[Dovecot] Authentification Dovecot + Samba4

Bob Miller bob at computerisms.ca
Fri Dec 6 22:23:16 EET 2013 

I wrote a wiki on how to build an ldap-authenticated network using
samba4.  the dovecot part is on this page, but there are other relevant
parts reachable from the main page as well:

http://cocnm.computerisms.ca/index.php/Install_Qmail-ldap,_Dovecot,_and_Related_Email_Services
-- 
Computerisms
Bob Miller      
867-334-7117 / 867-633-3760
http://computerisms.ca


On Fri, 2013-12-06 at 19:21 +0100, dago at quantentunnel.de wrote:
> Hello list,
> 
> I am struggling with setting up dovecot 2.1.7 with samba 4.1.2 on debian wheezy. Dovecot should authenticate via LDAP, but I cannot get it to work reliably. Sometimes auth works, sometimes not. Referals are already activated in ldap.conf … LDAP-authentication works fine with other clients (Apache Directory Studio, …) 
> Has somebody got a similar setup running? I would love some hints on how to debug this issue …
> 
> Thank you!
> 
> 
> Regards
> 
> 
> 
> 
> dovecot-ldap.conf
> hosts = 192.168.188.156:389
> dn = CN=Administrator,CN=Users,DC=DOMAIN,DC=LOCAL
> dnpass = Test123
> auth_bind = yes
> ldap_version = 3
> base = DC=DOMAIN,DC=LOCAL
> tls = no
> debug_level = -1
> ldap_version = 3
> scope = subtree
> user_attrs = uidNumber=uid,gidNumber=gid
> user_filter = (&(&(objectClass=Person)(sAMAccountName=%u)))
> pass_attrs = sAMAccountName=user,userPassword=password
> pass_filter = (&(&(objectClass=Person)(sAMAccountName=%u)))
> 
> 
> 
> logs:
> srv1 dovecot: auth: Debug: auth client connected (pid=0)
> srv1 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=doveadm#011resp=<hidden>
> srv1 dovecot: auth: Debug: ldap(john): bind search: base=DC=DOMAIN,DC=LOCAL filter=(&(&(objectClass=Person)(sAMAccountName=john)))
> srv1 dovecot: auth: Error: ldap_search
> srv1 dovecot: auth: Error: put_filter: "(&(&(objectClass=Person)(sAMAccountName=john)))"
> srv1 dovecot: auth: Error: put_filter: AND
> srv1 dovecot: auth: Error: put_filter_list "(&(objectClass=Person)(sAMAccountName=john))"
> srv1 dovecot: auth: Error: put_filter: "(&(objectClass=Person)(sAMAccountName=john))"
> srv1 dovecot: auth: Error: put_filter: AND
> srv1 dovecot: auth: Error: put_filter_list "(objectClass=Person)(sAMAccountName=john)"
> srv1 dovecot: auth: Error: put_filter: "(objectClass=Person)"
> srv1 dovecot: auth: Error: put_filter: simple
> srv1 dovecot: auth: Error: put_simple_filter: "objectClass=Person"
> srv1 dovecot: auth: Error: put_filter: "(sAMAccountName=john)"
> srv1 dovecot: auth: Error: put_filter: simple
> srv1 dovecot: auth: Error: put_simple_filter: "sAMAccountName=john"
> srv1 dovecot: auth: Error: ldap_build_search_req ATTRS: sAMAccountName
> srv1 dovecot: auth: Error: ldap_send_initial_request
> srv1 dovecot: auth: Error: ldap_send_server_request
> srv1 dovecot: auth: Error: ldap_result ld 0x7fef48794580 msgid -1
> srv1 dovecot: auth: Error: wait4msg ld 0x7fef48794580 msgid -1 (timeout 0 usec)
> srv1 dovecot: auth: Error: wait4msg continue ld 0x7fef48794580 msgid -1 all 0
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Connections:
> srv1 dovecot: auth: Error: * host: DOMAIN.local  port: 0
> srv1 dovecot: auth: Error:   refcnt: 1  status: Connected
> srv1 dovecot: auth: Error:   last used: Fri Dec  6 19:08:49 2013
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: * host: 192.168.188.156  port: 389  (default)
> srv1 dovecot: auth: Error:   refcnt: 2  status: Connected
