On 2026-06-03 12:49, Aki Tuomi via dovecot wrote:
Small optimization: userdb ldap { ldap_base = ou=people,dc=example,dc=com fields { gid = %{ldap:gidNumber} home = %{ldap:homeDirectory} mail = %{ldap:homeDirectory}/Maildir/%{user|domain} uid = %{ldap:uidNumber} } filter = (&(objectClass=posixAccount)(uid=%{user|username})(memberOf=cn=mail,ou=%{user|domain},ou=groups,dc=example,dc=com)) }
Unfortunately that broke things.
Also I think the problem happens on LDAP connection. Can you set ldap_debug_level=9?
That was already maxed out, but yes, very useful. I love it when services have the ability to turn logging up to extremely detailed levels.
Anyway, I managed to solve the issue. Here's what I have:
ldap_auth_dn = cn=dovecot,ou=apps,dc=example,dc=com ldap_auth_dn_password = D0vec0t ldap_uris = ldapi://%2Frun%2Fldapi ldap_version = 3 passdb_ldap_bind = yes
passdb ldap-1 { driver = ldap ldap_base = ou=apps,dc=example,dc=com ldap_filter = (&(objectClass=posixAccount)(uid=%{user|username})(memberOf=cn=mail,ou=%{user|domain},ou=groups,dc=example,dc=com)) passdb_ldap_bind_userdn = cn=%{user},ou=apps,dc=example,dc=com result_success = return-ok } passdb ldap-2 { driver = ldap ldap_base = ou=people,dc=example,dc=com ldap_filter = (&(objectClass=applicationProcess)(cn=%{user})) passdb_ldap_bind_userdn = uid=%{user|username},ou=people,dc=example,dc=com result_success = return-ok }
The difference was ldap_base turned out to be a requirement.
This is valuable information IMO because the 2.4x documentation is extensive but lacking examples sometimes.