[Dovecot] Dovecot2 vs. AD, "Inactivity during authentication"

Hi,

I'm trying to setup Dovecot2 for o IMAP client access o LDA for postfix mail delivery (with SIEVE) ... on a FreeBSD host.

The FreeBSD server has no users (by intention), so I've set up a virtual mail domain, using LDAP lookups in Postfix. So far so good. Mail delivers into the proper mailbox.

But I'm stuck getting Dovecot to authenticate. User- and passwd DB's are set up for LDAP lookups to AD, using an authenticated bind (the AD server offers no anonymous binds, yet). I've enabled all the debugging I can find, but my logs have little information to offer.

Any help in getting me a step further would be much appreciated. In particular, I'd like to learn how do diagnose these userdb/passdb issues properly.

Here's what I see in the logs:

Feb 27 12:25:49 ponyboy dovecot: imap-login: Disconnected: Inactivity during authentication (disconnected while authenticating, waited 172 secs): user=<>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session= Feb 27 12:26:42 ponyboy dovecot: auth: Error: PLAIN(js,127.0.0.1,): Request 74099.1 timed out after 225 secs, state=1

This logging is related to the folloging IMAP session:

ponyboy% telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.

• OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. a login js suppressed
• OK Waiting for authentication process to respond..
  • BYE Disconnected for inactivity during authentication. Connection closed by foreign host.

Here's my config:

$ dovecot -n # 2.2.10: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-RELEASE amd64 ufs auth_debug = yes auth_mechanisms = plain login auth_username_format = %Ln auth_verbose = yes first_valid_gid = 1000 first_valid_uid = 1000 imap_client_workarounds = delay-newmail last_valid_gid = 1000 last_valid_uid = 1000 mail_gid = 1000 mail_location = maildir:/var/mail/on2it/%Ln mail_uid = 1000 maildir_very_dirty_syncs = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /usr/local/etc/dovecot/on2it-ldap-users.cfg driver = ldap } protocols = imap service auth-worker { user = root } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } } shutdown_clients = no ssl = no userdb { args = /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg driver = ldap } valid_chroot_dirs = /var/mail/on2it

$ cat /usr/local/etc/dovecot/on2it-ldap-users.cfg hosts = dc2.office.on2it.net ldap_version = 3 base = dc=office,dc=on2it,dc=net scope=subtree auth_bind = yes dn = [suppressed] dnpass = [suppressed]

pass_attrs = sAMAccountName=user user_attrs =
=home=/var/mail/on2it/%{ldap:sAMAccountName},
=mail=maildir:/var/mail/on2it/%{ldap:sAMAccountName}

user_filter = (&(ObjectClass=person)(sAMAccountName=%u)) pass_filter = (&(ObjectClass=person)(sAMAccountName=%u))

iterate_attrs = sAMAccountName=user iterate_filter = (objectClass=person)

$ ls -l /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg lrwxr-xr-x 1 root wheel 20 Feb 27 12:07 /usr/local/etc/dovecot/on2it-ldap-users-userdb.cfg -> on2it-ldap-users.cfg