> srv1 dovecot: auth: Error:   last used: Fri 2013
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Outstanding Requests:
> srv1 dovecot: auth: Error:  * msgid 37,  origid 37, status InProgress
> srv1 dovecot: auth: Error:    outstanding referrals 0, parent count 0
> srv1 dovecot: auth: Error:  * msgid 35,  origid 33, status InProgress
> srv1 dovecot: auth: Error:    outstanding referrals 0, parent count 1
> srv1 dovecot: auth: Error:  * msgid 33,  origid 33, status RequestCompleted
> srv1 dovecot: auth: Error:    outstanding referrals 1, parent count 1
> srv1 dovecot: auth: Error:   ld 0x7fef48794580 request count 3 (abandoned 0)
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Response Queue:
> srv1 dovecot: auth: Error:    Empty
> srv1 dovecot: auth: Error:   ld 0x7fef48794580 response count 0
> srv1 dovecot: auth: Error: ldap_chkResponseList ld 0x7fef48794580 msgid -1 all 0
> srv1 dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fef48794580 NULL
> srv1 dovecot: auth: Error: ldap_int_select
> srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 msgid -1 all 0
> srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 msgid 35 message type search-result
> srv1 dovecot: auth: Error: ldap_chase_referrals
> srv1 dovecot: auth: Error: read1msg:  V2 referral chased, mark request completed, id = 35
> srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 0 new referrals
> srv1 dovecot: auth: Error: read1msg:  mark request completed, ld 0x7fef48794580 msgid 35
> srv1 dovecot: auth: Error: merged parent (id 33) error info:  result errno 1, error <00002020: Operation unavailable without authentication>, matched <>
> srv1 dovecot: auth: Error: request done: ld 0x7fef48794580 msgid 33
> srv1 dovecot: auth: Error: res_errno: 1, res_error: <00002020: Operation unavailable without authentication>, res_matched: <>
> srv1 dovecot: auth: Error: ldap_free_request (origid 33, msgid 33)
> srv1 dovecot: auth: Error: ldap_free_request (origid 33, msgid 35)
> srv1 dovecot: auth: Error: ldap_free_connection 0 1
> srv1 dovecot: auth: Error: ldap_send_unbind
> srv1 dovecot: auth: Error: ldap_free_connection: actually freed
> srv1 dovecot: auth: Error: ldap_parse_result
> srv1 dovecot: auth: Error: ldap_err2string
> srv1 dovecot: auth: Error: ldap(john): ldap_search(base=DC=DOMAIN,DC=LOCAL filter=(&(&(objectClass=Person)(sAMAccountName=john)))) failed: Operations error
> srv1 dovecot: auth: Error: ldap_msgfree
> srv1 dovecot: auth: Error: ldap_result ld 0x7fef48794580 msgid -1
> srv1 dovecot: auth: Error: wait4msg ld 0x7fef48794580 msgid -1 (timeout 0 usec)
> srv1 dovecot: auth: Error: wait4msg continue ld 0x7fef48794580 msgid -1 all 0
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Connections:
> srv1 dovecot: auth: Error: * host: 192.168.188.156  port: 389  (default)
> srv1 dovecot: auth: Error:   refcnt: 2  status: Connected
> srv1 dovecot: auth: Error:   last used: Fri 2013
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Outstanding Requests:
> srv1 dovecot: auth: Error:  * msgid 37,  origid 37, status InProgress
> srv1 dovecot: auth: Error:    outstanding referrals 0, parent count 0
> srv1 dovecot: auth: Error:   ld 0x7fef48794580 request count 1 (abandoned 0)
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Response Queue:
> srv1 dovecot: auth: Error:    Empty
> srv1 dovecot: auth: Error:   ld 0x7fef48794580 response count 0
