/etc/ldap/sldap.conf: access to attr=uid,homeDirectory,uidNumber by anonymous read
I do not have this in my configuration, and dovecot does indeed use the credential I provide to successfully query LDAP for the user based on the (mail=%u) criteria. However, it does not see the reply. The fact that it does perform the query successfully implies to me that it does not use an anonymous connection. Very puzzling.
i have no idea what dovecot is doing :-) from the log file it looks like there are 2 queries to ldap: 1. to check provided password for provided user name, 2. to find a user related information (and from what Steffen wrote this one is done with anonymous user - correct?).
[on the margin: why isn't it done in one query: get me the user related information, i am binding with provided user and with provided password. this way it would be one query for two things.]
in my case, i cannot list user related information from ldap in anonymous connection even from command line, using: ldapsearch -x -b 'ou=Users,dc=frontline' '(&(objectClass=posixAccount)(uid=wojtek))' homeDirectory
so i guess that i have to workout ldap settings for anonymous query. my /etc/ldap/slapd.conf related to access permissions is:
access to dn.children="ou=Users,dc=frontline" attrs=uid,homeDirectory,uidNumber by anonymous read access to attrs=userPassword,sambaNTPassword,sambaLMPassword by dn="cn=admin,dc=frontline" write by anonymous auth by self write by * none access to dn.children="ou=Users,dc=frontline" by dn="cn=root,ou=Users,dc=frontline" read by anonymous auth by self write access to dn.base="" by * read access to * by dn="cn=admin,dc=frontline" write by * read
maybe the problem is here... any hints please?
regards, Wojtek