[Dovecot] Dovecot Authentication through LDAP Server
ashok cvs
ashokcvs at gmail.com
Thu Jun 8 14:27:25 EEST 2006
I have a Samba PDC with LDAP (samba version 3.0.21c with Openldap 2.3.19).
where i have all the users.
I have configured sendmail on another system with dovecot as IMAP and POP3
server. I wanted
to enable user authentication from LDAP server which is on samba PDC.
So configured /etc/dovecot.conf
################################################################
protocols = pop3 imap
imap_listen = [::]
pop3_listen = [::]
login_dir = /var/run/dovecot-login
login = imap
login_user = testuser
login = pop3
verbose_proctitle = yes
maildir_copy_with_hardlinks = yes
mbox_locks = fcntl
auth = default
auth_mechanisms = plain digest-md5
auth_userdb = ldap /etc/dovecot-ldap.conf
auth_passdb = ldap /etc/dovecot-ldap.conf
auth_user = dovecot
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
################################################################
configured /etc/dovecot-ldap.conf
#######################################################################
# NOTE: We don't support "authentication binds", so you'll have to give
# dovecot-auth read access to userPassword field in LDAP server. With
OpenLDAP
# this is done by modifying /etc/ldap/slapd.conf. There should already be
# something like this:
#
# access to attribute=userPassword
# by dn="<dovecot's dn>" read # add this
# by anonymous auth
# by self write
# by * none
# Space separated list of LDAP hosts to use. host:port is allowed too.
hosts = 192.168.129.18
# Distinguished Name - the username used to login to the LDAP server
dn = uid=root,ou=People,dc=msdpl,dc=com
# Password for LDAP server
dnpass = mobil5 at b1d
# LDAP protocol version to use. Likely 2 or 3.
ldap_version = 3
# LDAP base
base = dc=msdpl,dc=com
# Dereference: never, searching, finding, always
deref = never
# Search scope: base, onelevel, subtree
scope = subtree
# User attributes in order:
# Virtual user name (user at domain)
# Home directory
# MAIL environment
# System user name (for initgroups())
# System UID
# System GID
#user_attrs = uid,homeDirectory,,uid,uidNumber,gidNumber
user_attrs = uid,homeDirectory,,uid,,
# Filter for user lookup. Some variables can be used:
# %u - username
# %n - user part in user at domain, same as %u if there's no domain
# %d - domain part in user at domain, empty if user there's no domain
user_filter = (&(objectClass=posixAccount)(uid=%u))
#ser_filter = (&(objectClass=sambaSamAccount)(uid=%u))
# Password checking attributes in order:
# Virtual user name (user at domain)
# Password, may optionally start with {type}, eg. {crypt}
pass_attrs = uid,userPassword
# Filter for password lookups
#pass_filter = (&(objectClass=posixAccount)(uid=%u))
# Default password scheme. "{scheme}" before password overrides this.
# Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, CRYPT
#default_pass_scheme = CRYPT
# You can use same UID and GID for all user accounts if you really want to.
# If the UID/GID is still found from LDAP reply, it overrides these values.
#user_global_uid = 100
#user_global_gid = 100
#######################################################################
The following is the error when we check using
[root]#telnet mymailserverip 110
Trying 192.168.129.248
Connected to testmail.mydomain.com (192.168.129.248)
Escape character is '^]`.
user dcadmin
pass mypass
ERR-Authentication Failure
The following is the log output of /var/log/maillog
#########################################################################
Jun 8 13:09:16 testmail dovecot-auth: ldap(dcadmin): No password in reply
Jun 8 13:10:16 testmail pop3-login: Disconnected: Inactivity [::ffff:
127.0.0.1]
Jun 8 13:10:26 testmail dovecot-auth: ldap(root): No password in reply
Jun 8 13:11:26 testmail pop3-login: Disconnected: Inactivity [::ffff:
127.0.0.1]
Jun 8 13:11:38 testmail dovecot-auth: LDAP: ldap_result() failed: Can't
contact LDAP server
Jun 8 13:13:46 testmail dovecot-auth: ldap(root): No password in reply
Jun 8 13:13:46 testmail imap-login: Disconnected [::ffff:127.0.0.1]
Jun 8 13:14:03 testmail dovecot-auth: ldap(dcadmin): No password in reply
Jun 8 13:14:03 testmail imap-login: Disconnected [::ffff:127.0.0.1]
############################################################################
Regards
Niranjan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dovecot.org/pipermail/dovecot/attachments/20060608/adc2fd63/attachment.htm
More information about the dovecot
mailing list