[Dovecot] BUG: LDAP extension failed to authenticate if 'base' DN configuration is empty ''

Hendy Irawan hendy at soluvas.com
Wed Aug 1 01:12:50 EEST 2012

Dear Timo,

Thank you very much for your kind work.

I apologize, my previous statement were wrong. At least on ApacheDS 1.5.7,
it doesn't search entries using the '' base DN (it doesn't give error
though, just cannot return results, ApacheDS requires the search base to be
in a partition).

However, your patch would be great for servers who support the '' search
base DN.

If I may ask, would you improve it further to accept multiple bases? I'm not
sure what the proper character separator would be, but I think something
like this would work :

base = dc=prd,dc=berbatik,dc=com | dc=stg,dc=berbatik,dc=com

The proposed configuration above asks to try the two search bases in
succession, whichever first succeeds get logged in, else fails like usual.

I hope it's okay with you. I'll definitely help with the testing.


Timo Sirainen wrote:
> On 29.7.2012, at 15.00, Hendy Irawan wrote:
>> We have several context entries and want to authenticate a user against
>> the
>> whole LDAP server.
>> However when setting "base = " Dovecot LDAP fails with following message:
>> Jul 29 10:50:59 nitik1 dovecot: auth: Error:
>> ldap(hendy at staging.member.berbatik.com,
>> ldap_search((virtualMail=hendy at staging.member.berbatik.com)) failed:
>> Other
>> (e.g., implementation specific) error
> Does the attached patch help? If yes, I'll add it to next version.

http://www.Soluvas.com/ Soluvas - Making eCommerce Work for You 
View this message in context: http://old.nabble.com/BUG%3A-LDAP-extension-failed-to-authenticate-if-%27base%27-DN-configuration-is-empty-%27%27-tp34226738p34238207.html
Sent from the Dovecot mailing list archive at Nabble.com.

More information about the dovecot mailing list