[Dovecot] Dovecot2 vs. AD, "Inactivity during authentication"

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Fri Feb 28 07:31:36 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 27 Feb 2014, Jeroen Scheerder wrote:

> passdb {
>  args = /usr/local/etc/dovecot/on2it-ldap-users.cfg
>  driver = ldap
> }

> userdb {
>  args = /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg
>  driver = ldap
> }

> $ cat /usr/local/etc/dovecot/on2it-ldap-users.cfg
> hosts = dc2.office.on2it.net
> ldap_version = 3
> base = dc=office,dc=on2it,dc=net
> scope=subtree
> auth_bind = yes
> dn = [suppressed]
> dnpass = [suppressed]
>
> pass_attrs = sAMAccountName=user
> user_attrs = \
> 	=home=/var/mail/on2it/%{ldap:sAMAccountName}, \
> 	=mail=maildir:/var/mail/on2it/%{ldap:sAMAccountName}

you must not use home dir == mail dir, search list about what wired 
things can happen, if you do. But this has nothing to do with your auth 
problem.

> user_filter = (&(ObjectClass=person)(sAMAccountName=%u))
> pass_filter = (&(ObjectClass=person)(sAMAccountName=%u))
>
> iterate_attrs = sAMAccountName=user
> iterate_filter = (objectClass=person)
>
> $ ls -l /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg
> lrwxr-xr-x  1 root  wheel  20 Feb 27 12:07 /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg -> on2it-ldap-users.cfg

> Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,<9QHH22HzYgB/AAAB>): result: sAMAccountName=js; sAMAccountName unused
> Feb 27 12:49:16 auth: Debug: ldap(js,127.0.0.1,<9QHH22HzYgB/AAAB>): result: sAMAccountName=js

This puzzles me, "sAMAccountName unused" should mean that Dovecot does not 
use the attribute, which contradicts the definition of pass_attrs. Do you 
have wiered characters in/around the line "pass_attrs = 
sAMAccountName=user"? Maybe a Windows linebreak ^M / \r or something? A 
Unicode non-breakable space? Did you stopped, killed any remaining Dovecot 
processes and restarted Dovecot - just to be sure?

Maybe, add sAMAccountName=user to user_attrs, too.

- -- 
Steffen Kaiser

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUxA7WXD1/YhP6VMHAQKX4ggA1Zn7M3ADyVmqxtYT3aiNW429RiFLnKrX
ql8YZUS+ZPAKP7aBzEFZqUFKc3UkP9yR6QfZPoJC/x3DJqnKZZTW6dJl2vDkXVth
KUA1OotQVE21E85mbZR8zUYwKGl05saYwJb/4HpfP56xX8PbaItAUPISwPa5LAYK
aShfHZ/dD0Qq49eEMqa/ErG/3ntUQfD162UCiKMspUh91i4enEt1WQ2j4cSRN3BV
iSwx3U337uFYyUCqAhiUG7dtHU8CH2GD6RNFM/m3JXYZWg91zgKveBNJ4pGzV8mU
bb5pJ2KAhUQIjXnCgZrSSVIkgUr6KOMr0gkztACNvwhm78TF45WAbg==
=Y/0n
-----END PGP SIGNATURE-----

More information about the dovecot mailing list