[Dovecot] Does dovecot work with OpenLDAP? (was Re: Please help: LDAP configuration _almost_ works.)
Jack McKinney
jackmc at lorentz.com
Thu Apr 17 15:55:56 EEST 2008
So why is dovecot searching for uid? I am not asking it to; in fact, my
pass_attrs field is empty.
Also, I have switched around my setup to not use auth_bind:
hosts = ldap.lrtz
dn = cn=varmail,ou=users,dc=lorentz,dc=com
dnpass = *******
ldap_version = 3
auth_bind = no
pass_attrs = userPassword=password
pass_filter = (&(objectClass=inetOrgPerson)(mail=%Lu))
base = ou=users, dc=%Dd
scope = onelevel
With this configuration, it becomes inconsistant. Sometimes my client
authenticates, and sometimes my client goes through the same timeout as
below.
I have not had time to run enough trials to prove this, but it seems
like this new configuration works for the first connection made to
dovecot, and then times out on subsequent connections. If I restart
dovecot, then I get one successful connection again, and then the others
fail.
I am not certain on this, however. I seem to remember the first
connection timing out on one run...
On Wed, 2008-04-16 at 23:20 +0100, Gavin Henry wrote:
> <quote who="Jack McKinney">
> > No, it isn't. I have verified the connection with "openssl s_client".
> > Besides, the server is receiving the username "jackmc at lorentz.com", so
> > the connection has already been made by this time.
> > What is happening every time is that dovecot sends the correct query to
> > OpenLDAP (as noted in the log below), OpenLDAP receives that query
> > (according to its log) and responds with one match, but dovecot never
> > seems to see that response. 180 seconds after the auth fails, dovecot
> > drops the connection with the IMAP client for inactivity.
> >
>
> I've gone back to your first post, and you slapd logs show:
>
> Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH
> base="ou=users,dc=lorentz,dc=com" scope=1 deref=0
> filter="(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))"
> Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH attr=uid
> Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT tag=101
> err=0 nentries=1 text=
>
> Which shows the correct filter, but the requested attribute to return is
> "uid", which is _not_ in your entry:
>
> # Jack McKinney, users, lorentz.com
> dn: cn=Jack McKinney,ou=users,dc=lorentz,dc=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: Jack McKinney
> givenName: Jack McKinney
> sn: McKinney
> mail: jackmc at lorentz.com
>
> Try the same search again, but using (note uid on end):
>
> ldapsearch -h ldap.lrtz -b 'ou=users, dc=lorentz, dc=com' -D
> 'cn=varmail,ou=users,dc=lorentz,dc=com' -x -W -s onelevel
> '(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))' uid
>
> It should be empty, hence why dovecot isn't getting anything.
>
>
>
--
Jack McKinney
GPG 1024D/99C6A174
jackmc at lorentz.com YM:lfaatsnat2006 AIM:jackmclorentz
Beware geeks bearing diffs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080417/4aab720e/attachment.bin
More information about the dovecot
mailing list