-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 8 Apr 2008, Jack McKinney wrote:
hosts = ldap.lrtz dn = cn=varmail,ou=users,dc=lorentz,dc=com dnpass = ********* ldap_version = 3 auth_bind = yes pass_filter = (&(objectClass=inetOrgPerson)(mail=%Lu)) base = ou=users, dc=%Dd scope = onelevel
Your configuration looks bad:
You use auth_bind, but the displayed LDAP item does not contain no "userPassword" attribute and you've specified "dn", not necessary for auth_bind's. And you have no pass_attrs config.
I guess the first step is to set auth_bind = no and add the password attribute to the user.
Or keep the auth_bind = yes and add a userPassword attribute to the user, so each user can bind itself to his/her LDAP item.
Wiki: http://wiki.dovecot.org/AuthDatabase/LDAP
The OpenLDAP log shows that the query is received and that itreturns a match:
Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH base="ou=users,dc=lorentz,dc=com" scope=1 deref=0 filter="(&(objectClass=inetOrgPerson)(mail=jackmc@lorentz.com))" Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SRCH attr=uid Apr 3 08:13:30 fourier slapd[14039]: conn=7 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Well, does nentries=1 really indicates one _match_ or just one returned item/packet? If I use ldapsearch -x uid=nonexisting , I get: "# numResponses: 1" in the last line, but no hit. You also see that the search is attr=uid, why?
I do _not_ know why Dovecot just hangs, this is probably a bug due to the configuration glitches.
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH/xFeVJMDrex4hCIRAq1TAJ9MVpxpDnAmNgDp7y3MO1tIcE6zhQCeMMe4 GQ5xrufcilvadYYiyaJvvCI= =IgtW -----END PGP SIGNATURE-----