[Dovecot] Configuration of dovecot 2.0.19 to authenticate users via LDAP

18 May 2014

      I am trying to get dovecot 2.0.19 authenticate users via LDAP (OpenLDAP
2.4.28) and using Wireshark to debug the process. It looks like the basic
configuration of dovecot is fine, but it doesn't pull it off to send the
right request to the LDAP server. First of all, this is how my LDAP-entries
look:
# ht
dn: dc=ht
objectClass: top
objectClass: dcObject
objectClass: organization
o: ip
dc: ht

# admin, ht
dn: cn=admin,dc=ht
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9cFY1b0ZZVUhack1aRTVvaUg1T3c2cytVWHV4aUNvaHI=

# people, ht
dn: ou=people,dc=ht
objectClass: organizationalUnit
objectClass: top
ou: people

# groups, ht
dn: ou=groups,dc=ht
objectClass: organizationalUnit
objectClass: top
ou: groups

# ipusers, groups, ht
dn: cn=ipusers,ou=groups,dc=ht
gidNumber: 500
cn: ipusers
objectClass: posixGroup
objectClass: top

# Max Mustermann, people, ht
dn: cn=Max Mustermann,ou=people,dc=ht
cn: Max Mustermann
givenName: Max
gidNumber: 500
homeDirectory: /home/users/mmustormann
sn: Mustermann
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uidNumber: 1000
uid: mmustermann
userPassword:: e01ENX1ETUYxdWNEeHRxZ3h3NW5pYVhjbVlRPT0=
loginShell: /bin/bash
mail: mustorm@test.com
Now, I use the following configuration for dovecot
(/etc/dovecot/dovecot-ldap.conf.ext)
hosts = 10.1.2.1
dn = cn=admin,dc=ht
dnpass = a
auth_bind = yes
auth_bind_userdn = uid=%u,ou=people,dc=ht
ldap_version = 3
scope = subtree
base = ou=people,dc=ht
user_attrs = homeDirectory=home,uidNumber=uid,gidNumber=gid
user_filter = (&(objectClass=posixAccount)(uid=%u))
pass_attrs = uid=user,userPassword=password
pass_filter = (&(objectClass=posixAccount)(uid=%u))
This is what I see in Wireshark: http://i.stack.imgur.com/ICzDe.png
Dovecot cannot authenticate itself for some reason...
If i change the configuration as follows:
auth_bind = no
#auth_bind_userdn = uid=%u,ou=people,dc=ht
Then I get following picture: http://i.stack.imgur.com/tb5vo.png
It doesn't pick up the setting base = ou=people,dc=ht. But what is more
crucial is that even looking at the whole tree "<ROOT>" wholeSubTree it
can't find the required entry.
I am really desperate and don't know how to make it work. Can somebody
please give me a clue how to solve this problem?

[Dovecot] Configuration of dovecot 2.0.19 to authenticate users via LDAP

Danylo Esterman