[Dovecot] Dovecot Authentication through LDAP Server

ashok cvs ashokcvs at gmail.com
Thu Jun 8 14:27:25 EEST 2006


I have a Samba PDC with LDAP (samba version 3.0.21c with Openldap 2.3.19).
where i have all the users.
I have configured sendmail on another system with dovecot as IMAP and POP3
server. I wanted
to enable user authentication from LDAP server which is on samba PDC.


 So configured /etc/dovecot.conf

################################################################

protocols = pop3 imap
imap_listen = [::]
pop3_listen = [::]
login_dir = /var/run/dovecot-login
login = imap
login_user = testuser
login = pop3
verbose_proctitle = yes
maildir_copy_with_hardlinks = yes
mbox_locks = fcntl
auth = default
auth_mechanisms = plain digest-md5
auth_userdb = ldap /etc/dovecot-ldap.conf
auth_passdb = ldap /etc/dovecot-ldap.conf
auth_user = dovecot
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
################################################################

configured /etc/dovecot-ldap.conf
#######################################################################
# NOTE: We don't support "authentication binds", so you'll have to give
# dovecot-auth read access to userPassword field in LDAP server. With
OpenLDAP
# this is done by modifying /etc/ldap/slapd.conf. There should already be
# something like this:
#

# access to attribute=userPassword
# by dn="<dovecot's dn>" read # add this
# by anonymous auth
# by self write
# by * none

 # Space separated list of LDAP hosts to use. host:port is allowed too.
hosts = 192.168.129.18


 # Distinguished Name - the username used to login to the LDAP server

dn = uid=root,ou=People,dc=msdpl,dc=com


 # Password for LDAP server

dnpass = mobil5 at b1d


 # LDAP protocol version to use. Likely 2 or 3.

ldap_version = 3


 # LDAP base

base = dc=msdpl,dc=com


 # Dereference: never, searching, finding, always

deref = never


 # Search scope: base, onelevel, subtree

scope = subtree

# User attributes in order:

# Virtual user name (user at domain)

# Home directory

# MAIL environment

# System user name (for initgroups())

# System UID

# System GID

#user_attrs = uid,homeDirectory,,uid,uidNumber,gidNumber

user_attrs = uid,homeDirectory,,uid,,


 # Filter for user lookup. Some variables can be used:

# %u - username

# %n - user part in user at domain, same as %u if there's no domain

# %d - domain part in user at domain, empty if user there's no domain

user_filter = (&(objectClass=posixAccount)(uid=%u))

#ser_filter = (&(objectClass=sambaSamAccount)(uid=%u))


 # Password checking attributes in order:

# Virtual user name (user at domain)

# Password, may optionally start with {type}, eg. {crypt}

pass_attrs = uid,userPassword


 # Filter for password lookups

#pass_filter = (&(objectClass=posixAccount)(uid=%u))


 # Default password scheme. "{scheme}" before password overrides this.

# Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, CRYPT

#default_pass_scheme = CRYPT


 # You can use same UID and GID for all user accounts if you really want to.

# If the UID/GID is still found from LDAP reply, it overrides these values.

#user_global_uid = 100

#user_global_gid = 100

#######################################################################
The following is the error when we check using
[root]#telnet mymailserverip 110
Trying 192.168.129.248
Connected to testmail.mydomain.com (192.168.129.248)
Escape character is '^]`.
user  dcadmin
pass mypass
ERR-Authentication Failure

The following is the log output of /var/log/maillog
#########################################################################
Jun 8 13:09:16 testmail dovecot-auth: ldap(dcadmin): No password in reply
Jun 8 13:10:16 testmail pop3-login: Disconnected: Inactivity [::ffff:
127.0.0.1]

Jun 8 13:10:26 testmail dovecot-auth: ldap(root): No password in reply
Jun 8 13:11:26 testmail pop3-login: Disconnected: Inactivity [::ffff:
127.0.0.1]
Jun 8 13:11:38 testmail dovecot-auth: LDAP: ldap_result() failed: Can't
contact LDAP server
Jun 8 13:13:46 testmail dovecot-auth: ldap(root): No password in reply
Jun 8 13:13:46 testmail imap-login: Disconnected [::ffff:127.0.0.1]
Jun 8 13:14:03 testmail dovecot-auth: ldap(dcadmin): No password in reply
Jun 8 13:14:03 testmail imap-login: Disconnected [::ffff:127.0.0.1]
############################################################################

Regards
Niranjan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dovecot.org/pipermail/dovecot/attachments/20060608/adc2fd63/attachment.htm


More information about the dovecot mailing list