Re: Error: ldap: auth_passdb_post settings

5 Feb 2026 · *R.J. Baart Portable: +33 7 88398245*


      Wrong idea I think. The simplest thing to try is to mask the bind
password in the LDAP configuration by turning it into a
comment. Restarting Dovecot immediately shows in the log files that the
password is missing.
auth-worker(154994): Error: ldap(ldap://localhost:389): binding
failed (dn cn=xxx,ou=xxx,dc=xxx,dc=xx): Server is unwilling to
perform, unauthenticated bind (DN with no password) disallowed
Op 5-2-2026 om 11:31 schreef Aki Tuomi via dovecot:
...
...
On 05/02/2026 11:56 EET Ruud Baart via dovecot<dovecot@dovecot.org> wrote:
I think you're pointing me in the right direction. I copied the LDAP
configuration from version 2.3 to 2.4 and modified it, but perhaps I
modified the bind section not correctly. If so, it probably works
because an anonymous bind provides the requested data. In that case I
need to rethink my access rules in the LDAP.
What if have:
ldap_uris =ldap://localhost
ldap_auth_dn = cn=xxxx,ou=xxxx,dc=abc,dc=xy
ldap_auth_dn_password = secret
ldap_base = ou=xxx,dc=xxx,dc=xx
passdb ldap {...}
userdb ldap {....}
And looking at the documentation now, perhaps it should be:
dict_server {
dict ldap {
<not related to authentication at all>
...
  }
}
passdb ldap {...}
userdb ldap {....}
--
Cordialement,
*R.J. Baart
Portable: +33 7 88398245*
Wrong idea I think. The simplest thing to try is to mask the bind password
in the LDAP configuration by turning it into a comment. Restarting Dovecot
immediately shows in the log files that the password is missing.
 auth-worker(154994): Error: ldap([1]ldap://localhost:389): binding
 failed (dn cn=xxx,ou=xxx,dc=xxx,dc=xx): Server is unwilling to perform,
 unauthenticated bind (DN with no password) disallowed
Op 5-2-2026 om 11:31 schreef Aki Tuomi via dovecot:
On 05/02/2026 11:56 EET Ruud Baart via dovecot [2]<dovecot@dovecot.org> wrote:
I think you're pointing me in the right direction. I copied the LDAP
configuration from version 2.3 to 2.4 and modified it, but perhaps I
modified the bind section not correctly. If so, it probably works
because an anonymous bind provides the requested data. In that case I
need to rethink my access rules in the LDAP.
What if have:
ldap_uris = [3]ldap://localhost
ldap_auth_dn = cn=xxxx,ou=xxxx,dc=abc,dc=xy
ldap_auth_dn_password = secret
ldap_base = ou=xxx,dc=xxx,dc=xx
passdb ldap {...}
userdb ldap {....}
And looking at the documentation now, perhaps it should be:
dict_server {
dict ldap {
<not related to authentication at all>
}
}
passdb ldap {...}
userdb ldap {....}
--
Cordialement,
R.J. Baart
Portable: +33 7 88398245
References
Visible links

file:///tmp/tmpxzbozumb/ldap:/localhost:389
mailto:dovecot@dovecot.org
file:///tmp/tmpxzbozumb/ldap:/localhost