[Dovecot] suspected bug in dovecot-ldap setup?
Pedro Venda
pjvenda at pjvenda.org
Tue Nov 7 10:10:44 UTC 2006
On Saturday 04 November 2006 12:31, Timo Sirainen wrote:
> On Fri, 2006-11-03 at 10:15 +0000, Pedro Venda wrote:
> > On Thursday 02 November 2006 18:42, Timo Sirainen wrote:
> > > On Fri, 2006-10-27 at 12:45 +0100, Pedro Venda wrote:
> > > > I intended to have authenticated binds but there was a problem with
> > > > the user_filter directive being ignored:
> > > > user_filter =
> > > > (&(objectClass=JammMailAccount)(mail=%n@%d)(accountActive=TRUE)
> > > > (delete=FALSE))
> > >
> > > ..
> > >
> > > > ldap(dave at info.test,::ffff:192.168.0.69): bind search:
> > > > base=o=hosting,dc=example,dc=com scope=subtree filter=
> > > > **(&(objectClass=posixAccount(uid=dave at info.test))**
> > > > dovecot: Oct 26 16:20:58 Info: auth(default):
> > > > ldap(dave at info.test,::ffff:192.168.0.69): unknown user
> > > > dovecot: Oct 26 16:20:59 Info: auth(default): client out: FAIL 1
> > > > user=dave at info.test
> > > > dovecot: Oct 26 16:20:59 Info: imap-login: Disconnected:
> > > > user=<dave at info.test>, method=PLAIN, rip=::ffff:192.168.0.69,
> > > > lip=::ffff:192.168.0.5, TLS
> > > >
> > > > (nevermind the data, it's test only)
> > > >
> > > > As you can see from the info file, the search filter used was being
> > > > (&(objectClass=posixAccount(uid=dave at info.test)) and not
> > > > (&(objectClass=JammMailAccount)(mail=dave at info.test)(accountActive=TR
> > > >UE) (delete=FALSE)).
> > >
> > > user_filter is used by userdb only, after the password authentication
> > > was successful. So I guess you wanted to modify pass_filter instead?
> >
> > You see, I'm using auth_bind = yes, so pass_filter isn't relevant.
> > Dovecot doesn't need to find the password, given that authentication
> > relies on successfull binding.
>
> If you use auth_bind=yes, but not auth_bind_userdn, then the dn is
> looked up using pass_filter, not user_filter. user_filter is used only
> after a successful authentication to look up the user_attrs.
ok Timo, I understood.
These options aren't very intuitive, however, because with auth_bind = yes,
you don't need to lookup any password, so I figured pass_filter wasn't
necessary... That was my first mistake.
On the other hand, user_filter would be the filter to look for a given user...
my second mistake.
Best regards,
--
Pedro João Lopes Venda
email: pjvenda at pjvenda org
http://www.pjvenda.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20061107/abef74c4/attachment-0001.pgp
More information about the dovecot
mailing list