[Dovecot] Does dovecot work with OpenLDAP? (was Re: Please help: LDAP configuration _almost_ works.)
Gavin Henry
ghenry at suretecsystems.com
Thu Apr 17 16:20:49 EEST 2008
<quote who="Jack McKinney">
> So why is dovecot searching for uid? I am not asking it to; in fact, my
> pass_attrs field is empty.
Im' no tsure, I was hoping someone else would know why. Is it a hard coded
default?
> Also, I have switched around my setup to not use auth_bind:
>
> hosts = ldap.lrtz
> dn = cn=varmail,ou=users,dc=lorentz,dc=com
> dnpass = *******
> ldap_version = 3
> auth_bind = no
> pass_attrs = userPassword=password
> pass_filter = (&(objectClass=inetOrgPerson)(mail=%Lu))
> base = ou=users, dc=%Dd
> scope = onelevel
>
> With this configuration, it becomes inconsistant. Sometimes my client
> authenticates, and sometimes my client goes through the same timeout as
> below.
> I have not had time to run enough trials to prove this, but it seems
> like this new configuration works for the first connection made to
> dovecot, and then times out on subsequent connections. If I restart
> dovecot, then I get one successful connection again, and then the others
> fail.
> I am not certain on this, however. I seem to remember the first
> connection timing out on one run...
>
> On Wed, 2008-04-16 at 23:20 +0100, Gavin Henry wrote:
>> <quote who="Jack McKinney">
>> > No, it isn't. I have verified the connection with "openssl s_client".
>> > Besides, the server is receiving the username "jackmc at lorentz.com", so
>> > the connection has already been made by this time.
>> > What is happening every time is that dovecot sends the correct query
>> to
>> > OpenLDAP (as noted in the log below), OpenLDAP receives that query
>> > (according to its log) and responds with one match, but dovecot never
>> > seems to see that response. 180 seconds after the auth fails, dovecot
>> > drops the connection with the IMAP client for inactivity.
>> >
>>
>> I've gone back to your first post, and you slapd logs show:
>>
>> Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH
>> base="ou=users,dc=lorentz,dc=com" scope=1 deref=0
>> filter="(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))"
>> Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH attr=uid
>> Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT tag=101
>> err=0 nentries=1 text=
>>
>> Which shows the correct filter, but the requested attribute to return is
>> "uid", which is _not_ in your entry:
>>
>> # Jack McKinney, users, lorentz.com
>> dn: cn=Jack McKinney,ou=users,dc=lorentz,dc=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: inetOrgPerson
>> cn: Jack McKinney
>> givenName: Jack McKinney
>> sn: McKinney
>> mail: jackmc at lorentz.com
>>
>> Try the same search again, but using (note uid on end):
>>
>> ldapsearch -h ldap.lrtz -b 'ou=users, dc=lorentz, dc=com' -D
>> 'cn=varmail,ou=users,dc=lorentz,dc=com' -x -W -s onelevel
>> '(&(objectClass=inetOrgPerson)(mail=jackmc at lorentz.com))' uid
>>
>> It should be empty, hence why dovecot isn't getting anything.
>>
>>
>>
> --
> Jack McKinney
> GPG 1024D/99C6A174
> jackmc at lorentz.com YM:lfaatsnat2006 AIM:jackmclorentz
> Beware geeks bearing diffs
>
More information about the dovecot
mailing list