[Dovecot] Dovecot LDAP issue

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Tue Apr 8 06:18:36 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 7 Apr 2014, Deeztek Support wrote:

> On 4/7/2014 6:13 PM, Reindl Harald wrote:
>> 
>> 
>> Am 07.04.2014 23:47, schrieb Deeztek Support:
>>> On 4/7/2014 4:42 PM, Christian Schmidt wrote:
>>>> 7.04.2014 20:43, Deeztek Support:
>>>>> On 4/7/2014 2:08 PM, Oscar del Rio wrote:
>>>>>> 
>>>>>> On 04/ 7/14 01:46 PM, Deeztek Support wrote:
>>>>>>> 
>>>>>>> I'm authenticating users through AD and it seems to work with no
>>>>>>> problems. Unfortunately, when I try to send e-mail from a user who's
>>>>>>> not in the testou container I get the following error:
>>>>>>> 
>>>>>>> Sender address rejected: User unknown in virtual mailbox table> 
>>>>>>> #SMTP#.
>>>>>>> 
>>>>>> 
>>>>>> Looks like a Postfix error, not Dovecot.
>>>>> 
>>>>> I don't think so. Postfix already looks from the root of the AD down and
>>>>> it has no problems. Dovecot does not authenticate at all if I simply put
>>>>> the AD root in the ldap configuration file.
>>>> 
>>>> "User unknown in virtual mailbox table" is what *postfix* tells you.
>>>> Dovecot does not do SMTP (yet). Thus, I suppose that dovecot doesn't get
>>>> involved at all (although this depends on your configuration).
>>>> 
>>>> I recommend to check the restrictions you defined in your postfix
>>>> configuration.
>>>> 
>>> The reason I think it's Dovecot generating the error is because when the 
>>> IP address of the sending server is not in
>>> the mynetworks directive of postfix I get the following error
>> 
>> why in the world do you strip logs
>> 
>> syslog contains even the process who generates a entry and
>> so there is not much to guess if you *really* look at the log
>> 
>> 
>
> I'm not stripping any logs. The error I put is from the bounce message. The 
> syslog says the following:
>
> Apr  7 17:39:39 ewa postfix/pipe[7134]: E35AE860B26: to=<someone at domain.tld>, 
> relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=5.1.1, status=bounced (user 
> unknown. Command output:
>
> So mystery solved, it really is dovecot generating the error.
>
> Question remains, can someone please tell me how to get Dovecot do LDAP looks 
> from the AD root?

The primary question is: Does

ldapsearch -H ldap://server.domain.tld:389 \
  -b dc=domain,dc=tld -D ...  -W \
  '(&(userPrincipalName=<<user>>)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'

return the user?

How many domain controllers to you have in the AD? Which of them holds 
which domains? See 
http://technet.microsoft.com/en-us/library/cc978012.aspx


- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBU0OUvXD1/YhP6VMHAQIF9AgAu2wxEpYXMoHwS1uA7fxKbMPY1tGXU2SE
Ub0GVd6CZ6tUWsYW4YE7rYsyy2LFdLDlTFkeOttP30XeoLdYbvnh8QqOR+iURJx2
u2Y/x91SfTIqhRIjDLckq6pmcgugyaLngWKMBCWvkpra03GTqCUmY7Wndh9FoXRm
/S1F3u/q0vID1JDEZWeoEInrpKh7KCxX4WPDiUTLUho1CwnzYiMpDlLYJMHNn7P/
K8P2ESPapFwr16tShUewXi7l2hGVGt8Eaqb/z2OqnkWEdSNILejnv5TkZif6GT6H
sh8/AxPsotpmV2kEh/IjMG4mjihHCnzvxngpMu96xkTufsBcgt4RyQ==
=dM6R
-----END PGP SIGNATURE-----


More information about the dovecot mailing list