill
something in the ldap_auth code as all further connections get a temporary
authentication error at the client, and the following in /var/log/maillog:</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Aug 18 </span></font><span lang=EN-GB>13:04:31</span><span
lang=EN-GB> gm-ho-lin-06 dovecot: auth(default): client in:
AUTH 1 PLAIN service=IMAP secured
lip=::ffff:127.0.0.1 rip=::ffff:127.0.0.1 resp=ADA5OTlAc3RvcmVzLmdhbWUuY28udWsAOTk5MA==</span></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Aug 18 13:04:31 gm-ho-lin-06 dovecot: auth(default): ldap(</span></font><span
lang=EN-GB>0999@stores.game.co.uk</span><span lang=EN-GB>,::ffff:127.0.0.1):
bind search: base=OU=Stores,OU=UK,DC=group,DC=game,DC=net filter=(&(objectClass=user)(mail=</span><span
lang=EN-GB>0999@stores.game.co.uk</span><span lang=EN-GB>))</span></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Aug 18 13:04:31 gm-ho-lin-06 dovecot: auth(default): ldap(</span></font><span
lang=EN-GB>0999@stores.game.co.uk</span><span lang=EN-GB>,::ffff:127.0.0.1): ldap_search()
failed: Operations error</span></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Aug 18 13:04:31 gm-ho-lin-06 dovecot: auth(default):
client out: FAIL 1 user=</span></font><span
lang=EN-GB>0999@stores.game.co.uk</span><span lang=EN-GB>
temp</span></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Aug 18 13:04:31 gm-ho-lin-06 dovecot: imap-login:
Aborted login: user=<</span></font><span lang=EN-GB>0999@stores.game.co.uk</span><span
lang=EN-GB>>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1,
secured</span></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Is the auth_ldap code not resetting the ldap connection
bind details to the dn/dnpass values for each login ?</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>You help would be greatly appreciated as I hope to
make this a production server within the next week.</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Regards,</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Rob Coward</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Unix Developer</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>GAME STORES GROUP LTD</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Tel: 01256 784476</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Email: Rob.Coward@game.net</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>-----Original Message-----<br>
From: dovecot-bounces@dovecot.org [mailto:dovecot-bounces@dovecot.org] On
Behalf Of suranga de silva<br>
Sent: </span></font>18 August 2006 19:14<br>
To: dovecot@dovecot.org<br>
Subject: Re: [Dovecot] dovecot Digest, Vol 40, Issue 65</p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Dear Tim Schafer,</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Take a look at my sample dovecot-ldap.conf</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>hosts = localhost</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>dn = cn=root,dc=ceylonlinux,dc=com</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>dnpass = secret </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>ldap_version = 3</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>base = dc=ceylonlinux,dc=com</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>deref = never</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>scope = subtree</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>user_attrs =</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>mail,homeDirectory=mailMessageStore,uidNumber=1003,gidNumber=1003
</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>user_filter = (&(objectClass=user)(mail=%u))</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>pass_attrs = mail=user,userPassword=password</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>pass_filter = (&(objectClass=user)(mail=%u)) </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>default_pass_scheme = CRYPT</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>user_global_uid = 1003</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>user_global_gid = 1003</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Here I am using my own schema called "user",
but in your case change it</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>to inetOrgPerson or the schema name you are using.</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>I think the most common problem in this process is the
ldap filter.</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Above in my configuration user_filter and pass_filter
are used as ldap</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>filters for querying user name and password. There I
am using mail</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>attribute.</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>gid and uid are belong to the user vmail.</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>May be this explanation will help you to figure out
your problem</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>You can refer my article in the following link for
further reference</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>http://www.ceylonlinux.com/pdf/openldap_backsql_postfix_maildir_cl.pdf</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Cheers!!!</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>Suranga De Silva.</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>CTO</span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'>CEYLON</span></font><span lang=EN-GB> LINUX</span></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span lang=EN-GB
style='font-size:10.0pt'> </span></font></p>
</div>
<P> </P>
<P>This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are
addressed. If you have received this e-mail in error please notify
the system manager
at: <BR> <BR>
mailto:<A
href="mailto:postmaster@game.net">postmaster@game.net</A> <BR>
<BR>The recipient acknowledges that the transmissions made via the Internet can
be corrupted and therefore THE GAME GROUP PLC and any of its
subsidiaries do not give any warranty as to the quality or accuracy
of any information contained in the message or assume any liability
for it or for its transmission, reception or storage. </P>
<P>This footnote also confirms that this e-mail message has been swept by
anti-virus software for the presence of computer viruses. <BR> <BR><A
href="http://www.game.co.uk">http://www.game.co.uk</A><BR><A
href="http://www.gamegroup.plc.uk/"
target=_blank>http://www.gamegroup.plc.uk</A> </P>
</body>
</html>