[Dovecot] Please help: LDAP configuration _almost_ works.

Wojtek Bogusz Wojtek at FrontLineDefenders.org
Wed Apr 16 02:19:04 EEST 2008

>> /etc/ldap/sldap.conf:
>> access to attr=uid,homeDirectory,uidNumber
>>         by anonymous read
> 	I do not have this in my configuration, and dovecot does indeed use the
> credential I provide to successfully query LDAP for the user based on
> the (mail=%u) criteria.  However, it does not see the reply.
> 	The fact that it does perform the query successfully implies to me that
> it does not use an anonymous connection.  Very puzzling.

i have no idea what dovecot is doing :-) from the log file it looks like 
there are 2 queries to ldap: 1. to check provided password for provided 
user name, 2. to find a user related information (and from what Steffen 
wrote this one is done with anonymous user - correct?).

[on the margin: why isn't it done in one query: get me the user related 
information, i am binding with provided user and with provided password. 
this way it would be one query for two things.]

in my case, i cannot list user related information from ldap in 
anonymous connection even from command line, using: ldapsearch -x -b 
'ou=Users,dc=frontline' '(&(objectClass=posixAccount)(uid=wojtek))' 

so i guess that i have to workout ldap settings for anonymous query. my 
/etc/ldap/slapd.conf related to access permissions is:

access to dn.children="ou=Users,dc=frontline" 
        by anonymous read
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
         by dn="cn=admin,dc=frontline" write
         by anonymous auth
         by self write
         by * none
access to dn.children="ou=Users,dc=frontline"
         by dn="cn=root,ou=Users,dc=frontline" read
         by anonymous auth
         by self write
access to dn.base="" by * read
access to *
         by dn="cn=admin,dc=frontline" write
         by * read

maybe the problem is here... any hints please?

regards, Wojtek

More information about the dovecot mailing list