[Dovecot] Does dovecot work with OpenLDAP? (was Re: Please help: LDAP configuration _almost_ works.)

Jack McKinney jackmc at lorentz.com
Fri Apr 18 16:12:09 EEST 2008


On Fri, 2008-04-18 at 10:10 +0200, Steffen Kaiser wrote:

> I got the impression that this is problem, see the Doc:
> http://wiki.dovecot.org/AuthDatabase/LDAP  
> 
> pass_attrs = uid=user,userPassword=password
> 
> This is the default, please add "mail=user" to your pass_attrs and re-add 
> auth_bind. Also, kill all dovecot processes (well, you know: make sure it 
> is correct confuig that is used, e.g. add a syntax error, so you see it is 
> even the correct file you're editing)

	I did try it with mail=user; same failure mode.  Since I also get this
failure mode with auth_bind = no, I don't think this is the issue.

> Rob had this in his conf:
> 
> user_attrs = mail=user
> user_filter = (&(objectClass=user)(mail=%u))
> pass_attrs = mail=user,userPassword=password,mail=userdb_user
> pass_filter = (&(objectClass=user)(mail=%u))

> Note the two mail=user settings, I have them, too. Drop 
> the mail=userdb_user, as you use another userdb.
> 
	Problematic, since my userdb is static.

> Rob also have
> 
> user_global_uid = dovecot
> user_global_gid = dovecot
> 
> "If you're using a single UID and GID for all the users, you can use 
> user_global_uid and user_global_gid settings instead of of returning them 
> from LDAP." Which seems to apply to userdb only, but who knows?
> 
> Also, could you please drop the TLS/SSL on the connection, if any, and 
> sniff the connection?
> 
> To sniff, use wireshark (ethereal) or tshark (tethereal) "port 389" as 
> capture filter.
> wireshark understands the LDAP protocol und decodes it. Moreover, you see 
> _what_ is returned in detail.

	I am not using TLS/SSL for the LDAP connection.

> 
> BTW: Do you use any sort of firewall, iptables or whatsoever on the mail, 
> dns or ldap server? Did you disabled it?

	LDAP and IMAP are on the same server.  Since the query and the result
both show up in the LDAP logs, it couldn't be a firewall issue.

-- 
Jack McKinney
GPG 1024D/99C6A174
jackmc at lorentz.com YM:lfaatsnat2006 AIM:jackmclorentz
Beware geeks bearing diffs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080418/39591ff8/attachment-0001.bin 


More information about the dovecot mailing list