[Dovecot] BUG: LDAP extension failed to authenticate if 'base' DN configuration is empty ''

Timo Sirainen tss at iki.fi
Wed Aug 1 01:51:08 EEST 2012


On 1.8.2012, at 1.12, Hendy Irawan wrote:

> I apologize, my previous statement were wrong. At least on ApacheDS 1.5.7,
> it doesn't search entries using the '' base DN (it doesn't give error
> though, just cannot return results, ApacheDS requires the search base to be
> in a partition).
> 
> However, your patch would be great for servers who support the '' search
> base DN.

But does my patch actually make it work in some such servers? I did it only as a guess. If it doesn't fix anything I'd rather just drop the patch.

> If I may ask, would you improve it further to accept multiple bases? I'm not
> sure what the proper character separator would be, but I think something
> like this would work :
> 
> base = dc=prd,dc=berbatik,dc=com | dc=stg,dc=berbatik,dc=com
> 
> The proposed configuration above asks to try the two search bases in
> succession, whichever first succeeds get logged in, else fails like usual.

You can already do this by creating multiple passdb/userdb ldap sections with different config files. Searching multiple bases requires doing multiple LDAP lookups anyway.


More information about the dovecot mailing list