[Dovecot] Please help: LDAP configuration _almost_ works.
Steffen Kaiser
skdovecot at smail.inf.fh-bonn-rhein-sieg.de
Fri Apr 11 10:20:59 EEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 8 Apr 2008, Jack McKinney wrote:
> hosts = ldap.lrtz
> dn = cn=varmail,ou=users,dc=lorentz,dc=com
> dnpass = *********
> ldap_version = 3
> auth_bind = yes
> pass_filter = (&(objectClass=inetOrgPerson)(mail=%Lu))
> base = ou=users, dc=%Dd
> scope = onelevel
Your configuration looks bad:
You use auth_bind, but the displayed LDAP item does not contain no
"userPassword" attribute and you've specified "dn", not necessary for
auth_bind's. And you have no pass_attrs config.
I guess the first step is to set auth_bind = no
and add the password attribute to the user.
Or keep the auth_bind = yes and add a userPassword attribute to the user,
so each user can bind itself to his/her LDAP item.
Wiki: http://wiki.dovecot.org/AuthDatabase/LDAP
> The OpenLDAP log shows that the query is received and that it
> returns a match:
>
> Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH
> base="ou=users,dc=lorentz,dc=com" scope=1 deref=0
> filter="(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))"
> Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH attr=uid
> Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT tag=101
> err=0 nentries=1 text=
Well, does nentries=1 really indicates one _match_ or just one returned
item/packet? If I use ldapsearch -x uid=nonexisting , I get: "#
numResponses: 1" in the last line, but no hit.
You also see that the search is attr=uid, why?
I do _not_ know why Dovecot just hangs, this is probably a bug due to the
configuration glitches.
Bye,
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH/xFeVJMDrex4hCIRAq1TAJ9MVpxpDnAmNgDp7y3MO1tIcE6zhQCeMMe4
GQ5xrufcilvadYYiyaJvvCI=
=IgtW
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list