Hi All,
I am trying to setup AD auth with dovecot and have tried a lot of options but still no success.
I am using a bind account for AD authentication and the users are not posix accounts. I am not using the ssl cert as its not available, so disabling it. I have used the similar settings with saslauthd+postfix and it worked, not sure what am I doing wrong with configurations..
My configuration is as follows:
# dovecot --version 2.3.16 (7e2e900c1a) # dovecot -n # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf # OS: Linux 5.14.0-474.el9.x86_64 x86_64 CentOS Stream release 9 # Hostname: mail-centos.example.com auth_mechanisms = plain login first_valid_uid = 1000 listen = * mail_location = maildir:~/Maildir mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service pop3-login { process_limit = 500 } service submission-login { inet_listener submission { port = 587 } } ssl_cert = </etc/ssl/example.com/server.pem ssl_cipher_list = PROFILE=SYSTEM ssl_key = # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap }
# cat /etc/dovecot/dovecot-ldap.conf.ext uris = ldaps://10.1.85.11 dn = CN=s_linux_bind,OU=Global,OU=Services,OU=Accounts,OU=root,DC=example,DC=com dnpass = xxxxx auth_bind = yes tls_require_cert = never debug_level = 1 ldap_version = 3 base = dc=example,dc=com scope = subtree deref = never user_filter = (&(objectClass=user)(sAMAccountName=%u))
Error logs: dovecot[6600]: auth: Error: ** ld 0x556695138d90 Outstanding Requests: dovecot[6600]: auth: Error: * msgid 2, origid 2, status RequestCompleted dovecot[6600]: auth: Error: outstanding referrals 2, parent count 2 dovecot[6600]: auth: Error: * msgid 3, origid 2, status InProgress dovecot[6600]: auth: Error: outstanding referrals 0, parent count 2 dovecot[6600]: auth: Error: * msgid 5, origid 2, status InProgress dovecot[6600]: auth: Error: outstanding referrals 0, parent count 1 dovecot[6600]: auth: Error: ld 0x556695138d90 request count 3 (abandoned 0) dovecot[6600]: auth: Error: ** ld 0x556695138d90 Response Queue: dovecot[6600]: auth: Error: Empty dovecot[6600]: auth: Error: ld 0x556695138d90 response count 0 dovecot[6600]: auth: Error: ldap_chkResponseList ld 0x556695138d90 msgid -1 all 0 dovecot[6600]: auth: Error: ldap_chkResponseList returns ld 0x556695138d90 NULL dovecot[6600]: auth: Error: ldap_int_select postfix/submission/smtpd[6602]: warning: unknown[10.1.70.75]: SASL LOGIN authentication failed: Connection lost to authentication server postfix/submission/smtpd[6602]: disconnect from unknown[10.1.70.75] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5
Attaching the detailed error logs.
saslauthd settings which worked: # cat /etc/saslauthd.conf ldap_servers: ldaps://10.1.85.11 ldap_search_base: dc=wtg,dc=zone ldap_filter: (sAMAccountName=%u) ldap_bind_dn: CN=s_linux_bind,OU=Global,OU=Services,OU=Accounts,OU=root,DC=example,DC=com ldap_password: xxxx ldap_tls_reqcert: never
Regards, Sandeep