dn: dovecot needs a dn with which to search the database to find the user's DN based on their email. This is done with an anonymous connection,
Hmmm... wish the docs mentioned that. It means that I need to set up LDAP to allow anonymous searches for the mail field. Odd...
is this true? does it mean that i should have something like this in /etc/ldap/sldap.conf: access to attr=uid,homeDirectory,uidNumber by anonymous read
still it does not work and i have in log files:
dovecot: auth(default): ldap(wojtek,192.168.0.200): user search: base=ou=Users,dc=frontline scope=subtree filter=(&(objectClass=posixAccount)(uid=wojtek)) fields=homeDirectory,uidNumber dovecot: auth(default): ldap(wojtek,192.168.0.200): Authenticated user not found dovecot: auth(default): userdb(wojtek,192.168.0.200): user not found from userdb dovecot: auth(default): master out: NOTFOUND^I4
to be honest i do not know how to make ldap searchable for anonymous user. i have tried several options and it does not work.
Yeah, it works in my setup :-)
Can you supply your config?!
yes. could you please send config please both dovecot (/etc/dovecot/dovecot*.conf) and openldap (/etc/ldap/*.conf)
Did you sniffed the LDAP connection already?
Only indirectly through the LDAP logs, which shows that a response is indeed sent by the LDAP server.
how would you recommend to sniff?
interesting thing. i also changed auth_bind to no dn and dnpass supplied and it does not work. looks like dovecot still tries to bind to ldap using anonymous user.
cheers, Wojtek