Hi all,
Well, I've compiled and installed dovecot 2.2.6 with following options:
./configure --prefix=/usr/ --sysconfdir=/etc/ --with-mysql --libexecdir=/usr/lib/ --localstatedir=/var --with-moduledir=/usr/lib/dovecot/modules --disable-rpath --disable-static --with-zlib --with-bzlib --with-solr --with-ldap --with-gssapi --with-nss
doveconf -n:
# 2.2.6: /etc/dovecot/dovecot.conf # OS: Linux 3.8.0-32-generic x86_64 Ubuntu 12.04.3 LTS ext4 auth_debug = yes auth_mechanisms = plain login auth_verbose = yes first_valid_gid = 20001 first_valid_uid = 20001 log_timestamp = %Y-%m-%d %H:%M:%S mail_debug = yes mail_gid = 20001 mail_home = /media/data/email/%n mail_location = maildir:/media/data/email/%n/mail mail_plugins = fts fts_solr acl zlib mail_log notify mail_uid = 20001 managesieve_notify_capability = mailto managesieve_sieve_capability = comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date spamtest spamtestplus virustest namespace { list = no location = maildir:/media/data/email/%%n/mail:INDEX=/media/data/email/%n/mail/shared/%%n prefix = shared/%%n/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/media/data/email/%n/mail mailbox Sent { auto = subscribe } mailbox Spam { auto = subscribe } mailbox SpamFalse { auto = subscribe } mailbox SpamToLearn { auto = subscribe } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } plugin { acl = vfile mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename save mailbox_create mail_log_fields = uid box msgid size sieve = /media/data/email/%n/dovecot.sieve sieve_after = /media/data/email/sieve/global.sieve sieve_dir = /media/data/email/%n/sieve zlib_save = bz2 zlib_save_level = 9 } protocols = imap pop3 sieve lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } unix_listener auth-userdb { group = vmail mode = 0640 user = vmail } } service imap-login { inet_listener imap { address = * port = 143 } inet_listener imaps { address = * port = 993 ssl = yes } process_limit = 256 } service lmtp { inet_listener lmtp { address = * port = 24 } user = vmail } service managesieve-login { inet_listener sieve { address = * port = 4190 } process_limit = 256 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { address = * port = 110 } inet_listener pop3s { address = * port = 995 ssl = yes } } ssl = required ssl_ca = </etc/postfix/tls/cacert.pem ssl_cert = </etc/postfix/tls/radiodjiido-cert.pem ssl_key = </etc/postfix/tls/radiodjiido-key.pem ssl_verify_client_cert = yes userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf.ext driver = ldap } protocol imap { imap_client_workarounds = delay-newmail imap_max_line_length = 64 k mail_max_userip_connections = 20 mail_plugins = acl imap_acl mail_log notify zlib } protocol pop3 { mail_plugins = zlib mail_log notify pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } protocol sieve { managesieve_logout_format = bytes ( in=%i : out=%o ) } protocol lda { info_log_path = log_path = mail_plugins = sieve zlib mail_log notify quota_full_tempfail = yes syslog_facility = mail } protocol lmtp { info_log_path = log_path = mail_plugins = sieve fts zlib mail_log notify quota_full_tempfail = yes }
/etc/dovecot/dovecot-ldap-passdb.conf.ext:
hosts = localhost auth_bind = yes auth_bind_userdn = cn=%u,OU=users,dc=domain,dc=lan ldap_version = 3 base = ou=users,dc=domain,dc=lan scope = subtree pass_filter = (&(objectClass=person)(cn=%u)(mail=*))
/etc/dovecot/dovecot-ldap-userdb.conf.ext:
hosts = localhost dn = cn=ldap,cn=Users,DC=domain,DC=lan dnpass = My_secret_pass ldap_version = 3 base = OU=users,DC=domain,DC=lan scope = subtree user_attrs = uid=20001, gid=20001, home=/media/data/email/%n, mail=/media/data/email/%n/mail user_filter = (&(objectClass=person)(cn=%n)(mail=*)) iterate_attrs = cn=user iterate_filter = (objectClass=person)
All seems to work as expected up-to-now, but : If I move a user from OU 'users' to a sub-OU 'administrative' on Active Directory : -> The user can't login anymore to Dovecot I have added the "scope = subtree" to the userdb and passdb files but it doesn't change anything.
Here is the debug part when user test3 (located in ou=users, ou=administrative) tries to login:
Oct 30 18:49:12 serveur dovecot: auth: Debug: auth client connected (pid=4292) Oct 30 18:49:12 serveur dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=L6uskfDpKwAKChTQ#011lip=10.10.20.1#011rip=10.10.20.208#011lport=993#011rport=54827 Oct 30 18:49:12 serveur dovecot: auth: Debug: client passdb out: CONT#0111#011 Oct 30 18:49:12 serveur dovecot: auth: Debug: client in: CONT<hidden> Oct 30 18:49:12 serveur dovecot: auth: ldap(test3,10.10.20.208,<L6uskfDpKwAKChTQ>): invalid credentials Oct 30 18:49:14 serveur dovecot: auth: Debug: client passdb out: FAIL#0111#011user=test3
As soon as I move user 'test3' back to ou=users, it can login ...
Oct 30 18:53:57 serveur dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Oct 30 18:53:57 serveur dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Oct 30 18:53:57 serveur dovecot: auth: Debug: auth client connected (pid=4303) Oct 30 18:53:57 serveur dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=h+ypovDpUAAKChTQ#011lip=10.10.20.1#011rip=10.10.20.208#011lport=993#011rport=54864 Oct 30 18:53:57 serveur dovecot: auth: Debug: client passdb out: CONT#0111#011 Oct 30 18:53:57 serveur dovecot: auth: Debug: client in: CONT<hidden> Oct 30 18:53:57 serveur dovecot: auth: Debug: client passdb out: OK#0111#011user=test3
Thanks in advance for your time and lights. Nicolas