[Dovecot] Please help: LDAP configuration _almost_ works.

Steffen Kaiser skdovecot at smail.inf.fh-bonn-rhein-sieg.de
Fri Apr 11 10:20:59 EEST 2008

Hash: SHA1

On Tue, 8 Apr 2008, Jack McKinney wrote:

> hosts = ldap.lrtz
> dn = cn=varmail,ou=users,dc=lorentz,dc=com
> dnpass = *********
> ldap_version = 3
> auth_bind = yes
> pass_filter = (&(objectClass=inetOrgPerson)(mail=%Lu))
> base = ou=users, dc=%Dd
> scope = onelevel

Your configuration looks bad:

You use auth_bind, but the displayed LDAP item does not contain no 
"userPassword" attribute and you've specified "dn", not necessary for 
auth_bind's. And you have no pass_attrs config.

I guess the first step is to set auth_bind = no
and add the password attribute to the user.

Or keep the auth_bind = yes and add a userPassword attribute to the user, 
so each user can bind itself to his/her LDAP item.

Wiki: http://wiki.dovecot.org/AuthDatabase/LDAP

>        The OpenLDAP log shows that the query is received and that it
> returns a match:
> Apr  3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH
> base="ou=users,dc=lorentz,dc=com" scope=1 deref=0
> filter="(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))"
> Apr  3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH attr=uid
> Apr  3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT tag=101
> err=0 nentries=1 text=

Well, does nentries=1 really indicates one _match_ or just one returned 
item/packet? If I use ldapsearch -x uid=nonexisting , I get: "# 
numResponses: 1" in the last line, but no hit.
You also see that the search is attr=uid, why?

I do _not_ know why Dovecot just hangs, this is probably a bug due to the 
configuration glitches.


- -- 
Steffen Kaiser
Version: GnuPG v1.4.6 (GNU/Linux)


More information about the dovecot mailing list