Hi,
On 11.07.24 03:34, hkhk_exact10 via dovecot wrote:
I am using a bind account for AD authentication and the users are not posix accounts. I am not using the ssl cert as its not available, so disabling it. I have used the similar settings with saslauthd+postfix and it worked, not sure what am I doing wrong with configurations..
My configuration is as follows:
# cat /etc/dovecot/dovecot-ldap.conf.ext uris = ldaps://10.1.85.11 dn = CN=s_linux_bind,OU=Global,OU=Services,OU=Accounts,OU=root,DC=example,DC=com dnpass = xxxxx auth_bind = yes tls_require_cert = never debug_level = 1 ldap_version = 3 base = dc=example,dc=com scope = subtree deref = never user_filter = (&(objectClass=user)(sAMAccountName=%u))
Just a quick look (probably not the only issue but a start)
- maybe a missing
pass_filter = (&(objectClass=user)(sAMAccountName=%u))
? See https://doc.dovecot.org/configuration_manual/authentication/ldap_settings_au... and https://doc.dovecot.org/configuration_manual/authentication/ldap_settings_au...
- dn = <linebreak> comes from mail formatting? If not, strip it: dn = CN=[...]
-- Regards, Andreas Haerter
foundata GmbH Steinhäuserstr. 20 76135 Karlsruhe
Sitz der Gesellschaft: Karlsruhe Registergericht: Amtsgericht Mannheim, HRB 714807 Geschäftsführung: Andreas Haerter USt-IdNr.: DE284122682