[Dovecot] connection Dovecot to samba4

Pascal den Bekker pascal_den.bekker at affinitas.de
Mon Dec 16 17:14:41 EET 2013 

Hey Achim,

thank you for your help :-) Unfortunately it did not work :-(

I changed the lines in the dovecot config you sent me.. When I try to 
login into the sogo gui, im getting the following error message:

2013-12-16 16:10:07 auth: Info: 
ldap(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): unknown user
2013-12-16 16:10:07 auth: Error: 
userdb(administrator,127.0.0.1,<DBQZNajtqQB/AAAB>): user not found from 
userdb ldap
2013-12-16 16:10:07 imap: Error: Authenticated user not found from 
userdb, auth lookup id=4126670849 (client-pid=5503 client-id=1)
2013-12-16 16:10:07 imap-login: Info: Internal login failure (pid=5503 
id=1) (internal failure, 1 succesful auths): user=<administrator>, 
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5504, secured, 
session=<DBQZNajtqQB/AAAB>

When I look in samba4:

samba-tool user list
Administrator
krbtgt
Guest
ldap

The user seems to be there..:-(


Cheers,

- Pascal

On 12/16/2013 03:37 PM, Achim Gottinger wrote:
> Hi,
>
> Added a few corrections to your config below. Hope it works.
>
> achim~
>
>
> Am 16.12.2013 11:51, schrieb Pascal den Bekker:
>> Hello,
>>
>> I am trying to setup samba4/openchange and dovecot. Does anyone has 
>> experiences concering dovecot connecting to samba4 ??
>>
>> I tried the following:
>>
>> /etc/dovecot.conf:
>>
>> protocols = imap sieve
>> mail_location = maildir:/data/mail/%d/%n/Maildir
>> mail_access_groups = vmail
>> mail_privileged_group = vmail
>> first_valid_uid = 110
>> last_valid_uid = 110
> last_valid_uid = 5000
>> first_valid_gid = 115
>> last_valid_gid = 115
> last_valid_gid = 5000
>
> Your vmail user/group seems to have the uid/gid 5000 so it must be in 
> the valid range.
>> log_path = /var/log/dovecot
>> log_timestamp = "%Y-%m-%d %H:%M:%S "
>> login_greeting = Welcome to domain.local.
>>
>> service imap {
>>   inet_listener {
>>     port=143
>>   }
>> }
>>
>> protocol lda {
>>     log_path = /var/log/mail/dovecot-deliver.log
>>     auth_socket_path = /var/run/dovecot/auth-master
>>     postmaster_address = postmaster at domain.local
>>     mail_plugins = sieve
>> }
>>
>> service managesieve {
>>     inet_listener {
>>         port=12000
>>         }
>> }
>>
>> auth_verbose = yes
>> auth_debug = yes
>>
>> service auth {
>> unix_listener /var/spool/postfix/private/auth {
>>     group = vmail
>>     mode = 0660
>>     user = postfix
>>     }
>> }
>>
>> #service auth-userdb {
>> #    user = vmail
>> #    }
>>     #user = root
>> #}
>>
>> passdb {
>>     args = /etc/dovecot/dovecot-ldap-passdb.conf
>>     driver = ldap
>> }
>>
>> userdb {
>>     args = /etc/dovecot/dovecot-ldap-userdb.conf
>>     driver = ldap
>> }
>>
>> plugin {
>>     sieve = /data/mail/%d/%n/sieverc
>>     sieve_storage=/data/mail/%d/%n/sieve
>>     sieve_max_redirects = 20
>>     }
>>
>>
>> debug_log_path = /var/log/dovecot-debug.log
>>
>> dict {
>> }
>>
>> /etc/dovecot/dovecot-ldap-passdb.conf
>>
>> hosts = localhost
>> auth_bind = yes
>> auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local
>> ldap_version = 3
>> base = cn=Users,dc=domain,dc=local
>> pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
>>
> hosts = localhost
> auth_bind = yes
> dn = cn=ldap,cn=Users,DC=domain,DC=local
> dnpass = password
> #auth_bind_userdn = cn=%u,cn=Users,dc=domain,dc=local
> ldap_version = 3
> base = cn=Users,dc=domain,dc=local
> pass_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*))
> user_attrs=uid=5000
>
> This way dovecot connects as user ldap does the user lookup according 
> to pass_filter and uses the resulting dn for authetification. If you 
> create users via the Windows Remote Management tools the dn for an 
> user normaly uses the Full Name as cn and not the user id which is 
> stored as sAMAccountName.
>> /etc/dovecot/dovecot-ldap-userdb.conf:
>>
>> hosts = localhost
>> dn = cn=ldap,cn=Users,DC=domain,DC=local
>> dnpass = password
>> ldap_version = 3
>> base = cn=Users,DC=domain,DC=local
>>
>> #user_attrs =
>> user_attrs=uid=5000,=gid=5000,=home=/data/mail/%d/%n,mail=/data/mail/%d/%u/Maildir 
>>
>> user_filter = (&(objectClass=person)(cn=%u)(mail=*))
>> iterate_attrs = cn=user
>> iterate_filter = (objectClass=person)
> user_filter = (&(objectClass=person)(sAMAccountName=%u)(mail=*))
> iterate_attrs = sAMAccountName=user
>>
>> When I try to login with useraccountadministrator I get the following 
>> error messages:
>>
>> 2013-12-16 11:28:29 auth: Info: 
>> ldap(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): unknown user
>> 2013-12-16 11:28:29 auth: Error: 
>> userdb(ldap,127.0.0.1,<N3HjRaTtdAB/AAAB>): user not found from userdb 
>> ldap
>> 2013-12-16 11:28:29 imap: Error: Authenticated user not found from 
>> userdb, auth lookup id=783810561 (client-pid=3809 client-id=1)
>> 2013-12-16 11:28:29 imap-login: Info: Internal login failure 
>> (pid=3809 id=1) (internal failure, 1 succesful auths): user=<ldap>, 
>> method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=3810, secured, 
>> session=<N3HjRaTtdAB/AAAB>
>>
>> Can someone tell me what I am doing wrong, or is there way to test to 
>> dovecot ldap connection string ??
>>
>> Cheers,
>>
>> - Pascal
>>
>


-- 
Pascal den Bekker

Linux System Administrator

  
Affinitas GmbH  |  Kohlfurter Straße 41/43  |  10999 Berlin  |  Germany
email: pascal_den.bekker at affinitas.de | tel: +49 30 868 000 140
www.edarling.de | www.shopaman.de

Geschäftsführer: Lukas Brosseder, David Khalil, Michael Schrezenmaier

Eingetragen beim Amtsgericht Berlin-Charlottenburg, HRB 115958

More information about the dovecot mailing list