[Dovecot] Dovecot-2.0.11 searches in all LDAP directory

Hello.

I have some users IDs in different OUs with different passwords. Base OU for mail server is 'ou=Mail, dc=ph, dc=com'

Trying manual search:

# ldapsearch -b 'ou=Mail, dc=ph, dc=com' -D 'cn=bind, ou=Users, dc=ph, dc=com' -w XXX -s sub -h mainserv.ph.com '(&(objectClass=qmailUser)(uid=someuser))' uid mailMessageStore …

# extended LDIF … uid: someuser mailMessageStore: /var/mail/someuser/Maildir/

# search result search: 2 result: 0 Success

# numResponses: 2 # numEntries: 1

It works fine.

My dovecot configuration:

# 2.0.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.36-gentoo-r5 x86_64 Gentoo Base System release 2.0.1 base_dir = /var/run/dovecot/ listen = * login_trusted_networks = 192.168.1.0/24 mail_location = maildir:~/.maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { args = * driver = pam } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin/sieve = ~/.dovecot.sieve plugin/sieve_dir = ~/sieve protocols = imap ssl_cert =

My /etc/dovecot/dovecot-ldap.conf.ext:

hosts = mainserv.ph.com dn = cn=bind, ou=Users, dc=ph, dc=com dnpass = XXX debug_level = 255 auth_bind = yes ldap_version = 3 base = ou=Mail, dc=ph, dc=com scope = subtree user_attrs = mailMessageStore=home user_filter = (&(objectClass=qmailUser)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=qmailUser)(uid=%u))

I tested IMAP over telnet:

$ telnet mainserv.ph.com 143 Trying 192.168.1.252... Connected to mainserv.ph.com. Escape character is '^]'.

• OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a001 LOGIN someuser password1

Two passwords are tested: for uid from ou=Mail and ou=Users. LDAP logs of searches:

slapd[1917]: filter: (&(objectClass=posixAccount)(uid=someuser)) slapd[1917]: attrs: slapd[1917]: uid slapd[1917]: userPassword slapd[1917]: uidNumber slapd[1917]: gidNumber… and etc

after this:

slapd[1917]: => access_allowed: search access to "cn=John Smith,ou=Mail,dc=ph,dc=com" "objectClass" requested slapd[1917]: => dn: [2] ou=mail,dc=ph,dc=com slapd[1917]: => acl_get: [2] matched slapd[1917]: => acl_get: [2] attr objectClass… and etc

I have some questions:

1. Why is it searches in another LDAP places, not only ou=Mail, dc=ph, dc=com?
2. It not put mailMessageStore from ou=Mail, dc=ph, dc=com. Why?
3. How disable lookup in another LDAP places exept ou=Mail, dc=ph, dc=com?

Thanks for answers.