Problem with LDAP-query (Active Directory) on filter by memberOf
Luca Bertoncello
lucabert at lucabert.de
Tue Oct 20 17:21:27 EEST 2020
Hi list!
We have a Dovecot 2.3.4 (from Debian 10 repository) that should connect
to our AD to authenticate the users.
It works, but now we would like to restrict using IMAP to all users in
the Group "Funktion - E-Mail-Konto".
So I changed the query from:
(&(sAMAccountName=%n)(objectClass=user)(homeMDB=*))
to
(&(sAMAccountName=%n)(objectClass=user)(homeMDB=*)(memberOf=CN=Funktion
- E-Mail-Konto,OU=Funktionen,OU=People,DC=ad,DC=company,DC=org))
The baseDN is DC=ad,DC=company,DC=org
With ldapsearch I can get all users and their attributes, but Dovecot
fail with this error:
Oct 20 15:57:10 mailgw02 dovecot: auth: Error:
ldap(testuser,80.187.107.28,<eLf0mhqyLwlQu2sc>):
ldap_search(base=dc=ad,dc=company,dc=org
filter=(&(samAccountName=testuser)(objectClass=user)(homeMDB=*)(memberOf=CN=Funktion
- E-Mail-Konto,OU=Funktionen,OU=People,DC=ad,DC=company,DC=org)))
failed: Operations error
I didn't found any explanation for this error...
Can someone help me?
The user used for the connection is the same in Dovecot and ldapsearch.
Thanks a lot
Luca Bertoncello
(lucabert at lucabert.de)
More information about the dovecot
mailing list