-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sun, 18 May 2014, Danylo Esterman wrote:
# Max Mustermann, people, ht dn: cn=Max Mustermann,ou=people,dc=ht cn: Max Mustermann givenName: Max gidNumber: 500 homeDirectory: /home/users/mmustormann sn: Mustermann objectClass: inetOrgPerson objectClass: posixAccount objectClass: top uidNumber: 1000 uid: mmustermann userPassword:: e01ENX1ETUYxdWNEeHRxZ3h3NW5pYVhjbVlRPT0= loginShell: /bin/bash mail: mustorm@test.com
Now, I use the following configuration for dovecot (/etc/dovecot/dovecot-ldap.conf.ext)
hosts = 10.1.2.1 dn = cn=admin,dc=ht dnpass = a auth_bind = yes auth_bind_userdn = uid=%u,ou=people,dc=ht ldap_version = 3 scope = subtree base = ou=people,dc=ht user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u))
This is what I see in Wireshark: http://i.stack.imgur.com/ICzDe.png
Dovecot cannot authenticate itself for some reason...
The Wireshark trace shows that you've tried to authentificate an user "uid=mmustermann,ou=people,dc=ht", but no such LDAP item exists. It is named "cn=Max Mustermann,ou=people,dc=ht".
If i change the configuration as follows:
auth_bind = no #auth_bind_userdn = uid=%u,ou=people,dc=ht
Then I get following picture: http://i.stack.imgur.com/tb5vo.png
Well, why auth_bind = no? If you read the comment for that setting:
# Use authentication binding for verifying password's validity. This works by # logging into LDAP server using the username and password given by client. # The pass_filter is used to find the DN for the user. Note that the pass_attrs # is still used, only the password field is ignored in it. Before doing any # search, the binding is switched back to the default DN. #auth_bind = no auth_bind = yes
I am really desperate and don't know how to make it work. Can somebody please give me a clue how to solve this problem?
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBU3mrOHz1H7kL/d9rAQJP3Qf/S4FMF1R1ZSvs1vpul3S2pN1stNlEKvjU 9O5hemGYbjfXJjZzY0Htp1rfDHz35GkYkfIxNOmf9pH7WVS9BXK+3wx0jNXVOMVh 3OPnbe7UNZmj5MMx/xtCs6MrC010aOvZ0semBEaoyosUaZA11nyi+Ju2rYtxmZqG 4GNWxMjlXl98qzt8LPqSdnYzLJ+uzkmdh8CNQLOS5e86bwcxV5Fd5V3CbuT40/A0 odEtyvoe8czpnfOBM1CImwwoOnyK0lBi4Pk5SGwLA3qyDlac7bsNnNahUx22Nozd VYQ3ixZODp3f3/VIloqdVmTFHly8S2vLFDZOmWo4Tc0FEYsLHqR+iA== =fy/V -----END PGP SIGNATURE-----