[Dovecot] Dovecot LDAP issue
Steffen Kaiser
skdovecot at smail.inf.fh-brs.de
Tue Apr 8 06:18:36 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 7 Apr 2014, Deeztek Support wrote:
> On 4/7/2014 6:13 PM, Reindl Harald wrote:
>>
>>
>> Am 07.04.2014 23:47, schrieb Deeztek Support:
>>> On 4/7/2014 4:42 PM, Christian Schmidt wrote:
>>>> 7.04.2014 20:43, Deeztek Support:
>>>>> On 4/7/2014 2:08 PM, Oscar del Rio wrote:
>>>>>>
>>>>>> On 04/ 7/14 01:46 PM, Deeztek Support wrote:
>>>>>>>
>>>>>>> I'm authenticating users through AD and it seems to work with no
>>>>>>> problems. Unfortunately, when I try to send e-mail from a user who's
>>>>>>> not in the testou container I get the following error:
>>>>>>>
>>>>>>> Sender address rejected: User unknown in virtual mailbox table>
>>>>>>> #SMTP#.
>>>>>>>
>>>>>>
>>>>>> Looks like a Postfix error, not Dovecot.
>>>>>
>>>>> I don't think so. Postfix already looks from the root of the AD down and
>>>>> it has no problems. Dovecot does not authenticate at all if I simply put
>>>>> the AD root in the ldap configuration file.
>>>>
>>>> "User unknown in virtual mailbox table" is what *postfix* tells you.
>>>> Dovecot does not do SMTP (yet). Thus, I suppose that dovecot doesn't get
>>>> involved at all (although this depends on your configuration).
>>>>
>>>> I recommend to check the restrictions you defined in your postfix
>>>> configuration.
>>>>
>>> The reason I think it's Dovecot generating the error is because when the
>>> IP address of the sending server is not in
>>> the mynetworks directive of postfix I get the following error
>>
>> why in the world do you strip logs
>>
>> syslog contains even the process who generates a entry and
>> so there is not much to guess if you *really* look at the log
>>
>>
>
> I'm not stripping any logs. The error I put is from the bounce message. The
> syslog says the following:
>
> Apr 7 17:39:39 ewa postfix/pipe[7134]: E35AE860B26: to=<someone at domain.tld>,
> relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=5.1.1, status=bounced (user
> unknown. Command output:
>
> So mystery solved, it really is dovecot generating the error.
>
> Question remains, can someone please tell me how to get Dovecot do LDAP looks
> from the AD root?
The primary question is: Does
ldapsearch -H ldap://server.domain.tld:389 \
-b dc=domain,dc=tld -D ... -W \
'(&(userPrincipalName=<<user>>)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
return the user?
How many domain controllers to you have in the AD? Which of them holds
which domains? See
http://technet.microsoft.com/en-us/library/cc978012.aspx
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBU0OUvXD1/YhP6VMHAQIF9AgAu2wxEpYXMoHwS1uA7fxKbMPY1tGXU2SE
Ub0GVd6CZ6tUWsYW4YE7rYsyy2LFdLDlTFkeOttP30XeoLdYbvnh8QqOR+iURJx2
u2Y/x91SfTIqhRIjDLckq6pmcgugyaLngWKMBCWvkpra03GTqCUmY7Wndh9FoXRm
/S1F3u/q0vID1JDEZWeoEInrpKh7KCxX4WPDiUTLUho1CwnzYiMpDlLYJMHNn7P/
K8P2ESPapFwr16tShUewXi7l2hGVGt8Eaqb/z2OqnkWEdSNILejnv5TkZif6GT6H
sh8/AxPsotpmV2kEh/IjMG4mjihHCnzvxngpMu96xkTufsBcgt4RyQ==
=dM6R
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list