With postfix using virtual_mailbox_maps through the same ldap backend, I can make subtree searchs in the Active Directory without problems.
Any ideas?
I really need this information and appreciate any help or new ideas!
Thanks Bruno.
---------- Forwarded message ---------- From: Bruno Puga brpuga@gmail.com Date: Jun 12, 2007 6:04 PM Subject: LDAP subtree search on AD To: dovecot@dovecot.org
Hello people!
I'm new to the list and to dovecot too. In advance I'd like to thank everybody who could help me, and I'll be very glad if a could help somebody here. I'm working in a project to integrate dovecot and active directory authentication for 2 weeks without total success. I've tried so many ways to solve my problem, but no one gave me the right answer. I'll appreciate if someone could help me. First off all let me show some needed data.
Distro: Debian Etch
dovecot --version 1.0.0
dovecot -n # /etc/dovecot/dovecot.conf base_dir: /var/run/dovecot/ log_path: /var/log/dovecot-imapd.log log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap disable_plaintext_auth: no login_dir: /var/run/dovecot//login login_executable: /usr/lib/dovecot/imap-login mail_debug: yes imap_client_workarounds: outlook-idle delay-newmail auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam args: dovecot userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf socket: type: listen client: master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail
/etc/dovecot/dovecot-ldap.conf
hosts = 192.168.0.11 dn = cn=dovecot,cn=Users,dc=tecnicopias01,dc=com,dc=br dnpass = password ldap_version = 3 auth_bind = yes base = DC=tecnicopias01,DC=com,DC=br deref = never scope = subtree user_attrs = info=mail user_filter = (&(objectClass=organizationalPerson)(sAMAccountName=%u)) user_global_uid = 5000 user_global_gid = 5000
I can authenticate using pam+krb5 with success, but when I try to make a userdb search to get maillocation for the authenticated user, I get in trouble. The ldap_search doesn't make subtree search, making only onelevel search. So, if I point the base directive (/etc/dovecot/dovecot- ldap.conf) to where the user that is authenticating in that moment is, I can perfect login and get the maillocation.
My question is: Why dovecot doesn't make ldap subtree search? Or, am I missing anything?
Thanks Bruno.