[Dovecot] Active Directory LDAP authentication fails after a time

Romer Ventura rventura at h-st.com
Fri Apr 17 21:35:12 EEST 2009


i run dovecot 1.1.7 and i have the ldap.conf like this:

base = ou=DOMAIN-Users,dc=domain,dc=com
ldap_version = 3
auth_bind = yes
dn = cn=ldap,cn=Users,dc=domain,dc=com
dnpass = password

I am authenticating against AD2003 and have not have and issue since  
it went live back in december... I would say it may be time for you  
to update...


On Apr 17, 2009, at 12:40 PM, noahisaac wrote:

>
> Hi -
>
> I've got Dovecot version 1.0.7 running on a CentOS 5.2 machine.  It's
> serving pop, imap and imaps and authenticating against an Active  
> Directory
> machine.  This all works fine at first, but after about two weeks  
> or so,
> dovecot's authentication against AD starts to fail.  All of dovecot's
> authentication attempts time out.  I also have postfix on the same  
> machine
> authenticating against the same AD, and it does not seem to  
> experience this
> issue.  If I restart dovecot, the authentication starts working again.
>
> I've gone over /var/log/maillog, but I don't see anything particularly
> useful.  The only thing I really see is:
> dovecot: IMAP(noah): Disconnected for inactivity
>
> Here's some of the relevant portions of my configs:
>
> dovecot.conf
> auth default {
>   mechanisms = plain
>   passdb ldap {
>     args = /etc/dovecot-ldap.conf
>   }
>   passdb passwd-file {
>     args = /etc/dovecot/passdb
>     master = yes
>   }
>   userdb static {
>     args = uid=vmail gid=vmail home=/home/vmail/%u
>   }
>   user = root
> }
>
> dovecot-ldap.conf
> hosts = admachine.domain.com
> base = dc=domain,dc=com
> ldap_version = 3
> auth_bind = yes
> auth_bind_userdn = DOMAIN\%u
>
>
> Does anybody have any ideas about why this is happening, or maybe  
> just an
> idea about how to better troubleshoot it?  If you need any more  
> info, I'll
> be happy to provide it.  Can I tell dovecot to be a little more  
> verbose with
> it's log entries (I've already got auth_debug set to yes, but I'm not
> getting very much info)?
>
>
> Thanks!
> Noah
> -- 
> View this message in context: http://www.nabble.com/Active- 
> Directory-LDAP-authentication-fails-after-a-time- 
> tp23102450p23102450.html
> Sent from the Dovecot mailing list archive at Nabble.com.
>



More information about the dovecot mailing list