> On 24/11/2020 13:20 Odhiambo Washington <odhiambo@gmail.com> wrote:
>
>
>
>
>
> On Sun, 22 Nov 2020 at 15:08, Odhiambo Washington <odhiambo@gmail.com> wrote:
> > Hi,
> >
> > I have setup samba4 as AD and hoping to have dovecot authenticate users against it. I am facing challenges though and I am unable to figure it out.
> > I could do with a third eye to help me spot what is wrong.
> >
> >
> >
> > root@adc0:/etc# doveadm auth test -x service=imap odhiambo@newideatest.local
> > Password:
> > passdb: odhiambo@newideatest.local auth failed
> > extra fields:
> >
> > info.log:
> >
> > Nov 22 14:31:08 auth: Info: > >
> >
> > Here is my doveconf -n:
> >
> > https://paste.ubuntu.com/p/SPmrxZxHPx/
> >
> > My dovecot-ldap.cont.ext:
> >
> > uris = ldap://localhost/
> > dn = "dovecot@newideatest.local"
> > dnpass = "XXXXXXXX"
> > sasl_bind = no
> > tls = no
> > ldap_version = 3
> > deref = never
> > scope = subtree
> > base = cn=Users,dc=NEWIDEATEST,dc=LOCAL
> > auth_bind = yes
> > user_filter = (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(|(mail=%u)(sAMAccountName=%u)(otherMailbox=%u)))
> > user_attrs = sAMAccountName=user,userPassword=password,=mail=maildir:/home/%n/Maildir/
> > pass_filter = (&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(sAMAccountName=%u))
> > pass_attrs = sAMAccountName=user,userPassword=password
> >
> > The use exists in the database:
> >
>
>
> For the record, this is what I finally came up with that worked - dovecot-ldap.conf.ext:
>
>
> ##### BEGIN
> uris = ldap://localhost/
> dn = "dovecot@newideatest.local"
> dnpass = "verystupid"
> sasl_bind = no
> tls = no
> ldap_version = 3
> deref = never
> scope = subtree
> base = cn=Users,dc=NEWIDEATEST,dc=LOCAL
> auth_bind = yes

You probably would want to set this to 'no', it causes dovecot to rebind after authentication. This is not required when you can return password

from LDAP, it is only required when you have to do first a lookup and then authenticate as the user to verify password.