[Dovecot] Please help: LDAP configuration _almost_ works.
Wojtek Bogusz
Wojtek at FrontLineDefenders.org
Wed Apr 16 02:19:04 EEST 2008
>> /etc/ldap/sldap.conf:
>> access to attr=uid,homeDirectory,uidNumber
>> by anonymous read
>
> I do not have this in my configuration, and dovecot does indeed use the
> credential I provide to successfully query LDAP for the user based on
> the (mail=%u) criteria. However, it does not see the reply.
> The fact that it does perform the query successfully implies to me that
> it does not use an anonymous connection. Very puzzling.
i have no idea what dovecot is doing :-) from the log file it looks like
there are 2 queries to ldap: 1. to check provided password for provided
user name, 2. to find a user related information (and from what Steffen
wrote this one is done with anonymous user - correct?).
[on the margin: why isn't it done in one query: get me the user related
information, i am binding with provided user and with provided password.
this way it would be one query for two things.]
in my case, i cannot list user related information from ldap in
anonymous connection even from command line, using: ldapsearch -x -b
'ou=Users,dc=frontline' '(&(objectClass=posixAccount)(uid=wojtek))'
homeDirectory
so i guess that i have to workout ldap settings for anonymous query. my
/etc/ldap/slapd.conf related to access permissions is:
access to dn.children="ou=Users,dc=frontline"
attrs=uid,homeDirectory,uidNumber
by anonymous read
access to attrs=userPassword,sambaNTPassword,sambaLMPassword
by dn="cn=admin,dc=frontline" write
by anonymous auth
by self write
by * none
access to dn.children="ou=Users,dc=frontline"
by dn="cn=root,ou=Users,dc=frontline" read
by anonymous auth
by self write
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=frontline" write
by * read
maybe the problem is here... any hints please?
regards, Wojtek
More information about the dovecot
mailing list