I'm trying to authenticate users using MS AD with auth_bind option. Here is my config file:
# 1.0.15: /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps ssl_cert_file: /etc/dovecot/ssl/cert.pem ssl_key_file: /etc/dovecot/ssl/key.pem disable_plaintext_auth: no verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:~/Maildir mail_debug: yes mail_plugins: acl auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot/dovecot-ldap.conf plugin: acl: vfile
content of dovecot-ldap.conf hosts = myhost:389 auth_bind = yes auth_bind_userdn = cn=%n,ou=People,dc=company,dc=com base = ou=People,dc=company,dc=com user_attrs = mailNickname=home user_filter = (&(objectClass=user)(sAMAccountName=%n)) user_global_uid = vmail user_global_gid = vmail
Using the same options I can fetch info with ldapsearch ldapsearch -h myhost -b 'dc=company,dc=com' -D 'cn=username,ou=People,dc=company,dc=com' -x -W '(&(objectClass=user)(sAMAccountName=username))'
Dovecot doesn't work with this setting, shows in log: dovecot: auth(default): ldap(username,10.131.11.147): ldap_search() failed: Operations error
Using tcpdump i found a cause of it, seems dovecot binds to AD server, then drop connection and trying to do search without bind. During sniff I see response to my ldap search - LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection
Found similar problem in maillist - without solution. http://markmail.org/message/a6pui34ewb5bd55d
Kindly asking what to do with it? :)
-- Best Regards