> srv1 dovecot: auth: Error: ldap_chkResponseList ld 0x7fef48794580 msgid -1 all 0
> srv1 dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fef48794580 NULL
> srv1 dovecot: auth: Error: ldap_int_select
> srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 msgid -1 all 0
> srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 msgid 37 message type search-entry
> srv1 dovecot: auth: Error: ldap_first_attribute
> srv1 dovecot: auth: Error: ldap_get_values
> srv1 dovecot: auth: Error: ldap_next_attribute
> srv1 dovecot: auth: Debug: auth(john): username changed john -> john
> srv1 dovecot: auth: Debug: ldap(john): result: sAMAccountName=john
> srv1 dovecot: auth: Error: ldap_get_dn
> srv1 dovecot: auth: Error: ldap_msgfree
> srv1 dovecot: auth: Error: ldap_result ld 0x7fef48794580 msgid -1
> srv1 dovecot: auth: Error: wait4msg ld 0x7fef48794580 msgid -1 (timeout 0 usec)
> srv1 dovecot: auth: Error: wait4msg continue ld 0x7fef48794580 msgid -1 all 0
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Connections:
> srv1 dovecot: auth: Error: * host: 192.168.188.156  port: 389  (default)
> srv1 dovecot: auth: Error:   refcnt: 2  status: Connected
> srv1 dovecot: auth: Error:   last used: Fri 2013
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Outstanding Requests:
> srv1 dovecot: auth: Error:  * msgid 37,  origid 37, status InProgress
> srv1 dovecot: auth: Error:    outstanding referrals 0, parent count 0
> srv1 dovecot: auth: Error:   ld 0x7fef48794580 request count 1 (abandoned 0)
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Response Queue:
> srv1 dovecot: auth: Error:    Empty
> srv1 dovecot: auth: Error:   ld 0x7fef48794580 response count 0
> srv1 dovecot: auth: Error: ldap_chkResponseList ld 0x7fef48794580 msgid -1 all 0
> srv1 dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fef48794580 NULL
> srv1 dovecot: auth: Error: ldap_int_select
> srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 msgid -1 all 0
> srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 msgid 37 message type search-reference
> srv1 dovecot: auth: Error: ldap_chase_v3referrals
> srv1 dovecot: auth: Error: ldap_url_parse_ext(ldap://DOMAIN.local/CN=Configuration,DC=DOMAIN,DC=local)
> srv1 dovecot: auth: Error: re_encode_request: new msgid 39, new dn <CN=Configuration,DC=DOMAIN,DC=local>
> srv1 dovecot: auth: Error: re_encode_request new request is:
> srv1 dovecot: auth: Error: ber_dump: buf=0x7fef4879d8d0 ptr=0x7fef4879d956 end=0x7fef4879e8ac len=134
> srv1 dovecot: auth: Error:   0000:  61 6d 65 4e 61 6d 65 00  00 00 00 00 00 00 00 00   ameName.........  
> srv1 dovecot: auth: Error:   0010:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................  
> srv1 dovecot: auth: Error:   0020:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................  
> srv1 dovecot: auth: Error:   0030:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................  
> srv1 dovecot: auth: Error:   0040:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................  
> srv1 dovecot: auth: Error:   0050:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................  
> srv1 dovecot: auth: Error:   0060:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................  
> srv1 dovecot: auth: Error:   0070:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................  
> srv1 dovecot: auth: Error:   0080:  00 00 00 00 00 00                                  ......            
