[Dovecot] Using ldap and pam
Bo Lynch
blynch at ameliaschools.com
Tue Aug 6 15:16:31 EEST 2013
On Tue, August 6, 2013 2:41 am, Steffen Kaiser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, 5 Aug 2013, Bo Lynch wrote:
>
>> Having some issues with ldap logins. I am using Centos
>> 5,dovecot-1.0.13-1.el5.rfx and openldap-servers-2.3.43-25.el5_8.1
>> Trying to get this to work with the SoGo interface. First I converted
>> all
>> my standard system users to ldap using the openldap-tools. This worked
>> fine, however when a user changes there password they can no longer see
>> there email. If they change it back to the original password mail can be
>> seen. This has stumped me for a day or so so I was hoping someone could
>> shed some light.
>
> What are in the logs? http://wiki1.dovecot.org/Logging see auth_debug=yes
>
>> /etc/dovecot.conf
>> protocols = imap imaps
>> disable_plaintext_auth = no
>> mbox_read_locks = fcntl
>> mbox_write_locks = fcntl
>> protocol imap {
>> }
>> protocol pop3 {
>> }
>> protocol lda {
>> postmaster_address = postmaster at example.com
>> }
>> auth default {
>> mechanisms = plain login
>> passdb pam {
>> }
>> passdb ldap {
>> args = /etc/dovecot-ldap.pass
>> }
>
> You first query PAM then LDAP. If your users are in passwd still, you get
> a failed password response.
>
>> userdb passwd {
>> }
>
> You read the user data from passwd? I think you've migrated to LDAP?
>
>> user = root
>> user = root
>> socket listen {
>> client {
>> path = /var/spool/postfix/private/auth
>> mode = 0660
>> user = postfix
>> group = postfix
>> }
>> }
>> }
>> dict {
>> }
>> plugin {
>> }
>>
>> /etc/dovecot-ldap.conf
>> hosts = 127.0.0.1:389
>> sasl_bind = no
>> auth_bind = yes
>> auth_bind = no
>> ldap_version = 3
>> deref = never
>> dn = cn=sogo,dc=ameliaschools,dc=com
>> dnpass=password
>> base = dc=ameliaschools,dc=com
>> scope = subtree
>> pass_attrs = uid=user, userPassword=password
>> pass_filter = (uid=%u)
>>
Is it possible to have 2 auth methods? Meaning if user and passwd does not
match in pam then go with ldap?
More information about the dovecot
mailing list