[Dovecot] Please help: LDAP configuration _almost_ works.

Wojtek Bogusz Wojtek at FrontLineDefenders.org
Tue Apr 15 21:09:53 EEST 2008


>>> dn: dovecot needs a dn with which to search the database to find the
>>> user's DN based on their email.
>> This is done with an anonymous connection,
> 
> 	Hmmm... wish the docs mentioned that.  It means that I need to set up
> LDAP to allow anonymous searches for the mail field.  Odd...

is this true? does it mean that i should have something like this in 
/etc/ldap/sldap.conf:
access to attr=uid,homeDirectory,uidNumber
        by anonymous read

still it does not work and i have in log files:

dovecot: auth(default): ldap(wojtek,192.168.0.200): user search: 
base=ou=Users,dc=frontline scope=subtree 
filter=(&(objectClass=posixAccount)(uid=wojtek)) 
fields=homeDirectory,uidNumber
dovecot: auth(default): ldap(wojtek,192.168.0.200): Authenticated user 
not found
dovecot: auth(default): userdb(wojtek,192.168.0.200): user not found 
from userdb
dovecot: auth(default): master out: NOTFOUND^I4

to be honest i do not know how to make ldap searchable for anonymous 
user. i have tried several options and it does not work.

>> Yeah, it works in my setup :-)
> 
> 	Can you supply your config?!

yes. could you please send config please both dovecot 
(/etc/dovecot/dovecot*.conf) and openldap (/etc/ldap/*.conf)

>> Did you sniffed the LDAP connection already?
> 
> 	Only indirectly through the LDAP logs, which shows that a response is
> indeed sent by the LDAP server.

how would you recommend to sniff?


interesting thing. i also changed auth_bind to no dn and dnpass supplied 
and it does not work. looks like dovecot still tries to bind to ldap 
using anonymous user.

cheers, Wojtek


More information about the dovecot mailing list