> srv1 dovecot: auth: Error: ldap_chase_v3referral: msgid 37, url "ldap://DOMAIN.local/CN=Configuration,DC=DOMAIN,DC=local"
> srv1 dovecot: auth: Error: ldap_send_server_request
> srv1 dovecot: auth: Error: ldap_new_connection 0 1 1
> srv1 dovecot: auth: Error: ldap_int_open_connection
> srv1 dovecot: auth: Error: ldap_connect_to_host: TCP DOMAIN.local:389
> srv1 dovecot: auth: Error: ldap_new_socket: 19
> srv1 dovecot: auth: Error: ldap_prepare_socket: 19
> srv1 dovecot: auth: Error: ldap_connect_to_host: Trying 192.168.188.156:389
> srv1 dovecot: auth: Error: ldap_pvt_connect: fd: 19 tm: -1 async: 0
> srv1 dovecot: auth: Error: anonymous rebind via ldap_sasl_bind("")
> srv1 dovecot: auth: Error: ldap_sasl_bind
> srv1 dovecot: auth: Error: ldap_send_initial_request
> srv1 dovecot: auth: Error: ldap_send_server_request
> srv1 dovecot: auth: Error: ldap_result ld 0x7fef48794580 msgid 40
> srv1 dovecot: auth: Error: wait4msg ld 0x7fef48794580 msgid 40 (timeout 100000 usec)
> srv1 dovecot: auth: Error: wait4msg continue ld 0x7fef48794580 msgid 40 all 1
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Connections:
> srv1 dovecot: auth: Error: * host: DOMAIN.local  port: 0
> srv1 dovecot: auth: Error:   refcnt: 2  status: Connected
> srv1 dovecot: auth: Error:   last used: Fri 2013
> srv1 dovecot: auth: Error:   rebind in progress
> srv1 dovecot: auth: Error:     queue is empty
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: * host: 192.168.188.156  port: 389  (default)
> srv1 dovecot: auth: Error:   refcnt: 3  status: Connected
> srv1 dovecot: auth: Error:   last used: Fri 2013
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Outstanding Requests:
> srv1 dovecot: auth: Error:  * msgid 40,  origid 40, status InProgress
> srv1 dovecot: auth: Error:    outstanding referrals 0, parent count 0
> srv1 dovecot: auth: Error:  * msgid 37,  origid 37, status InProgress
> srv1 dovecot: auth: Error:    outstanding referrals 1, parent count 0
> srv1 dovecot: auth: Error:   ld 0x7fef48794580 request count 2 (abandoned 0)
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Response Queue:
> srv1 dovecot: auth: Error:    Empty
> srv1 dovecot: auth: Error:   ld 0x7fef48794580 response count 0
> srv1 dovecot: auth: Error: ldap_chkResponseList ld 0x7fef48794580 msgid 40 all 1
> srv1 dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fef48794580 NULL
> srv1 dovecot: auth: Error: ldap_int_select
> srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 msgid 40 all 1
> srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 msgid 37 message type search-result
> srv1 dovecot: auth: Error: read1msg: ld 0x7fef48794580 0 new referrals
> srv1 dovecot: auth: Error: read1msg:  mark request completed, ld 0x7fef48794580 msgid 37
> srv1 dovecot: auth: Error: wait4msg ld 0x7fef48794580 0 s 99976 us to go
> srv1 dovecot: auth: Error: wait4msg continue ld 0x7fef48794580 msgid 40 all 1
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Connections:
> srv1 dovecot: auth: Error: * host: DOMAIN.local  port: 0
> srv1 dovecot: auth: Error:   refcnt: 2  status: Connected
> srv1 dovecot: auth: Error:   last used: Fri 2013
> srv1 dovecot: auth: Error:   rebind in progress
> srv1 dovecot: auth: Error:     queue is empty
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: * host: 192.168.188.156  port: 389  (default)
> srv1 dovecot: auth: Error:   refcnt: 2  status: Connected
> srv1 dovecot: auth: Error:   last used: Fri 2013
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: 
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Outstanding Requests:
> srv1 dovecot: auth: Error:  * msgid 40,  origid 40, status InProgress
> srv1 dovecot: auth: Error:    outstanding referrals 0, parent count 0
> srv1 dovecot: auth: Error:  * msgid 37,  origid 37, status RequestCompleted
> srv1 dovecot: auth: Error:    outstanding referrals 1, parent count 0
> srv1 dovecot: auth: Error:   ld 0x7fef48794580 request count 2 (abandoned 0)
> srv1 dovecot: auth: Error: ** ld 0x7fef48794580 Response Queue:
> srv1 dovecot: auth: Error:    Empty
> srv1 dovecot: auth: Error:   ld 0x7fef48794580 response count 0
> srv1 dovecot: auth: Error: ldap_chkResponseList ld 0x7fef48794580 msgid 40 all 1
> srv1 dovecot: auth: Error: ldap_chkResponseList returns ld 0x7fef48794580 NULL
> 
> dovecot -n:
> # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 
> auth_debug = yes
> auth_verbose = yes
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
> passdb {
>   args = /etc/dovecot/dovecot-ldap.conf
>   driver = ldap
> }
> protocols = " imap lmtp sieve"
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     group = vmail
>     mode = 0660
>     user = postfix
>   }
>   unix_listener auth-master {
>     group = vmail
>     mode = 0600
>     user = vmail
>   }
> }
> ssl = no
> userdb {
>   driver = passwd
> }

More information about the dovecot mailing list